Clare Daly CIPP/e’s Post

This hits home real hard for me as a frequent flyer who enjoys the convenience of travelling dirt cheap. I’ve noticed that recently when you book with third party/online travel agency (OTA), Ryanair requires to verify your identity before check-in by providing them with a clear shot of your ID and a full-on facial scan. It not only allows you to skip any extra issues with the OTA and transfers your booking to you directly, also it is the only feasible option to unlock check-in. At first, it seems a bit intrusive verification to prove you being a real passenger. As before check-in you are required to register/sign into your account with the airline, and OTA have provided you with the email and the reservation number for the flight. Thus the additional biometric verification seems completely unnecessary. Why to go through such drastic verification measures instead of proposing a simple email change to continue communication directly with the passenger? In this case, the real problem arises when you discover your options. The imbalance of power becomes too obvious, when the “trap of cheap” has closed on you. Ryanair leaves their clients with very limited choice: It’s either you have a few options of flights on their website (most of which will not fit your schedule); or when booking with an OTA, you “freely” consent to sharing biometric data with an unknown third party for identity verification. Of course a few other “convenient” choices include: Arriving at least 2 hours before your flight to Check-In at the airport (possible fees twice the price of your ticket); Verifying your identity via providing a photo of your ID, which may take up to a week. It leaves us with the obvious fast-track choice of oversharing, otherwise we may end up losing money or missing the flight. As Ryanair holds a fair share of the market, this might be considered as an abuse of power and unfair business practice. Although Ryanair claims this procedure is used only for security compliance reasons, the true motive might be the switch in customer behaviour. Although, the real reason for such practice seems unclear, it is a clear violation of customers’ privacy, thus the lawsuit is a relevant measure to eliminate such verification requests. Let’s wait and see what happens next! #Ryanair #privacylawsuit #dataprivacy #ryanairlawsuit https://lnkd.in/dC-BnUia

While over the past decade personal data privacy has been the buzzword permeating our lives, not many of us give second thought while sharing our passport, Aadhaar etc. while checking into hotels. What happens to those photocopies and digital copies of our documents? When these make their way to the ID black market, they can be used for financial frauds impacting our credit scores, taking SIM cards that can be used for criminal activities or even money laundering. The Digital data protection act might be a good moment not only for safeguarding travelers’ data, but also making the age old process of check-in at the end of hectic journey hassle free. #dpdpbill2023 #dataprotection #checkin #hospitality

India's Hospitality Sector is at a Digital Crossroads: The Digital Personal Data Protection Act of 2023 is transforming the way the industry handles personal data. But what does this mean for hotels, OTA's, and other establishments? How will complex ownership structures and new KYC protocols reshape the landscape? Dive into the Intricacies of Data Management, KYC Protocols, and Emerging Challenges. Read now to streamline privacy compliance in hospitality! https://zurl.co/Cna4 #DPDPAct2023 #DataPrivacy #DataSecurity #Hospitality #Compliance

Read: Navigating The New Data Privacy Laws in the Travel Industry ✈️ In today’s digital age, the travel industry has become increasingly reliant on the collection and processing of user data to provide personalized and convenient services. However, with great power comes great responsibility, and ensuring the privacy and security of customer data has become a top priority. The recently enacted Data Protection and Digital Privacy (DPDP) Act has set stringent guidelines for how travel companies handle user data, emphasizing the importance of explicit user consent. Read about what this means for travel companies.

Not just travel sector but may other sectors such as logistics, trade show organisers, eCommerce, etc. The bill discourages the practice of data hoarding which requires a radical shift in thinking about customer data. #dpdpbill #cybersecurity #travel

Another two companies decided to partner-up in order to realize #privacy preserving #decentralized, digital identities in Europe - use case: Travel credential Want to know how #bosch can make use of this upcoming ecosystem of verifiable, people ID information for example in #digitalhr - contact me 😉 #verifiablecredentials #ssi #digitalidentity

✈️ The Department of Transportation (DoT) recently announced that it intends to conduct a privacy review of ten US-based airlines. Read our blog here: https://bit.ly/4aNZq0c ▶️ This first privacy review intends to confirm whether airlines are “properly safeguarding their customer’s personal information,” and “unfairly or deceptively monetizing or sharing that data with third parties.” While this review has the potential to confirm sound practices and enhance consumer trust in a challenging industry, any regulator focus also carries potential risk. Negative findings by the DoT could result in fines and penalties for offending airlines. ✅ It is exciting to see privacy receive such focus in a critical industry, and at a crucial time. As David McInerney, Commercial Manager at Cassie says, “The US Department of Transportation’s initiative to review the privacy practices of the nation’s largest airlines emphasizes the importance of consent, not only in the airline industry, but across all sectors.” Read more here: https://bit.ly/4aNZq0c #DataPrivacy #DepartmentofTransportation #PrivacyRegulations #Compliance #Consent #CustomerExperience

On Thursday, US DOT Secretary Buttigieg announced a new DOT initiative to review the policy practices of US airlines to ensure the protection of passengers’ personal information. This review will examine airline policies and procedures regarding the collection, handling, maintenance, and use of passengers’ personal data and potential monetization or sharing of that data with third parties. This privacy review program is being led by the DOT’s Office of Aviation Consumer Protection (OACP). In connection with this program, OACP has already requested that the ten largest US airlines provide information on their policies, procedures, and personnel training relating to the collection, maintenance, handling, and use of passenger data and on any complaints received regarding airline employee or contractor mishandling of personal information or other airline violations of passenger privacy. Although the privacy review program is new, this is not the first time the DOT has addressed the need to protect passenger privacy. The DOT considers violation of passenger privacy protections an unfair or deceptive practice. See DOT, Defining Unfair or Deceptive Practices, 85 Fed. Reg. 11,881, 11,884 (Feb. 28, 2020). In May 2020, Airlines for America (“A4A”) and IATA requested clarification that the DOT is the “sole regulator of privacy-related conduct for air carriers, foreign air carriers, and ticket agents.” Further, they requested that the DOT include a provision in its regulations as to unfair or deceptive practices expressly addressing the collection, maintenance, and mishandling of private information. The DOT declined to adopt the proposal stating that if it were to “adopt detailed privacy regulation affecting air transportation and the sale of air transportation, it should first engage in the full notice-and-comment procedures of the APA, as well as the procedures outlined in [its final rule defining unfair or deceptive practices].” It is unclear whether the newly announced initiative is the first step towards the DOT issuing a rulemaking specifically addressing the protection of passenger data. https://lnkd.in/ezTdCW36

Inquiry concerning Airbnb Ireland UC June 2023 (IN-22-3-1) Date of Decision: 21 June 2023 In light of the infringements of Article 5(1)(c) and Article 5(1)(e), the DPC issued a reprimand to Airbnb pursuant to Article 58(2)(b) of the GDPR. In addition, the DPC made the following orders against Airbnb pursuant to Article 58(2)(d) to remedy the infringements identified in this case and to prevent similar infringements occurring with regard to data subjects in the future in similar circumstances: -Delete from all of its systems and records the redacted and out-of-date copies of the complainant’s identity documents that the complainant attempted to upload. -Delete from all of its systems and records the identity documents that the complainant uploaded (keeping only a record that such documentation was submitted as well as the date of submission). -Subject to compliance with EU and Member State law, revise its internal policies and procedures concerning user identity verification to ensure that (i) once the identity of data subjects has been verified to Airbnb’s satisfaction, Airbnb discontinues the practice of retaining improperly redacted and/or out-of-date identity documents that may be submitted by data subjects as part of the identity verification process, and (ii) the period for which valid or fraudulent/illegitimate identification documents (which includes identification documents validly redacted in accordance with laws which require certain redactions) submitted by data subjects as part of the identity verification process are stored is limited to a strict minimum (in accordance with Recital 39 of the GDPR).

Market Research Reveal: Albanian Travel Agencies' Privacy Policies 🌍 Our team has completed an analysis of privacy policies across various travel agencies in Albania. The study was meticulously designed to evaluate key aspects such as Compliance (C), Data Security (DS), Data Collection Practices (DCP) and User Rights (UR) among others. 🔑 Key Insights: 1. Compliance Variability. The level of adherence to data protection regulations varied significantly among agencies. 2. Data Security Concerns. Data security practices were inconsistent, with some agencies demonstrating satisfying measures and others showing potential vulnerabilities. 3. Inconsistent Attention to User Rights. While some agencies are attentive to user rights within their privacy policies, this is not a uniform practice across the board. 📈 Implications for the Industry: For Travel Agencies. This analysis underscores the importance of regularly reviewing and updating privacy policies and data security measures. Ensuring that these policies are in line with current regulations is crucial for building customer trust. For Travelers. Awareness is key. Our findings provide insight into the varying levels of data protection among different agencies, helping you make more informed decisions when selecting your travel partners. 💡 We are committed to bringing more such insights to light, aiding both the industry in elevating its standards and customers in making informed decisions. #TravelDataPrivacy #AlbaniaTourism #MarketResearch #DigitalSecurity #TravelIndustry