British Airways asked customers to post personal information on Twitter ‘to comply with GDPR’
Complaining about airlines on Twitter is a universal pastime for disgruntled travelers, and yet somehow British Airways has managed to turn the activity into a data privacy debacle of its own doing. Security researcher and PhD student Mustafa Al-Bassam discovered yesterday that the airline’s social media team was demanding customers post a trove of personal information publicly on Twitter, so it could help investigate customer service claims. That included passport numbers, full addresses, and other sensitive info, as reported earlier today by TechCrunch.
Even weirder: the airline kept insisting this was to “comply with GDPR,” which is the General Data Protection Regulation. It’s the EU’s new widespread consumer privacy law designed to keep companies from collecting and selling personal information of internet users without their consent. So it doesn’t make much sense why British Airways would require customers post their personal information on Twitter for all to see just to get assistance about a missed or delayed flight.
Al-Bassam notes how, after some users complained about the airline’s bizarrely worded request, it began altering its replies to say that customers should DM them the info instead. Granted, GDPR is an 88-page, 56,000-word law that is quite complex and confusing. It also just went into effect on May 25th and many companies have struggled with compliance. Still, there’s nothing about GDPR that should imply it involves asking people to post personal information to Twitter.
Making matters worse for British Airways, Al-Bassam was only looking into the company’s Twitter activity because he discovered he couldn’t check in for his flight — to a security conference no less — without disabling his ad blocker. It turns out British Airways uses tracking cookies when you check into flights on a web browser that then sends your personal information to third-party sites.
As he notes, without proper consent, this is a violation of GDPR, the same GDPR that British Airways’ social media team thinks it’s complying with by asking people to post personal information on Twitter. After a frustrating back-and-forth with various members of the British Airways team about why there was no consent form or opt-out mechanism, Al-Bassam submitted a complaint to the airline, reposted here, voicing his concerns. He also outlined his plans to submit a more formal GDPR complaint with the UK’s Information Commissioner’s Office within 30 days if the company doesn’t remedy the issue with its web check-in process and ad-tracking practices.
Now, while it’s well understood that GDPR is confusing and takes some time to parse, it seems like there’s a more profound misunderstanding going on over at British Airways.
Source: theverge
Latest Jobs
-
- Cyber Channel Manager
- London
- Up to £150,000 OTE
-
Cyber Channel Manager, South East, Cyber Vendor £150,000 OTE Cyber Channel Manager needed to establish (build upon existing), expand and then enable a sales channel for a Cyber Vendor. Current experience in building / onboarding channel partner (MSSP, Reseller, Integrator, etc) is essential, as is experience in enabling channel partners sales. (training, awareness, training, sales strategies etc). This is a key and strategic hire for the business. Must be commutable to the Reading / London area. All details kept in confidence.
-
- Cloud Presales Consultant
- London
- Up to £90,000 + OTE
-
Cloud Presales Consultant London Up to £90,000 Base + OTE A Cloud Presales Consultant is needed to join a London based over achieving business who are leading the way with innovations in Cloud engineering. The Cloud Presales Consultant will responsible for providing technical support to the sales team. The Cloud Presales Consultant must have current experience designing and presenting cloud and other IT infrastructure solutions to high end enterprise clients. Other responsibilities include; responding to RFIs & RFPs, understanding customer requirements, high level network architecture & design and technical handover to implementation teams. Requirements Current experience within a Presales / Solutions Consultant role Technical knowledge and experience with IT Infrastructure and cloud solutions such as Azure, AWS, Office 365, GCP etc Currently/Recently working for an IT Services business’s consulting to enterprise (FTSE250) clients.
-
- Cyber Incident Response Consultant, Italy
- Italy
- Up to €60,000
-
Cyber Incident Response Consultant, Italy Up to €60,000 Cyber Incident Response Consultant is needed to join a global consultancy whose cyber business unit are continuing to their investment in the growth of their team. The Cyber Incident Response Consultant role is client facing that will join an award-winning team that deliver varied, interesting and often challenging work to a wide range of prestigious clients. The Cyber Incident Response Consultant MUST have current experience taking a client through the complete IR / triage process and have a blend of both technical and commercial (identifying and developing new business opportunities within a client) Proactive Incident response, forensics and eDiscovery experience is a MUST. The Cyber Incident Response Consultant must be happy to travel. Key attributes should also include; stakeholder engagement, mentoring of team members, a collaborative working style. Technical experience must include; demonstrable experience within an cyber incident response, Forensic, cyber etc. Additional certifications could / should include GIAC certified (Intrusion analyst, incident handler, forensic handler) Any of the following are very desirable also CREST Certified Network Intrusion Analyst (CCNIA) CREST Certified Host Intrusion Analyst (CCHIA) CREST Certified Malware Reverse Engineer (CCMRE) CREST Practitioner Intrusion Analyst (CPIA) Career development and the opportunity to influence, apply today for more information.
-
- Data Consultant
- London
- Up to £90,000 Base
-
Data Consultant Location: London Salary: Up to £90,000 basic DD7692 A leading Google Cloud Platform (GCP) Provider who is looking for a Data Consultant, based in London. Experience with GCP or other similar platforms (AWS, AZURE etc), experience with GCP technologies as well as experience with Machine Learning, Data Mining and Data Analytics. The Data Consultant will be responsible for design solutions for customers and providing technical knowledge in customer meetings. Ideally, the Data Consultant will have experience transforming the way companies work by building company-centric solutions on the Google Cloud Platform or similar cloud platforms. Our client is a Premier Google Cloud Partner, offering an exciting opportunity to work with innovative technology whilst giving you the chance to grow and develop your career. You will have the opportunity to benefit from a number of training courses at several Google locations.