British Airways asked customers to post personal information on Twitter ‘to comply with GDPR’
Complaining about airlines on Twitter is a universal pastime for disgruntled travelers, and yet somehow British Airways has managed to turn the activity into a data privacy debacle of its own doing. Security researcher and PhD student Mustafa Al-Bassam discovered yesterday that the airline’s social media team was demanding customers post a trove of personal information publicly on Twitter, so it could help investigate customer service claims. That included passport numbers, full addresses, and other sensitive info, as reported earlier today by TechCrunch.
Even weirder: the airline kept insisting this was to “comply with GDPR,” which is the General Data Protection Regulation. It’s the EU’s new widespread consumer privacy law designed to keep companies from collecting and selling personal information of internet users without their consent. So it doesn’t make much sense why British Airways would require customers post their personal information on Twitter for all to see just to get assistance about a missed or delayed flight.
Al-Bassam notes how, after some users complained about the airline’s bizarrely worded request, it began altering its replies to say that customers should DM them the info instead. Granted, GDPR is an 88-page, 56,000-word law that is quite complex and confusing. It also just went into effect on May 25th and many companies have struggled with compliance. Still, there’s nothing about GDPR that should imply it involves asking people to post personal information to Twitter.
Making matters worse for British Airways, Al-Bassam was only looking into the company’s Twitter activity because he discovered he couldn’t check in for his flight — to a security conference no less — without disabling his ad blocker. It turns out British Airways uses tracking cookies when you check into flights on a web browser that then sends your personal information to third-party sites.
As he notes, without proper consent, this is a violation of GDPR, the same GDPR that British Airways’ social media team thinks it’s complying with by asking people to post personal information on Twitter. After a frustrating back-and-forth with various members of the British Airways team about why there was no consent form or opt-out mechanism, Al-Bassam submitted a complaint to the airline, reposted here, voicing his concerns. He also outlined his plans to submit a more formal GDPR complaint with the UK’s Information Commissioner’s Office within 30 days if the company doesn’t remedy the issue with its web check-in process and ad-tracking practices.
Now, while it’s well understood that GDPR is confusing and takes some time to parse, it seems like there’s a more profound misunderstanding going on over at British Airways.
- Senior Identity and Access Management Consultant (IDAM)
- €70,000 - €85,000
(Security Consultant, Technical Consultant, Consultant, IDAM, CyberArk, RSA, Cyber, Security, Germany) Location: Frankfurt *Candidates must be EU based (Germany preferred) as our client are unable to provide sponsorship* Senior Identity and Access Management consultant (IDAM) subject matter expert is needed to lead and drive technical and or business transformation projects in a client facing position for a prestigious consultancy in Frankfurt, Germany. A broad technical knowledge across Identity and access management is essential. Technical hands-on experience with one or more of the following Ping, Forgerock, Cyberark, RSA Aveksa is highly desirable. A successful individual will be client facing and MUST be able to effectively engage, consult and provide advice to complex client engagements. The position will give the Senior Identity and Access Management consultant the opportunity to work with top tier clients with the view of making a meaningful strategic difference. If you are passionate about your industry and specialise in the IDAM space and are looking for a new challenge to step up, apply today and speak with the Security team. Call DCL Search & Selection on 0208 663 4030 and find out about more of our cybersecurity jobs. Reference: TC7528 (Security Consultant, Technical Consultant, Consultant, IDAM, CyberArk, RSA, Cyber, Security, Germany)
- Business Development Manager (IoT Connectivity Solutions)
- Up to €120,000 plus bonus and benefits
Experienced Business Development Manager is required for an expanding Service Provider to sell/position their IOT connectivity solutions into the Manufacturing Sector within the German market. This is a great opportunity to join a key player within this space, who have a number of successful projects for you to reference, they have the skills and the network but now needs the key person to help take the message to market You need to have proven sales experience within the mobile cellular IOT connectivity space and ideally knowledge of the manufacturing sector, this is a true consultancy role, you will be comfortable working with other sales team within the business but also able to directly approach key customers yourself. Great opportunity to join an expanding business as they grow their German Presence Ref: RA7259 (IoT Sales Jobs, IoT Sales, IoT Sales Executive, IoT Business Development Manager)
- Services Manager (Telecommunications)
- Up to £75,000 plus benefits and bonus
Service Manager with telecommunications experience is required for a tier 1 service provider. You will be responsible for managing a number of key global account, acting as the voice of the customer within the business. Your key objectives will include: Responsibility for overall service relationship with the customer To enhance the customer experience To protect and grow customer revenues You will be working within a global business where you will be managing different services from different parts of the globe and therefore must be able to demonstrate where you have ideally worked within a similar environment. You will be a key member of the service management team responsible for a number of key accounts. You must have experience as a Service Manager from either a telecom/telecommunications or hosting business dealing with services to corporate accounts, you will need to have knowledge around telecom/telecommunications solutions. Ref: RA7255
- Infrastructure / Forensic Lab Manager
- Up to £40,000 Base
Infrastructure / Lab Manager needed to join a consulting business near London Bridge. MUST be commutable on a daily basis. The Infrastructure / Forensic Lab Manager will be responsible for the upkeep, performance, security/patching etc of the hardware/software used by the consultants across the UK business. Broad IT experience covering both on-prem - Cloud (Azure) environments, Hyper V, Security Information and Event Management tools (such as SPLUNK). Specific experience with Forensic / eDiscovery Labs (Relativity / Nuix) is highly desirable. The Infrastructure / Forensic Lab manager will be a key hire within the technical team being the escalation point for any internal IT issues. Experience liaising with remote/international stakeholder is essential. All details kept in the strictest of confidence. Apply today and or contact Chris.Holt@dclsearch.com *For this position candidates must be UK based and our client is unable to sponsor candidates outside of the EU* Ref: CH7533 (Forensics Jobs, Digital Forensics Jobs, Forensics Lab Manager)