American Airlines tracks your browsing behavior across devices and browsers, links that data to your personal identity, and uses it to show you targeted ads both on its own website and on other websites you visit.
This analysis describes what American Airlines's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Cross-device behavioral advertising means your online activity on aa.com can follow you to unrelated third-party websites, and when combined with your personal identity data, creates a detailed profile of your interests and travel intentions.
Your browsing activity on aa.com, including flights you viewed but did not book, may be linked to your personal identity and used to serve you targeted advertising across other websites and devices without additional action on your part.
How other platforms handle this
We and our service providers may use cookies, web beacons, pixel tags, and other tracking technologies to collect information about your browsing behavior, device type, IP address, and interactions with our website and advertisements.
We use cookies and similar tracking technologies to track the activity on our websites and services and store certain information. Tracking technologies used include beacons, tags, and scripts to collect and track information and to improve and analyze our services. You can instruct your browser to ...
We use cookies, web beacons, pixel tags, and other tracking technologies to collect information about your use of our Services. This information may include your IP address, browser type, operating system, referring URLs, and information about how you interact with our Services.
Monitoring
American Airlines has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"American gets this information by using technologies, including cookies, web beacons, and mobile device geolocation to provide and improve our Interactive Services and advertising, including across browsers and devices (also known as cross-device linking). This technical information may be combined with information that is personally identifiable in order to personalize our Interactive Services and advertising to your interests, including across browsers and devices. For example, if you spend time reviewing a particular flight or destination but do not complete a travel reservation, we may use this information to show you targeted advertising about similar flights or destinations on our Interactive Services or on third-party websites.— Excerpt from American Airlines's American Airlines Privacy Policy
REGULATORY LANDSCAPE: Cross-device tracking for behavioral advertising engages GDPR Article 6 (lawful basis for processing) and the ePrivacy Directive (cookie consent requirements) for EU/EEA users. Under CPRA, sharing personal information with advertising technology partners for cross-context behavioral advertising constitutes a regulated data use requiring opt-out rights regardless of whether data is sold. The FTC's guidance on online behavioral advertising and its unfairness and deception authority are also relevant. State consumer protection laws in California, Colorado, Connecticut, Virginia, and other states with comprehensive privacy laws impose opt-out requirements for targeted advertising. GOVERNANCE EXPOSURE: Medium. The policy discloses the practice clearly and references a cookie consent mechanism, but does not enumerate all third-party advertising partners or detail the scope of cross-device data linkage, which may limit the specificity of required disclosures under CPRA and GDPR. The combination of personally identifiable information with behavioral tracking data is a materially broader practice than cookie-only advertising. JURISDICTION FLAGS: California presents the highest exposure under CPRA's requirement for a conspicuous opt-out of sharing for cross-context behavioral advertising. EU/EEA users are protected by the ePrivacy Directive's consent requirements for non-essential cookies. Colorado, Connecticut, Virginia, Texas, and other states with comprehensive privacy laws also require opt-out mechanisms for targeted advertising. CONTRACT AND VENDOR IMPLICATIONS: Advertising technology vendors and data management platform providers that receive behavioral data from aa.com should be assessed under data processing agreements that comply with CPRA and GDPR requirements. The scope of data shared with these vendors for cross-device linking purposes should be documented and audited against stated policy disclosures. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that the cookie consent banner and opt-out mechanisms on aa.com honor global privacy control signals where required by state law, that third-party advertising vendor contracts include required data processing terms, and that the combination of personally identifiable data with behavioral tracking data is accurately described in CPRA data sharing disclosures.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Cross-device behavioral advertising means your online activity on aa.com can follow you to unrelated third-party websites, and when combined with your personal identity data, creates a detailed profile of your interests and travel intentions.
Your browsing activity on aa.com, including flights you viewed but did not book, may be linked to your personal identity and used to serve you targeted advertising across other websites and devices without additional action on your part.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by American Airlines.