Italy’s data protection authority has fined Emirates €180,000 (about $208,890) for mishandling sensitive passenger data, raising fresh concerns about privacy standards in the airline industry, according to The News.
The penalty centers on how the airline handled health information from passengers with reduced mobility. According to the regulator, Emirates failed to provide clear and complete information about how such data was collected and used, both on its website and through staff assisting travelers.
The case began with a complaint from a passenger who said she was asked to fill out a medical form despite not falling into a category that required it. While the authority found that collecting health data can be justified to ensure passenger safety and proper assistance, it ruled that Emirates did not meet transparency requirements.
Investigators also found that the airline stored passenger health data for up to seven years, a period the authority described as excessive and disproportionate.
The ruling highlights growing scrutiny over how companies handle sensitive personal information, especially in sectors like aviation where data collection is often tied to safety procedures.
Emirates has not yet publicly responded to the fine.
The decision serves as a reminder that even when data collection is lawful, companies must clearly explain their practices and limit how long they keep personal information. For regulators, transparency and accountability remain at the core of protecting passenger rights in an increasingly data-driven world.
