Of the many issues arising from the demise of Thomas Cook, one issue which caused a lot of problems (and is still causing issues) was where Thomas Cook/Freedom Travel, acting as a retail agent on behalf of numerous tour operators, failed to send to those tour operators the customer’s contact details when a booking had been made.
This meant that when Thomas Cook failed those tour operators were unable to contact customers to let them know that since their booking was with a third-party tour operator, it was unaffected. This resulted in a great deal of confusion, with many customers assuming their bookings were cancelled and re-booking new holidays (on the assumption their Thomas Cook holiday will be duly refunded – which it wasn’t). Customers now had two holidays booked, with either the customer losing out or the tour operator, as some tour operators did, very kindly, allow customers to cancel one of their holidays without paying the usual cancellation charges.
One of the biggest misconceptions I have seen is an assumption that travel agents cannot share customer contact details with tour operators without the customer’s consent, as to do so would be a breach of GDPR. This is incorrect.
Travel agents can legally share the customer’s personal data (including contact details) with tour operators without requiring the customer’s explicit consent as it is necessary for the performance of the tour operator’s holiday contract with the customer. If sharing the customer’s contact details is also a condition of the travel agent’s agency agreement with the tour operator, an additional legal condition applies whereby sharing the data is necessary for compliance with a legal obligation to which travel agent is subject.
You could also argue that there is a legitimate interest in sharing the customer’s contact details as it would ensure that tour operators can contact customers in emergencies or if there was a last-minute issue with the customer’s holiday. So, I have mentioned three legal conditions which could be relied on to share customer contact details – none of which require the customer’s consent! However, both the travel agent’s and the tour operator’s privacy notices will need to make it clear that the customer’s personal data is shared in this way. Also, the agency agreement between the travel agent and the tour operator should include properly drafted data sharing clauses.