Online travel giants named in Facebook data-security breach

Online travel giants named in Facebook data-security breach

Skyscanner, TripAdvisor and Kayak among apps accused of sending personal data without consent

Online travel giants Skyscanner and TripAdvisor are among the companies caught up in the latest allegations of data-security breaches levelled against Facebook.

A study of more than 30 popular Android phone apps by campaign group Privacy International found at least two-thirds sent personal data to Facebook from the moment they were opened – before users could be asked for consent and regardless of whether the subjects were Facebook users.

Privacy International identified Skyscanner, TripAdvisor and Kayak as among the apps which sent personal data to Facebook without users’ consent.

The researchers examined apps with built-in Facebook trackers and intercepted data as it was sent.

They reported Kayak shared detailed information on flight searches with Facebook, including travel dates, destinations and flight details, and whether users had children.

The EU’s General Data Protection Regulation (GDPR) which came into force last May requires the explicit consent of users before personal information is collected or shared.

Information commissioners in EU member states can levy fines of up to 4% of global revenue on companies found guilty of a serious breach of the GDPR.

Skyscanner responded to the report by thanking Privacy International for alerting it “to this issue”.

The metasearch site said: “Our goal is to be as transparent and upfront as possible with travellers regarding what information is collected from them and who it is shared with.”

Since being notified, Skyscanner said: “We released an update to our app as a priority which will stop the transmission of data.

“As a further result, we will audit all our consent tracing and are committed to making any changes necessary to ensure travellers’ privacy rights are fully respected.”

TripAdvisor also issued a response, noting: “We are committed to engaging with Privacy International.”

The review site insisted: “Respecting the data protection rights of our users is of utmost importance to TripAdvisor.”

However, TripAdvisor also questioned the findings, suggesting: “Given the complexity of the technical issues, we respectfully consider the statements you have made to be somewhat oversimplified.”

Kayak has yet to respond to the study.

A Facebook spokesperson said: “We’re currently working on a suite of changes.”

The social media giant has been repeatedly exposed over the past 12 months for failing to protect personal data.

Facebook founder Mark Zuckerberg claimed last week: “We’re a very different company today than we were in 2016.”

However, the new chair of the House Judiciary Committee in the US declared: “Facebook and the other large technology platforms are incapable of regulating themselves.”