cross-posted from: https://links.hackliberty.org/post/125466

My credit card issuer apparently never gets to know what I purchased at stores, cafes, & restaurants – and rightfully so. The statement just shows the shop name, location, and amount.

Exceptionally, if I purchase airfare the bank statement reveals disclosures:

  • airline who sold the ticket
  • carrier
  • passenger name
  • ticket number
  • city pairs

So that’s a disturbing over-share. In some cases the airline is a European flag carrier, so IIUC the GDPR applies, correct? Doesn’t this violate the data minimization principle?

Airlines no longer accept cash, which is also quite disturbing (and illegal in jurisdictions where legal tender must be accepted when presented for PoS transactions).

Has anyone switched to using a travel agent just to be able to pay cash for airfare?

UPDATE

A relatively convincing theory has been suggested in this other cross-posted community:

https://links.hackliberty.org/comment/414338

Apparently it’s because credit cards offer travel insurance & airlines have incentive to have another insurer involved. Would be useful if this were documented somewhere in a less refutable form.

GDPR question still outstanding.

  • Reading this response, I’m compelled to ask

    Do you want an answer or just a space to br angry and rant?

    Do you have an answer in mind which you’re looking for and will react with hostility to anything which doesn’t fit with your expectations?

    • Do you want an answer or just a space to br angry and rant?

      It’s all about getting an answer. Any rant that you think you sensed is at most an attempt to motivate a good answer.

      I should also stress that I don’t want bad answers. The same broken speculation has been posted multiple times in this thread and in the parent. Thus compelling me to repeat the flaws in that bad answer.

      I’m confident at this point that I finally got a viable answer: insurance. But I might be tempted to press for more details because it’s still unclear how the GDPR compliance pans out. GDPR violations are rampant these days, so it could lead to an article 77 complaint. I still have to do a bit of analysis on that from the insurance narrative.