Travel firms looking to ‘soft opt-in’ consent as new EU rules loom

Travel firms looking to ‘soft opt-in’ consent as new EU rules loom

Partner at Travlaw Farina Azam told the TTNG conference that there is an option outside GDPR Continue reading

A ‘soft opt-in’ for marketing consent will be used by some travel firms after new EU laws on data protection comes in, according to a leading legal expert.

Partner at Travlaw Farina Azam told this week’s Travel Network Group conference that there is an option outside the General Data Protection Regulation.

Azam said ‘soft opt-in’ is a legitimate exception to having to gain explicit consent as the new GDPR requires but that it only applies to email and text communications.

The rules also only apply to customer who have previously made a booking and so would reasonably expect to contacted again but only in relation to similar products or services.

Azam said customers must also be given the opportunity to opt out at the time their data is acquired and at all subsequent steps.

“If you comply with that you can rely on ‘soft opt-in’. It’s a lifeline that’s available and will be used by a number of our clients.”

However, Azam warned that the rules, that sit within Privacy and Electronic Communications rules separate to GDPR, are under consultation amid concerns that it undermines GDPR.

“Initial murmerings were not good, however, the latest indication coming out of Brussels is that it will remain although it will be tweaked so it only applies to actual consumers who have made bookings with you. It’s something to keep an eye on,” Azam added.

The GDPR rules do contain a clause that refers legitimate interest in relation allowing the use of data for direct marketing.

Azam said this does not override requirement for ‘soft opt-in’ but for companies that do less intrusive postal marketing it could be something they can rely on.

“But if you have a customer who has said to you I do not want you to contact me, their rights override your rights to market to them.”

From May 25, 2018, GDPR will see much more stringent fines available to regulators for firms found to be in breach of €20 million or 4% of global turnover.