If you bothered to do any research about the DPA, you'd soon discover that the UK is not the only country to have a DPA. All of Europe has DPA legislation on the same model, because it's a Europe-wide obligation. And don't think that this is some Euro-rubbish: you'll also find similar legislation in pretty much every non-European "Western" country. Some other countries' legislation is even stricter in some respects than the European legislation.

So tell me, if we don't have a DPA, how would you protect passengers from stalkers, violent ex-husbands, dishonest media "enquiry agents", spammers, scammers, fraudsters and the like? Instead of criticising the product of many years of consideration by specialists across Europe and the rest of the world, perhaps you'd like to tell us how you would do it? How infallible is your judgment about the person at the other end of the phone when you pick it up at 9.30 pm and talk to someone who's demanding to know - immediately - the whereabouts of passenger X?

Frustrating as it must have been for KevinM2, there are some very good reasons why these protections are in place.