'How can you get GDPR so wrong?' Customer slams BA tweets
Customers have reportedly provided personal information on Twitter to British Airways after it used the social media platform to ask them to confirm details.
The tweets were first spotted by Mustafa Al-Bassam, a PhD student from the Department of Computer Science at University College London.
He had seen the interactions while interacting with the company over a flight he had booked to attend the ‘Privacy Enhancing Technologies Symposium’.
In screenshots of tweets apparently made by the company, replies to customer complaints ask for data, including passport numbers, card details, full names, addresses, dates of birth and email addresses.
In one Twitter conversation, the account follows up a request for personal information with a second tweet, six hours later, qualifying that information needs to be sent ‘via Direct Message’.
Some British Airways customers were unsure that sharing the personal information publicly was safe, and in conversation on Twitter refused to share it.
However some customers were not so savvy, and shared the requested personal information via a public reply, making it visible to everyone.
It's still happening. People are posting their address publicly on Twitter because @British_Airways asked for them as GDPR requires customer identification. How can you get GDPR so wrong? pic.twitter.com/IJ7d64nnMx— Mustafa Al-Bassam (@musalbas) July 18, 2018
In a statement to BusinessCloud, a representative from British Airways said: "We’d never ask customers to send personal information publicly.
"When a genuine error is made, we will always go back to the customer to clarify this.
"Our social media colleagues look after around 2,000 enquiries a day, and like all customer service teams we are always careful to confirm that we are talking to the right person before making any changes to their booking."