Hacker Read

miohtama · 2021-11-11 02:13:55

Because Booking.com is a Dutch company, and the EU has GDPR, the incident cannot legally repeat itself. This was 2016 incident and GDPR become effective 2018.

Freak_NL | karma 12342 | avg karma 4.04 · | 2021-11-11 02:14:06

This took place just before the EU-wide GDPR was introduced, but under the Dutch national laws applicable at the time Booking.com was obliged to notify its affected users. Because the impact of a foreign state actor spying on your hotel bookings can be quite high (something Booking.com cannot reasonably determine for their users themselves) disclosure should have happened then in 2016, and the Dutch Data Protection Authority should have been informed as well.

t0mas88 | karma 6044 | avg karma 3.96 · | 2021-04-07 20:37:23+00:00

They are absolutely required to report this to the data protection agencies in all European countries. As the other comment mentioned, missing the 72 hour deadline on this is enough to get a fine as Booking.com did.

I'm curious to see the total in GDPR fines from this for Facebook. Will probably take a year or two before we know.

reply

Nextgrid | karma 26661 | avg karma 2.96 · | 2023-12-20 06:17:38

GDPR enforcement is severely lacking, not only in the UK but even in Europe even in case of blatant and obvious breaches (Facebook, Google, etc), so good luck getting the regulator to do anything about your "Your booking couldn't be processed, please try again later" error.

emerongi | karma 2788 | avg karma 4.48 · | 2018-06-19 15:04:47

This happened over a year ago already, before GDPR was enforced.

marvin | karma 9832 | avg karma 3.38 · | 2019-09-18 02:43:18

This must surely be an obvious GDPR violation if it happens in Europe.

exolymph | karma 14357 | avg karma 3.88 · | 2018-05-30 05:58:15+00:00

Yep, it's because of GDPR.

londons_explore | karma 35497 | avg karma 2.72 · | 2019-10-14 21:12:49+00:00

There is an explicit exception to the GDPR for duplicate/unreasonable requests.

conmarap | karma 41 | avg karma 0.72 · | 2019-03-04 12:47:30+00:00

Isn't this a violation of gdpr? And if it is, how have they not been sued yet?

snowwolf | karma 1282 | avg karma 4.93 · | 2019-05-15 18:32:29+00:00

In the EU this is a violation of GDPR if true.

romanovcode | karma 2646 | avg karma 1.46 · | 2023-10-31 03:43:44

I remember back in the day when GDPR was announced this was an actual thing. Nowadays tho, 9/10 of the website that used that message caved and are serving EU without problems.

RamblingCTO | karma 1338 | avg karma 1.44 · | 2024-01-05 04:57:09

The very move of this is a GDPR violation and doesn't stand a chance in EU courts.

teknopaul | karma 834 | avg karma 1.48 · | 2019-01-26 20:03:46+00:00

How can this be legal? Maybe it isn't; you have to file GDPR complaints.

daenney | karma 5531 | avg karma 5.99 · | 2017-08-14 15:02:51+00:00

Unfortunately GDPR enforcement is about 9 months away. I don't think it applies retroactively.

khalilravanna | karma 954 | avg karma 3.37 · | 2019-02-07 13:24:32

Are any of these apps used in the EU? If there’s no user consent for this privacy policy it strikes me that this isn’t GDPR compliant and these guys are just waiting to get fined. I wonder if they can get it around it by having their clients (Hotels.com, etc) essentially proxy this consent through their own privacy policies.

kjaftaedi | karma 1494 | avg karma 3.57 · | 2020-01-07 17:04:10+00:00

Travelex operates in Europe and is bound by GDPR regulations.

Travelex should have notified their supervisory authority within 72 hours of the breach, and are also required to notify end users in a timely manner.

https://gdpr-info.eu/art-34-gdpr/

According to the article, end users still have not been notified.

The lack of timely and proper notification as well as the misleading website information can be taken into account by the data protection authority in determining if the company should be fined, and the fines in question can be quite substantial.

reply

clankyclanker | karma 627 | avg karma 3.2 · | 2024-02-07 13:12:03

Then you file a complaint with your favorite reordenarías because somebody skirted the GDPR?

hn_throwaway_99 | karma 68064 | avg karma 8.17 · | 2021-09-12 10:06:04

I don't know if this is the experience for European visitors, but as the Twitter thread states, this is in violation of both the spirit, and, importantly, the letter of GDPR. I really hope there are more than slap-on-the-wrist consequences for this blatant, deliberate attempt to side-step the requirements of GDPR.

jakobegger | karma 8283 | avg karma 4.45 · | 2018-03-05 02:03:48

Well, the General Data Protection Regulation (GDPR) will become enforceable in May (for all people in the EU).

As far as I understand, Emirates is risking big fines if they they don't fix this by May 25.

reply

lokedhs | karma 2892 | avg karma 2.22 · | 2020-01-23 08:04:30+00:00

This is supposedly not allowed under the GDPR, but we're going to have to wait a while before this is actually tried in court.