Farina Azam: Tour ops and travel agents – data sharing is not a breach of GDPR
Former MemberOf the many issues arising from the demise of Thomas Cook, one issue which caused a lot of problems (and is still causing issues) was where Thomas Cook/Freedom Travel, acting as a retail agent on behalf of numerous tour operators, failed to send to those tour operators the customer’s contact details when a booking had been made.
This meant that when Thomas Cook failed those tour operators were unable to contact customers to let them know that since their booking was with a third-party tour operator, it was unaffected. This resulted in a great deal of confusion, with many customers assuming their bookings were cancelled and re-booking new holidays (on the assumption their Thomas Cook holiday will be duly refunded – which it wasn’t). Customers now had two holidays booked, with either the customer losing out or the tour operator, as some tour operators did, very kindly, allow customers to cancel one of their holidays without paying the usual cancellation charges.
One of the biggest misconceptions I have seen is an assumption that travel agents cannot share customer contact details with tour operators without the customer’s consent, as to do so would be a breach of GDPR. This is incorrect.
Travel agents can legally share the customer’s personal data (including contact details) with tour operators without requiring the customer’s explicit consent as it is necessary for the performance of the tour operator’s holiday contract with the customer. If sharing the customer’s contact details is also a condition of the travel agent’s agency agreement with the tour operator, an additional legal condition applies whereby sharing the data is necessary for compliance with a legal obligation to which travel agent is subject.
You could also argue that there is a legitimate interest in sharing the customer’s contact details as it would ensure that tour operators can contact customers in emergencies or if there was a last-minute issue with the customer’s holiday. So, I have mentioned three legal conditions which could be relied on to share customer contact details – none of which require the customer’s consent! However, both the travel agent’s and the tour operator’s privacy notices will need to make it clear that the customer’s personal data is shared in this way. Also, the agency agreement between the travel agent and the tour operator should include properly drafted data sharing clauses.
From my experience, the main reason behind travel agents’ reluctance to share customer contact details relates to a fear that tour operators may use those contact details to start marketing directly to customers and thereby cutting the travel agent out of any future bookings. When, in 2019, IATA required all agents to input passenger email addresses and mobile telephone numbers into the system so that airlines could contact passengers at short notice to advise them of flight delays and cancellations, I was contacted by numerous clients who were unhappy about this as they were worried airlines would misuse the data and start marketing directly to their customers.
In order to alleviate similar fears here, conditions could be imposed on the tour operator within its agency agreements making it clear that the tour operator will not use the contact details provided by the travel agent for anything other than contacting the customer in relation to the customer’s booked holiday, and in particular will not market to that customer using the shared contact details.
Steps will need to be taken by the tour operator to ensure that the contact details shared by the travel agent remain separate to the tour operator’s own data, and in particular do not get amalgamated into the tour operator’s own marketing database. Travel agents should also take some comfort from the fact that tour operators can do very little direct marketing using the contact details provided by agents without contravening either GDPR or the Privacy & Electronic Communications Regulations (PECR). For example, sending marketing emails to customers using email addresses shared by the travel agent would breach PECR.
Travel agents and tour operators need to share customer data and can do so legally without the customer’s consent. However, the industry needs to work together to fight the mistrust amongst agents and tour operators – as ultimately, that will have the best outcome for customers. It will also ensure that the confusion and problems brought to fore most recently by the failure of Thomas Cook, do not happen again!
Farina Azam is a partner and travel lead at Kemp Little LLP
Sign up for weekday travel news and analysis straight to your inbox
Supplier Directory
Find contacts for 260+ travel suppliers. Type name, company or destination.
Editor's pick
Clients with kids? Consider Disney’s Encanto countryPARTNER CONTENT
Recommended For You
Latest travel jobs
Self-employed Holiday Sales Consultants
Junior Africa Sales Consultant
Travel Consultant - Barrhead, Newtownabbey
Competitions
Upcoming events
Place of registration: England and Wales.
Company number 08723341.
Registered address: 6th Floor, 2 London Wall Place, London EC2Y 5AU
