Please note that all submissions to the site are subject to the wiki's licence, CC 4.0 BY-SA, as found here

AirAsia

From Consumer Action Taskforce
Revision as of 09:48, 17 January 2025 by Mingyee (talk | contribs) (Copy editing)
Jump to navigationJump to search

AirAsia is a budget airline based in Malaysia. In 2007, The New York Times described AirAsia as a pioneer of low-cost travel in Asia. As of January 2025, they serve Asia, the Middle East, and Australia.

Summary (TLDR)

AirAsia secretly and forcefully subscribes any user who creates or links an account with them to 23 different types of spam ("AirAsia communications") .

  1. Users are neither made aware of this fact nor presented with the option to opt out.
  2. Normally companies bury opt-in text within their terms and conditions, but even the AirAsia privacy terms page is vague about this.
  3. Unsubscribing from AirAsia's spam is an 8-step process where users have to log into their account.

Non-consensual opt-in to AirAsia marketing spam

AirAsia sign up dialog that pops up after you select a flight to book. Multiple sign up/easy sign in options are pushed with large, colored icons while the no sign up option is presented as a small "Continue as guest" in plain text at the bottom.
AirAsia sign up page with no notification to users that they will be automatically opted in to receiving "informational" and marketing emails from 23 different AirAsia sources and no ability for user to opt out directly at sign up.
AirAsia Notification Preferences page showing 23 different sources of promotional emails that every user is automatically opted into upon creation of an AirAsia account

AirAsia secretly and automatically forces users to opt in to 23 different types of promotional and marketing emails (referred to as "communications") when they create or link an account.

  1. When booking a flight with AirAsia, a popup dialog appears that pushes users to sign in, or create or link an account. The sign-up and and sign-in options are pushed with large font sizes and prominent, colored icons.
  2. Clicking on an unsubscribe link in an email brings users to this page. AirAsia forces users to log in before they can unsubscribe.
    The option to book a flight is presented as a small, plain-text link "Continue as guest" at the bottom of the popup dialog. (SEE IMAGE 1)
  3. During sign-up or log-in, users are not made aware that they will automatically be opted in to receiving spam "communication" emails from AirAsia. They are also forced into opting in by default, with no ability to opt out directly on the same page.
  4. Typically companies sneak promotional and marketing email opt in into their terms of service or Privacy Terms page, but on the AirAsia Privacy Statement page[1], they are still extremely vague about the fact they are opting users into their spam, automatically, forcefully, and unknowingly. The terms therein that refer to promotional material are:
    1. "The information may be used to provide you with location-based services such as search results and marketing content." ("Information collection" section[2])
    2. "AirAsia and AirAsia Group of Companies who have access to this Personal Information with our permission and who need to know or have access to this Personal Information in order to: perform the service requested by you (including to make, administer, and manage reservations or handle payments, "single sign-on", and customer service); analyze how you use this Website and other websites belonging to AirAsia or AirAsia Group of Companies, improve and provide new and personalized offers, products and services, and marketing, for purposes of research, analytics, to develop and improve any existing and future products or services offered by us, to explore further potential initiatives, to optimise research, improve our forecasting abilities, and for other business purposes of AirAsia or AirAsia Group of Companies; detect, prevent, and investigate fraudulent transactions and/or activities, other illegal activities, and data breaches; internal (audit/compliance) investigations; or as otherwise required or permitted by applicable law." ("Use of information collected" section[3])
    3. We may share your Personal Information to: data analytics, marketing agency, third party suppliers of products and services, business partners or service providers, parties which have business or contractual dealings with AirAsia and the AirAsia Group of Companies, and other third party who is able to demonstrate that you have explicitly consented to the disclosure of your Personal Information by us to such third party (collectively known as “Authorised Third Party”) ("Sharing of Information Collected" section[4])
  5. The same Privacy Statement does provide steps to "Manage your marketing communications"[5], which is a 3-step process assuming the user does this after creating their account and/or booking their flight. The steps highlighted on that page are:
    1. Click on Account (your name with the user icon in the upper right side of the page)
    2. Click on My Account
    3. Click on Notifications Preferences
  6. However, since users are not made aware that they will be opted into a barrage of spam emails, they would not be aware or have reason to go into "Notification Preferences" immediately after account creation/booking.
  7. Since most users will learn about the spam later, the unsubscribe process is in reality an 8-step process that takes eight clicks instead of the three suggested by AirAsia's Privacy Statement page (see below).

Multi-step friction to unsubscribe from AirAsia marketing spam

Since most users will learn about the spam later, the unsubscribe process is in reality an 8-step process that takes eight clicks and user login, instead of the three suggested by AirAsia's Privacy Statement page:

  1. User clicks on unsubscribe button at bottom of AirAsia promotional email.
  2. Instead of directly unsubscribing the user or bringing them to an unsubscribe confirmation page, users are instead linked to their account "Notification Preferences" page where they have to log in.
  3. After entering their log-in details, users have to also input a one-time password. This step takes at least five additional clicks, where the user has to:
    1. Click on their email tab or client (assuming they have it opened)
    2. Click on the AirAsia OTP email (if they do not receive it immediately, refreshing may incur additional clicks)
    3. Copy or remember the OTP, and click back to the AirAsia login tab
    4. Paste the OTP into the form
    5. Click continue
  4. User is now on their Notification Preferences page where they get to see the 23 different types of AirAsia spam they never knew they opted into. Assuming they never wanted and don't want to continue receiving any of these spam emails, they would click on "Pause all emails".
  5. User also has to click on "Pause all communications" if they wanted to stop spam from coming in through push notifications and WhatsApp.
    1. Another dark pattern here from AirAsia is "Pause all communications", which implies the user would stop receiving any communications whatsoever. Users would typically want their booking emails, travel itinerary, etc., so they would not think of selecting this option.
    2. The fine print above this button says, "Your account activities, transactional updates, payment updates, booking and delivery information are compulsory", meaning such emails will be delivered in any case and "communications" in "Pause all communications" really refers to promotional and marketing spam.

References