Earlier today I noticed a tweet from British Airways, in response a query from someone who had apparently tweeted their booking reference number. BA said
Hi…for data protection we must ask you remove the booking ref from your feed. We’ll look into this and get back to you.
I thought it was mildly amusing and irritating that “data protection” was being cited as the reason for the request to delete the tweet. “Data protection” sometimes seems like a catch-all term companies trot out when they’re asked for any sort of information which they’re reluctant to disclose. This time it seemed like BA were extending this to a paternalistic oversight of people’s twitter feeds.
In this instance, though, BA responded politely to my tweet, explaining why they discourage customers from posting booking numbers on social media, and others politely rallied to their cause.
So I’m just posting to say to BA – I’m sorry. I think you’re right to discourage the public posting of private information, and I understand why you sent that tweet. It was puerile of me to pick it up and tweet about it.
But, even though the issue is related to the processing of personal data, I do still think it was a bit silly to use “data protection” to justify your sensible suggestion to a customer to delete one of their tweets.
Sounds like it’s exactly about protecting data, quite literally.
If you want to define terms literally, fine. But “data protection” has a specific context and I don’t understand, if you’ve read this post, where your comment takes us?
Nowhere, I was just joking. I agree the original tweet was badly phrased – something like “Please delete your tweet to protect the security of your booking” would be better.
Gotcha. Apologies for missing the joke 🙂
As I think you acknowledge, BA quoting ‘data protection’ doesn’t equate to them saying that the DPA required the individual to delete the tweet. They are just trying to ensure the security and personal data of their customers – to which for most people ‘data protection’ would fit as an explanation. I think it boils down to the fact there’s a difference between ‘data protection’ and ‘the DPA’ – and it’s the former that would resonate with the public (if not not us geeks).
An amusing anecdote – I was once told by a frantic shop assistant that I couldn’t take a picture of some fetching ladies’ shoes I was going to send to my gfriend “because of data protection”. I resisted the temptation to explain that whilst ‘Kurt Geiger’ may constitute personal data, ‘Clarks’ did not.
Simple, good subject. Speaking of Clarks in last comment, I had brief email exchange this week with customer services to figure out what they do with my kids data taken on telephone, booking their school shoe appointment, and then measured in shop via iPad fitting tool. (Custom expensive gadget?) Assured me it was all deleted after appointment. Hmmm, bet they would find it useful marketing data. Child age, (personal contact data used in booking) foot measurements, shoes bought….