A clear photo of the affected passengers holding their ID next to their face

Old Jul 9, 19, 4:49 pm
  #91  
 
Join Date: Apr 2008
Location: Gdynia, Poland
Posts: 508
What I don't understand is, why LH refuses to accept other methods of verification. My wife submitted EU261 claim due to cancelled flight. They accepted the claim but asked for the photo, which is reason of this discussion. As my wife is in Germany at the moment, we offered that she would visit one of LH's offices there in order to let them verify her identity. Such method seems to be much more reliable than verification on basis of photo and, what's equally important, doesn't give any reasons to be afraid of identity theft. Unfortunately, they refused because they have to act according to the new policy. I don't see any logic in it.
Grog likes this.

Last edited by tropikey; Jul 9, 19 at 11:43 pm
tropikey is offline  
Old Jul 10, 19, 5:59 am
  #92  
Hilton 5+ BadgeAccor 10+ Badge 2020 FlyerTalk Awards
 
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Ruby (BA), *A Gold (A3), Le Club Accor Gold, HHonor Diamond
Posts: 2,542
I sent the following email as a reply to both Customer Relations and to the following e-mail:
Group Data Protection Officer for the Lufthansa Group
Dr. Barbara Kirchberg-Lennartz
E-Mail: ​[email protected]

Sir/Madam and Dr. Barbara Kirchberg-Lennartz,
Your request to provide a picture of my face while holding my ID has several issues:
- There is no explanation of the lawful basis used for such a request (Article 6.1 of GDPR)
- There are no information about where this personal data will be stored, for how long and no explanation about my rights to correct, access or delete it and more , as detailed in Article 13 of the GDPR
- There was no provision in the Terms and Conditions of the booking made with Lufthansa that I should provide such information in case of financial claim following EC261 regulations.
- I consider this request disproportionate compared to the goal, as it is a possible source for identity theft.

Following those, I refuse to provide this information without further detailed explanation. I consider this should not block or slow my request for compensation as outlined in case Feedback ID XYZ. I will provide the booking confirmation and boarding pass separately using the feedback form.

Best regards,
SK, cad-spe, hugolover and 6 others like this.
fransknorge is offline  
Old Jul 10, 19, 3:15 pm
  #93  
 
Join Date: Sep 2013
Posts: 2,007
Originally Posted by tropikey View Post
What I don't understand is, why LH refuses to accept other methods of verification. My wife submitted EU261 claim due to cancelled flight. They accepted the claim but asked for the photo, which is reason of this discussion. As my wife is in Germany at the moment, we offered that she would visit one of LH's offices there in order to let them verify her identity. Such method seems to be much more reliable than verification on basis of photo and, what's equally important, doesn't give any reasons to be afraid of identity theft. Unfortunately, they refused because they have to act according to the new policy. I don't see any logic in it.
The only reasonable explanation is that they are doing this to reduce the number of outgoing payments their accounting team has to process. It is extremely poor form to do this while requesting nothing at all when processing incoming payments.

I have yet to experience the request myself but I won't be happy when/if it happens to me.
​​​
mmff is offline  
Old Jul 11, 19, 3:13 am
  #94  
Accor 10+ BadgeHilton 5+ Badge 2020 FlyerTalk Awards
 
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Ruby (BA), *A Gold (A3), Le Club Accor Gold, HHonor Diamond
Posts: 2,542
Originally Posted by fransknorge View Post
I sent the following email as a reply to both Customer Relations and to the following e-mail:
Group Data Protection Officer for the Lufthansa Group
Dr. Barbara Kirchberg-Lennartz
E-Mail: ​[email protected]
The Data Protection Officer from Lufthansa replied:
thank you for your e-mail. We have forwarded your e-mail to the Customer Relations department and you will receive an answer from there.

Kind regards
Deutsche Lufthansa AG
Group Data Protection
I am not sure whether it is purely technical to have all conversations in their CRM software and the DPO will properly answer from CR or if she basically is saying "I do not care". I give them a month to answer and process the EC261 request. If not then I will contact the Rheinland Pfalz DPO.
diburning likes this.
fransknorge is offline  
Old Jul 11, 19, 10:31 am
  #95  
htb
Original Poster
 
Join Date: Aug 2005
Programs: LH M&M (was: SEN), UA*G(1K), PC Spire Amb, Marriott Gold (by virtue of UA*G), Accor Gold
Posts: 4,592
Originally Posted by fransknorge View Post
I am not sure whether it is purely technical to have all conversations in their CRM software and the DPO will properly answer from CR or if she basically is saying "I do not care". I give them a month to answer and process the EC261 request. If not then I will contact the Rheinland Pfalz DPO.
You will get an answer from CR stating that the data collection is covered by the data protection regulation because they don't intend to store this data for longer than 10 years. At least that's what I was told. I would like to be wrong.

HTB.
htb is offline  
Old Jul 13, 19, 1:45 pm
  #96  
 
Join Date: Mar 2018
Posts: 50
Originally Posted by htb View Post
Is this standard procedure or is someone attempting to make me jump through loops? I find it is highly unusual that anything but a copy of my ID (if at all) would be necessary to initiate the re-imbursement.

HTB.
This is very common in certain industries in Europe and has been for about 2-3 years now. It's not illegal in any way.

However, you can usually get around it by explaining why it's not necessary for compliance before telling them to do one if you have any cojones.
mhrb is offline  
Old Jul 13, 19, 7:18 pm
  #97  
htb
Original Poster
 
Join Date: Aug 2005
Programs: LH M&M (was: SEN), UA*G(1K), PC Spire Amb, Marriott Gold (by virtue of UA*G), Accor Gold
Posts: 4,592
Originally Posted by mhrb View Post
This is very common in certain industries in Europe and has been for about 2-3 years now. It's not illegal in any way.
What industries? I've never come across it, and I don't see any benefit in this case.

Originally Posted by mhrb View Post
However, you can usually get around it by explaining why it's not necessary for compliance before telling them to do one if you have any cojones.
I don't understand what you are trying to say here.

HTB.
htb is offline  
Old Jul 14, 19, 4:18 am
  #98  
Accor 10+ BadgeHilton 5+ Badge 2020 FlyerTalk Awards
 
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Ruby (BA), *A Gold (A3), Le Club Accor Gold, HHonor Diamond
Posts: 2,542
Originally Posted by mhrb View Post
This is very common in certain industries in Europe and has been for about 2-3 years now. It's not illegal in any way.

However, you can usually get around it by explaining why it's not necessary for compliance before telling them to do one if you have any cojones.
Which industries and where ? The postID thing in Germany is different as it actually is secure (somewhat).
fransknorge is offline  
Old Jul 14, 19, 6:27 am
  #99  
 
Join Date: Mar 2018
Posts: 50
Originally Posted by fransknorge View Post


Which industries and where ? The postID thing in Germany is different as it actually is secure (somewhat).
Any business dealing with Politically Exposed Persons or money laundering. In multiple EU countries in my experience. Usually they do employ an official provider who is more likely to keep things secure.

Originally Posted by htb View Post
I don't understand what you are trying to say here.
It's trivial to avoid if you have any spine.
mhrb is offline  
Old Jul 14, 19, 10:45 am
  #100  
htb
Original Poster
 
Join Date: Aug 2005
Programs: LH M&M (was: SEN), UA*G(1K), PC Spire Amb, Marriott Gold (by virtue of UA*G), Accor Gold
Posts: 4,592
Originally Posted by mhrb View Post
Any business dealing with Politically Exposed Persons or money laundering. In multiple EU countries in my experience. Usually they do employ an official provider who is more likely to keep things secure.
So completely unusual for a customer service department of an airline Thank you for confirming.


Originally Posted by mhrb View Post
It's trivial to avoid if you have any spine.
No need to become personal. So how would you do this? The difference here is that the customer service department has absolutely no interest in doing business with customers who want money back.

HTB.
htb is offline  
Old Jul 14, 19, 10:56 am
  #101  
Accor 10+ BadgeHilton 5+ Badge 2020 FlyerTalk Awards
 
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Ruby (BA), *A Gold (A3), Le Club Accor Gold, HHonor Diamond
Posts: 2,542
You involve regulatory authorities. This is my intent if LH does not give me a satisfactory answer on how this conforms to GDPR within a sensible time frame.
fransknorge is offline  
Old Jul 14, 19, 11:27 am
  #102  
 
Join Date: Mar 2018
Posts: 50
Originally Posted by htb View Post
So completely unusual for a customer service department of an airline Thank you for confirming.
I've not heard of this but I don't think anyone has posted anything to suggest otherwise that I've seen?

However, many many business work with money laundering regs and probably just as many have to be aware of when their clients are PEPs. I wouldn't necessarily exclude airlines based upon what I've said.

Originally Posted by htb View Post
No need to become personal. So how would you do this? The difference here is that the customer service department has absolutely no interest in doing business with customers who want money back.

HTB.
W T F?

You asked me for a paraphrasing so I simply gave one. There was nothing personal nor was it directed at anyone and especially not you.

I already explained how to do it in my other post.

(Why do you think that's different from any other situation where you're asked for verification like this?)
mhrb is offline  
Old Jul 14, 19, 11:31 am
  #103  
 
Join Date: Mar 2018
Posts: 50
Originally Posted by fransknorge View Post
You involve regulatory authorities. This is my intent if LH does not give me a satisfactory answer on how this conforms to GDPR within a sensible time frame.
The ICO for one believe it conforms to GDPR in certain circumstances. The ICO however are not always right.
mhrb is offline  
Old Jul 14, 19, 1:42 pm
  #104  
Accor 10+ BadgeHilton 5+ Badge 2020 FlyerTalk Awards
 
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Ruby (BA), *A Gold (A3), Le Club Accor Gold, HHonor Diamond
Posts: 2,542
Really, could you please post the ICO conclusions pertaining to Lufthansa asking this for a reimbursement or paiement of compensation in an automatic email without any link to the DPO or information about goals, storage, etc .... ?
fransknorge is offline  
Old Jul 14, 19, 2:04 pm
  #105  
 
Join Date: Mar 2018
Posts: 50
They have allowed it in similar instances. Like I say, their expertise is often called into question if you examine it though.

Do they have jurisdiction in this case?
mhrb is offline  

Thread Tools
Search this Thread
Search Engine: