Wizz Air: €1 for a flight, €35 for your GDPR right
On 21.10.2020 noyb filed a GDPR complaint against Central and Eastern Europe’s Largest Low Cost Airline, Wizz Air. A passenger changed her surname. Despite the free right to rectification under the GDPR, the airline charged € 35 in phone charges to update a surname. The relevant email was never updated, leading to emails by Wizz Air not being delivered. Especially during the corona crisis, keeping personal information up-to-date and in line with their travel documents is crucial.
Updating name allegedly only possible in case of marriage. After changing her surname and consequently her email address, an Austrian passenger of Wizz Air needed to update her data stored with the company. As the passenger couldn’t do this herself, she filed a “rectification request” for her surname and email address with Wizz Air’s Data Protection Officer (DPO).
Three months later, the data subject still had not received any response. She submitted a new request to change her surname using the company’s contact form. Customer Service told her that she could not change her surname online except in case of marriage. In her case, she would need to call the Wizz Air Call Center, which costs of more than 1 Euro per minute.
35,67 Euros later – a partial success. Only after being on the phone for about 32 minutes did Wizz Air change the passenger's surname, however, they still did not change her email address. Even minor inaccurate data often has real life consequences: Information about a cancelled flight was sent to the passenger’s former email address. As a result, the passenger only coincidentally learned about the cancelled flight in the last minute, as the notification was sent to the passenger’s former email address.
"Wizz Air requires passengers to keep their account data accurate. By law, updating your data must be free, so low costs airlines can’t make compliance with the GDPR another one of their hidden fees.” – Ala Krinickytė, data protection lawyer at noyb
The GDPR gives customers the right to correct their information free of charge (Article 12(5) GDPR). By forcing customers to call their expensive hotlines for changes, Wizz Air fails to let customers exercise this “right to rectification”. The case of the passenger is not an isolated one. Other Wizz Air customers have complained about similar issues too (for example here).
"The GDPR states controllers should take ‘every reasonable step’ to ensure that data is accurate. In this case, it feels like Wizz Air failed to take any steps at all. The request for rectification is probably the least contentious data protection request a data subject can submit to the controller. Especially with airlines, it is of great importance that their passenger lists matches the passports. They make things more complicated and costly than necessary." – Ala Krinickytė, data protection lawyer at noyb
Complaint filed, with a potential fine of up to €97 million. Due to the fact that Wizz Air has shown a systematic failure to deal with the right to correct personal data without undue delay and free of charge, noyb has filed a complaint with the Austrian data protection authority.
"According to Forbes, Wizz Air is now ‘Europe’s largest airline’, which makes it all the more important for them to adjust their practices and ensure their customers’ GDPR rights. Given that this is a larger problem at Wizz Air, the data protection authority should impose an effective and dissuasive fine. Companies need to understand that they can’t simply ignore their passengers’ data protection rights." - Ala Krinickytė, data protection lawyer at noyb