Has British Airways properly understood the new privacy law?
The new privacy legislation, GDRP has put companies in focus. After all, nobody wants to run the risk of sky-high fines for not complying with the privacy law. At British Airways they do have a very special conception about ‘compliance’ with the new law.
British Airways GDRP
A PhD student discovered that the social media team publicly asked travelers for personal information on Twitter. And they told us that this was necessary for compliance with the GDRP. They asked for personal details, such as passport number and addresses. What a paradox?
Since the GDRP was created precisely to prevent companies from collecting and passing on personal data without permission, this is not a convenient action from the airline. The purpose of British Airways was to inform travelers about delayed or canceled flights and claims.
The British Airways Twitter team then changed their answers. They asked travelers to send the personal information via a Direct Message.
Cookies
It gets even more interesting. The PhD student, Al-Bassam, discovered this after he first made another discovery about the privacy compliance of British Airways. He could not check in for his flight if his adblocker was not activated. It appears that British Airways uses tracking cookies when you check in for a flight on the website. This information is then sent to third parties. This is a violation of the GDRP law. The PhD student has filed a complaint with the airline. He also indicated that he will file an official complaint if the airline does not solve the issue with the cookies.