Originally Posted by
ratechaser
But that last part is the key one. It's my financial transaction, but one that does benefit someone else. Where does GDPR fall on this, in terms of 1) the need to notify that she is the beneficiary of a service, and if that is the case 2) the amount of money paid by someone else for that service.
My instinctive parallel here is that you order a present for someone and include their contact details for delivery. Should the company that is supplying the gift let that person know in advance what they were going to receive, and also how much it cost? I'm guessing not.
But to extend your analogy, under your logic I wouldn’t be entitled to notifications on around half of my tickets, which were paid for by my employer. I’d only be entitled to receive confirmations/notifications for my own personally funded travel. Which doesn’t seem tenable.
During booking, you provided your wife’s BAEC details which includes her personal data and contact details. It’s not about your financial transaction. I’d argue the email was about her reservation/ticket. And the fact that individual contact details were provided for each passenger suggests that BA should contact each passenger individually. As others have said, the workaround in these situations is to not provide contact details or BAEC info for the surprise recipient.
It’s unfortunate this didn’t work out as you had hoped. But lesson learned. And hopefully the cat getting out of the bag early doesn’t spoil the trip!