An anti-fraud organisation has issued a plea for information as it investigates what it fears could be a widespread attempt to extort money from travel companies.
The Prevention of Fraud in Travel (Profit) group has received several reports of travel businesses receiving letters warning their websites’ usage of cookies is in breach of GDPR law and Privacy and Electronic Communications Regulations.
The letter, dated August 30, claims to be from a senior GDPR and IT consultant. It tells companies they have 21 days to pay £750 for loss of control, personal data and distress caused after the sender purports to have visited the recipients’ websites.
The sender claims to have video evidence and implies court action will be taken if compensation is not paid.
Profit chairman Barry Gooch urged any firms which have received a similar letter to get in touch amid fears it has been sent out industry‑wide.
He said: “We want to identify the extent of this matter and are taking advice from industry lawyers to identify possible legal issues from the way it is being carried out.
“If this looks like a mass coercion, we will speak to the police and Trading Standards to see what can be done.”
Anyone concerned about cookies would normally be directed to a company’s data controller via the firm’s website, or take the issue up with the Information Commissioner’s Office, said Gooch.
He added: “The fact this person styles themselves as a GDPR expert and has jumped straight to a strongly worded letter suggests their motivation is not to get any issues put right, but probably financial.”
The Specialist Travel Association (Aito) said it was aware a “handful” of members had received the letter, which it called “abhorrent”. Head of commercial Bharat Gadhoke said: “This comes at the worst possible time for tour operators.”
Profit advised firms not to pay until the issue is fully investigated. It invited recipients of such letters to email email@example.com.