On 29 January 2021, the Kemp Little team joined Deloitte Legal. Click here to view the press release.

As of 30 January 2021, Kemp Little LLP ceased to operate as a firm of solicitors and practice law and ceased to be regulated and authorised by the Solicitors Regulation Authority.

Kemp Little LLP has been re-named KL Heritage LLP.

If you are looking to contact a specific individual to seek legal advice or in respect of any other business relationship, please contact Deloitte Legal.

If you are seeking to contact the old Kemp Little LLP in relation to a previous business relationship or matter, please get in touch with KL Heritage LLP.

For enquiries relating to Kemp Little technology products and training portal, please email deloittelegal@deloitte.co.uk

 


 

Kemp Little is a trade name used under licence by KL Heritage LLP (formerly Kemp Little LLP, registered number OC300242 and VAT number 182 8854 65).

On 29 January 2021, the Kemp Little team joined Deloitte Legal.  As of 30 January 2021, Kemp Little ceased to operate as a firm of solicitors and practice law. From this date Kemp Little ceased to be authorised and regulated by the Solicitors Regulation Authority and is being re-named KL Heritage LLP.

All references to Kemp Little herein are references to KL Heritage LLP, which used to carry on business in that name.

KL Heritage LLP is not connected to or associated with Deloitte Legal or Deloitte LLP in any capacity.

 

Kemp Little
  • Looking for someone?
  • Email us
  • Search
MENU MENU
Insights overview

Commercial technology · 8 January 2020 · Farina Azam

Tour Ops & Travel Agents – Data sharing is not a breach of GDPR | TTG

Of the many issues arising from the demise of Thomas Cook, one issue which caused a lot of problems (and is still causing issues) was… Read more

more content below

Of the many issues arising from the demise of Thomas Cook, one issue which caused a lot of problems (and is still causing issues) was where Thomas Cook/Freedom Travel, acting as a retail agent on behalf of numerous tour operators, failed to send to those tour operators the customer’s contact details when a booking had been made.

This meant that when Thomas Cook failed those tour operators were unable to contact customers to let them know that since their booking was with a third-party tour operator, it was unaffected. This resulted in a great deal of confusion, with many customers assuming their bookings were cancelled and re-booking new holidays (on the assumption their Thomas Cook holiday will be duly refunded – which it wasn’t). Customers now had two holidays booked, with either the customer losing out or the tour operator, as some tour operators did, very kindly, allow customers to cancel one of their holidays without paying the usual cancellation charges.

One of the biggest misconceptions I have seen is an assumption that travel agents cannot share customer contact details with tour operators without the customer’s consent, as to do so would be a breach of GDPR. This is incorrect.

Travel agents can legally share the customer’s personal data (including contact details) with tour operators without requiring the customer’s explicit consent as it is necessary for the performance of the tour operator’s holiday contract with the customer. If sharing the customer’s contact details is also a condition of the travel agent’s agency agreement with the tour operator, an additional legal condition applies whereby sharing the data is necessary for compliance with a legal obligation to which travel agent is subject.

You could also argue that there is a legitimate interest in sharing the customer’s contact details as it would ensure that tour operators can contact customers in emergencies or if there was a last-minute issue with the customer’s holiday. So, I have mentioned three legal conditions which could be relied on to share customer contact details – none of which require the customer’s consent! However, both the travel agent’s and the tour operator’s privacy notices will need to make it clear that the customer’s personal data is shared in this way. Also, the agency agreement between the travel agent and the tour operator should include properly drafted data sharing clauses.

This meant that when Thomas Cook failed those tour operators were unable to contact customers to let them know that since their booking was with a third-party tour operator, it was unaffected. This resulted in a great deal of confusion, with many customers assuming their bookings were cancelled and re-booking new holidays (on the assumption their Thomas Cook holiday will be duly refunded – which it wasn’t). Customers now had two holidays booked, with either the customer losing out or the tour operator, as some tour operators did, very kindly, allow customers to cancel one of their holidays without paying the usual cancellation charges.

One of the biggest misconceptions I have seen is an assumption that travel agents cannot share customer contact details with tour operators without the customer’s consent, as to do so would be a breach of GDPR. This is incorrect.

Travel agents can legally share the customer’s personal data (including contact details) with tour operators without requiring the customer’s explicit consent as it is necessary for the performance of the tour operator’s holiday contract with the customer. If sharing the customer’s contact details is also a condition of the travel agent’s agency agreement with the tour operator, an additional legal condition applies whereby sharing the data is necessary for compliance with a legal obligation to which travel agent is subject.

You could also argue that there is a legitimate interest in sharing the customer’s contact details as it would ensure that tour operators can contact customers in emergencies or if there was a last-minute issue with the customer’s holiday. So, I have mentioned three legal conditions which could be relied on to share customer contact details – none of which require the customer’s consent! However, both the travel agent’s and the tour operator’s privacy notices will need to make it clear that the customer’s personal data is shared in this way. Also, the agency agreement between the travel agent and the tour operator should include properly drafted data sharing clauses.

From my experience, the main reason behind travel agents’ reluctance to share customer contact details relates to a fear that tour operators may use those contact details to start marketing directly to customers and thereby cutting the travel agent out of any future bookings. When, in 2019, IATA required all agents to input passenger email addresses and mobile telephone numbers into the system so that airlines could contact passengers at short notice to advise them of flight delays and cancellations, I was contacted by numerous clients who were unhappy about this as they were worried airlines would misuse the data and start marketing directly to their customers.

In order to alleviate similar fears here, conditions could be imposed on the tour operator within its agency agreements making it clear that the tour operator will not use the contact details provided by the travel agent for anything other than contacting the customer in relation to the customer’s booked holiday, and in particular will not market to that customer using the shared contact details.

Steps will need to be taken by the tour operator to ensure that the contact details shared by the travel agent remain separate to the tour operator’s own data, and in particular do not get amalgamated into the tour operator’s own marketing database. Travel agents should also take some comfort from the fact that tour operators can do very little direct marketing using the contact details provided by agents without contravening either GDPR or the Privacy & Electronic Communications Regulations (PECR). For example, sending marketing emails to customers using email addresses shared by the travel agent would breach PECR.

Travel agents and tour operators need to share customer data and can do so legally without the customer’s consent. However, the industry needs to work together to fight the mistrust amongst agents and tour operators – as ultimately, that will have the best outcome for customers. It will also ensure that the confusion and problems brought to fore most recently by the failure of Thomas Cook, do not happen again!

This article was first published in TTG.

View the original article here. 

  • Share this blog

  • Twitter
  • Facebook
  • Linkedin

Farina AzamFarina Azam is a commercial technology partner

Get in touch

View the team

Sign up for our newsletters

  • Share this Blog

  • Twitter
  • Facebook
  • Linkedin

Other stuff you might like

  1. Are your offices ready for a post-lockdown return to work?
  2. Preparing for the New Normal | Webinar
  3. Retail reconsidered | KL Stores: a case study series exploring innovation in retail
The hottest topics in technology
  • Adtech & martech
  • Agile
  • Artificial intelligence
  • EBA outsourcing
  • Brexit
  • Cloud computing
  • Complex & sensitive investigations
  • Connectivity
  • Cryptocurrencies & blockchain
  • Cybersecurity
  • Data analytics & big data
  • Data breaches
  • Data rights
  • Digital commerce
  • Digital content risk
  • Digital health
  • Digital media
  • Digital infrastructure & telecoms
  • Emerging businesses
  • Financial services
  • Fintech
  • Gambling
  • GDPR
  • KLick DPO
  • KLick Trade Mark
  • Open banking
  • Retail
  • SMCR
  • Software & services
  • Sourcing
  • Travel
close
The hottest topics in technology
  • Adtech & martech
  • Agile
  • Artificial intelligence
  • EBA outsourcing
  • Brexit
  • Cloud computing
  • Complex & sensitive investigations
  • Connectivity
  • Cryptocurrencies & blockchain
  • Cybersecurity
  • Data analytics & big data
  • Data breaches
  • Data rights
  • Digital commerce
  • Digital content risk
  • Digital health
  • Digital media
  • Digital infrastructure & telecoms
  • Emerging businesses
  • Financial services
  • Fintech
  • Gambling
  • GDPR
  • KLick DPO
  • KLick Trade Mark
  • Open banking
  • Retail
  • SMCR
  • Software & services
  • Sourcing
  • Travel
Kemp Little

Lawyers
and thought leaders who are passionate about technology

Expand footer

Kemp Little

138 Cheapside
City of London
EC2V 6BJ

020 7600 8080

hello@kemplittle.com

Services

  • Commercial technology
  • Consulting
  • Disputes
  • Intellectual property
  • Employment
  • Immigration

 

  • Sourcing
  • Corporate
  • Data protection & privacy
  • Financial regulation
  • Private equity & venture capital
  • Tax

Sitemap

  • Our people
  • Insights
  • Events
  • About us
  • Contact us
  • Cookies
  • Privacy
  • Terms of use
  • Complaints
  • Debt recovery charges

Follow us

  • Twitter
  • LinkedIn
  • FlightDeck
  • Sign up for our newsletters

Kemp Little LLP is a limited liability partnership registered in England and Wales (registered number OC300242) and is authorised and regulated by the Solicitors Regulation Authority. Its registered office is 138 Cheapside, London EC2V 6BJ. The SRA Standards and Regulations can be accessed by clicking here.

  • Cyber Essentials logo
  • LORCA logo
  • ABTA Partner+ logo
  • Make Your Ask logo
  • FT Innovative Lawyers 2019 winners logo
  • Law Society Excellence Awards shortlisted
  • Legal Business Awards = highly commended
  • Home
  • Our people
  • Services
    • Business restructuring and reorganisation
    • Commercial technology
    • Consulting
    • Corporate
    • Data protection & privacy
    • Digital content & reputation risk
    • Disputes
    • Employment
    • Financial regulation
    • Immigration
    • Innovation
    • Intellectual property
    • Private equity & venture capital
    • Sourcing
    • Tax
    • Travel
  • Resources
  • Insights
  • Covid 19: Your Business Continuity
  • Events
  • About us
    • Who we are
    • Our social responsibilities
    • Our partnerships
    • Join us
  • Contact us
  • FlightDeck
  • Sign up for our newsletters
  • Follow us
    • Twitter
    • LinkedIn
close
close
close

Send us a message

Fill in your details and we'll be in touch soon

[contact-form-7 id="4941" title="General contact form"]
close

Sign up for our newsletter

I would like to receive updates and related news from Kemp Little *

Please select below any publications that you would like to receive:

Newsletters

close

Register for future event information

[contact-form-7 id="4943" title="Subscribe to future events"]
close
close
Generic filters
Exact matches only

Can't remember their name? View everyone

  • Home
  • Our people
  • Services
    • Business restructuring and reorganisation
    • Commercial technology
    • Consulting
    • Corporate
    • Data protection & privacy
    • Digital content & reputation risk
    • Disputes
    • Employment
    • Financial regulation
    • Immigration
    • Innovation
    • Intellectual property
    • Private equity & venture capital
    • Sourcing
    • Tax
    • Travel
  • Resources
  • Insights
  • Covid 19: Your Business Continuity
  • Events
  • About us
    • Who we are
    • Our social responsibilities
    • Our partnerships
    • Join us
  • Contact us
  • FlightDeck
  • Sign up for our newsletters
  • Follow us
    • Twitter
    • LinkedIn