According to IATA, in order to reduce repetitive identity checks and create a seamless flow, its One ID concept seeks to introduce a robust, integrated identity management across the end-to-end passenger process that allows an individual to assert their identity online or in person. This should be done to the required level at every process step while maintaining the privacy of personal data.
Annet Steenbergen, Chair of the IATA Facilitation Working Group, spoke at Airport IT & Security 2019 on this topic, and in 2017 wrote that “One ID aims to establish a trust framework between airport ecosystems to form a foundation for a dependable digital identity, including biometrics to be shared between stakeholders on a need-to-know and allowed-to-know basis. But how can such a trust framework with so many stakeholders be created?”
With the topic of biometrics in airports becoming more and more popular, and the age of the digital airport being closer than ever, we caught up with Steenbergen to discuss how, or if, the One ID concept is progressing.
“We are getting a clearer picture of what we will need in order to have One ID or an envelope of information that travels with you, not just in one airport but connecting in another. We have that because there are quite a number of airports and governments and airlines that are working on these kinds of projects, and we have learned from that.
“Everybody is now realising that, if we invest, we should invest in something that is ready for the future to scale and to connect. Which is crucial. So we’re seeing that we will need to have governments on board.
“Anything cross border involves the government. So your passport is still very important. The digital version of that. We will need to share data but in a way that is transparent and creates trust.”
The concept of establishing a digital identity for passengers to create a seamless flow of passengers is obviously ideal for both airport and passenger. However, when discussing a digital identity, the inevitable topic of data security has to be addressed.
“Privacy by design is absolutely crucial because if you don’t do that from the onset of any IT project, you will never be able to change it. If you do that, you can register consent. I think consent is very important. Because if you are consensual, you are gaining trust, you’re telling your passenger ‘I need this data from you. If you give it to me, I will do this and this with it and then I will delete it. Are you okay with this?’ That is extremely important because this will go across cultures and different legal systems.
“Everybody wants to have their data, and especially biometric data, handled in a trusted way, and obviously data protection is extremely important.
“But trust is also extremely important. I need to trust that if I give that data and you’re using it, that you are deleting it when you said you would and that you are only giving the data to the stakeholders that need to have it and are authorised to have it.”
But the situation on data privacy and who owns data in Europe has changed since 2017 when Steenbergen wrote her original article. As of May 2018, the EU entered into the application of the General Data Protection Regulation (GDPR), in which there is one set of data protection rules for all companies operating in the EU, wherever they are based.
The aim of this was so people have more control over their personal data and businesses can benefit from a level playing field.
“GDPR is a great benchmark because it is also privacy by design and every European airline needs to adhere to it. If you handle data, especially very sensitive data of people living in the European Union, you are required to be GDPR compliant. Which is good because it will help you create that trust”…
