Originally Posted by
Duckle
But point still stands that what they did was illegal, perhaps not to US law but definitely to UK/EU law and as I provided the info to BA as I booked through them it would be a violation of these laws. I'm not looking to seek compensation (unless someone does get ahold of my details) but at the same time I do believe they should be retrained and/or fined. Not necessarily just because it broke the law, but simply because of the stupidity of whichever CS representative posted it on twitter. I cannot fathom how whoever did it could be so oblivious; I've seen many times when the AA Twitter team "strongly advise" customers who tweet them in public with details exactly like this, to delete their tweet and here they go doing the exact opposite.
Not necessarily.
In the US, victims of data breaches get compensation often because regulators (and data privacy laws) require it.
In the EU, the GDPR is much stricter than most US data privacy laws, but companies are allowed to use your data, as long as you've given the proper consent and you haven't revoked that consent, and as long as they have the internal set-up to comply with data privacy laws.
In any event, if you don't want your information shared on Twitter, then don't communicate that way. You made your bed, now lie in it.
If you're so certain that AA broke the law, (1) where did you go to law school and (2) what specific statute was broken?