GDPR compliance and infosec top of mind as Thales personalizes IFEC

SmartSky - Finally WifI that Wows

Thales Inflyt Experience is among the most vocal companies in the PaxEx space discussing the need for robust cybersecurity on board aircraft. The security of data “is at the forefront of our investments and developments”, noted outgoing CEO Dominique Giannoni in a recent interview with Runway Girl Network. But with the EU’s sweeping General Data Protection Regulation (GDPR) in effect since 25 May, the inflight entertainment (IFE) and connectivity unit of the Thales Group has further strengthened its commitment to securing passenger data.

“We have been working on GDPR compliance for more than a year so our systems are GDPR compliant,” confirmed Giannoni. This means Thales Inflyt Experience is able to demonstrate that it knows where and how long passenger data is stored. And it can support an individual’s right to access their full record and have all personal data deleted. “It’s not only a technical solution but a process and a service, and again this requires investment,” said Giannoni.

Thales Inflyt Experience’s IFE and connectivity systems, which connect more than 1 million airline passengers each day around the globe, “are actually processing more and more personalized data because the requests we get from airlines and participating needs from passengers is they want a personalized experience, and for this you need to have access to data that identifies people to a certain extent. And this is where we can offer end-to-end personalized experience compliance [for] all aspects of GDPR,” assured Giannoni.

Given that the Thales Group as a whole is a global leader in cybersecurity products and services, with over 1,500 cybersecurity experts on staff, Thales Inflyt Experience has been leveraging the work of its colleagues “to improve, constantly, our cybersecurity” on board aircraft. “In Thales we have a significant business on cybersecurity so whenever it comes to being compliant with this kind of regulation [GDPR], we are taking it very seriously,” said Giannoni. “We believe that the aircraft is not an isolated island where people do cybersecurity differently than they do elsewhere.”

He added:

So for this [passenger data], what we have set up in Orlando, Florida is a security operation center, which is dedicated to our IFE and connectivity business, to monitor and react … We leverage what the Group is doing in cybersecurity, in securing financial transactions, and I do believe this is now a basic requirement, that the system is not only reliable but also cyber-secure and obviously now we have to be compliant with GDPR.

Going forward, Giannoni will not be overseeing Thales Inflyt Experience. After five “very intense and very interesting years” as CEO of the unit, he is assuming a new leadership role within Thales.

Replacing Giannoni as CEO on 1 August is long-time Thales executive Philippe Carette, who is tasked with driving strategic corporate transformation initiatives within the business “to spur greater competitiveness and long-term market leadership”, according to a Thales statement.


Added the statement: “[Carette] will also steer the digitalization of the connectivity and entertainment systems portfolio to deliver unique value to airline customers in a rapidly evolving cabin environment. This includes the recently introduced InFlyt 360 digital platform, which allows airlines to continuously improve the passenger experience with features such as personalization, monetization, fresh and dynamic content and optimized engagement.”

InFlyt 360 is billed as incorporating the latest in big data technologies and machine learning to continuously optimize PaxEx, while providing airlines an ecosystem customizable to their business goals and their brand. For instance, movies will be recommended based on passengers’ preferences, and they can shop or book a hotel mid-flight depending on whether they are flying for leisure or business. Targeted advertising is also part of the value proposition for airlines.

But given this fresh push for personalization of the passenger experience, security will remain an ever-present priority for Thales Inflyt Experience with Carette at the helm.

As Giannoni described it, infosec is “a never-ending story” of improvements and investment.

For consent to be valid under GDPR, a customer must actively confirm their consent via a clear, affirmative action. Thales will need to address opt-in protocol when rolling out InFlyt 360. The example shown here, wherein a young boy’s user experience is tailored specifically for him, would require parental consent. Image: Thales Inflyt Experience

Related Articles: