Before you get too excited, I’ve not heard anything back from the powers that be at UK railway operator East Coast about the data protection concerns I have after booking tickets online. It’s only been a week. Let’s give them some time…
However, I did make the train journey whose booking let me to be concerned about the excessive and irrelevant data they were collecting, which could only be stored for one reason, and that is to improve their market intelligence.
During the journey, I used the on-train wifi, for which it requires you to “register”, and asks you provide another stream of compulsory personal information. While they didn’t want to know my inside leg measurement this time, again they want to know who I am, where I live, what’s my nearest station, and what is my reason for travelling, again as “mandatory” responses, before allowing you to use the on-train wifi service.
I don’t understand how your nearest station, or why you’re travelling, are relevant to allowing you to access the on-train internet access service. Of course, I didn’t actually put any genuine details in this contact form.
This wifi registration page also presents the “opt-in” for marketing email as already ticked – so if you don’t notice and don’t untick the box, you’re opted in to their email marketing. While it complies with the letter of the law, it doesn’t really feel to be in the spirit of the law.
What’s your perception of East Coast’s data collection and retention policies based on what you’ve read?