British Airways violates GDPR with Social Media Mistakes

July 25, 2018


British Airways was found to be violating the EU’s new General Data Protection Regulation (GDPR) previous week after a safety scientist found that the airline’s social media group was requesting that clients send their private details freely on Twitter if they desired to have their grievances tackled.

The safety scientist who found the GDPR violation, Mr. Mustafa Al-Bassam, saw that British Airways needed their clients to send private detail in order to ‘abide by GDPR’.

Mr. Al-Bassam, who sent a letter online, said “Note that although your secrecy policy says that you might disclose my private information with third-party marketing organizations, you should still ask for approval clearly (Article 7 of GDPR states). If the data subject’s approval is given in the background of a written announcement which also relates other matters, the request for approval shall be offered in a way which is clearly different from the other matters, in an understandable and easily reachable shape, using obvious and simple language’. I don’t remember being requested for approval for you to share my data with third parties in an obviously different way.”

He also noticed that British Airways has been employing the use of following cookies in a web browser to collect private information which it then shares with third-party websites. Moreover, online check-in was just being allowed when Ad-blocker software was deactivated on a passenger’s internet browser. Through his Twitter account, he alleged: “The plot thickens. British Airways only allows you check-in online after you deactivate your ad blocker so that they can disclose your booking particulars to tons of third-party promoters and followers, including LinkedIn, Twitter, and Google DoubleClick.”

Replying to the GDPR violation British Airways mentioned its rule for customer communication on social media: “We take our duty to safeguard our customers’ particulars very earnestly. We’d never ask clients to send private information openly. When a sincere mistake is made, we will always go back to the client to explain this. Our social media associates look after about 2,000 inquiries a day, and similar to all customer service groups we are always cautious to prove that we are speaking to the right individual before making any alterations to their booking.”

This might prove to be an even larger problem for British Airways if it fails to tackle the mistakes as any group or firm is violating GDPR it faces a £20m penalty or 4% of yearly international income, whichever figure is higher.