Marriot fined USD 125 million under the EU GDPR data protection regulation
Marriot is fined under the EU General Data Protection Regulation (GDPR) by the UK's ICO. Find out how your business can become GDPR compliant today.
The hotel industry is known to be especially sensitive to the General Data Protection Regulation (EU GDPR) as they daily process a vast amount of personal data. Hotels continue to struggle to become compliant with the EU General Data Protection Regulation (GDPR). The latest is Marriot International who received a record-high fine under the GDPR.
Marriot is one of the most well-known hotel brands in the world. If Marriot struggles with GDPR, many other hotels are likely to be in noncompliance with the new EU data privacy regulation, the General Data Protection Regulation (GDPR).
Fined by the UK's Information Commissioner’s Office (ICO), Marriot is accountable for the personal data they collect and has violated the GDPR:
"The GDPR makes it clear that organizations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected" said Information Commissioner Elizabeth Denham.
It is the second time in less than one week that the UK's ICO has decided to impose record fines using its authority under the General Data Protection Regulation (GDPR). Just days before, it was British Airways that got fined a huge penalty of USD 230 million under the GDPR.
The hotel industry is especially sensitive to the GDPR
With new and existing customers coming and leaving hotels and establishments, the hotel industry is especially sensitive to the GDPR.
Hotels worldwide process vast amounts of personal data being one of the most vulnerable industries. It is no surprise that the industry accounted for the second-largest share of security breaches (Verizon 2016 Data Breach Investigations).
Hotels often rely on analytics and advertisements to drive traffic to their websites. Marriot is no different. However, in order to be compliant, you need to block cookies and trackers before you have received explicit consent. In the following case, and many others, that is NOT the case:
Marriot website entered from an EU website in 2019
GDPR is designed to protect the individual’s rights by limiting how that information is used and what cookies are being placed on a visitor's computer. As a result, it covers any information that allows an EU resident to be personally identified whether included in a membership database or tracked on a website.
Website cookies and third-party booking engines
Hotels using third-party booking engines are additionally exposed. Under GDPR, for example, a hotel will be held accountable for the data they receive from third-party, e.g. online travel aggregators or external booking engines. These tools and sites often share personal data, such as name and email, which need to be communicated to the end-users together with adequate controls enabled for the visitor. GDPR identifies organizations by category - data controllers or data processors. An entity can be one or the other, but it can also be both. This ultimately depends on the setup the hotel uses.
Booking engines and other solutions often rely on cookies to provide detailed information about visitors, their inquiries and what rooms they have searched for. Hotels need to provide adequate controls and mechanisms in place, which allow visitors to be in control of their own personal data and how they are being tracked for the hotel to stay compliant with GDPR.
Becoming GDPR Compliant
Companies can make their cookie consent usage compliant with the Secure Privacy platform. It is crucial that you block non-essential plugins and cookies, and only enable those cookies that are strictly necessary for your website to function.
Follow these steps to make your website compliant:
There are three steps to get started:
1. Sign up for a free trial.
2. Install the solution on your website.
3. Enjoy that cookie consent is automatically documented.
Step 1: Enter Your Details To Sign Up For A Free Trial
Select the GDPR solution and activate your 7-day free trial.
Step 2: Install Script or Plugin on Website
Download WordPress GDPR plugin or follow our tutorials to set up the solution on your website.
Step 3: Validate that consent is documented for your website
Cookie consent is automatically documented once installed.
GDPR Fine Examples
French CNIL fined Google 150 million EUR.
Here are more of the highest GDPR fines enforced by regulators so far.
Who are the Biggest GDPR Fines Culprits.
India's Data Sharing Agreement: A Comprehensive Guide to Data Protection and Non-Disclosure Agreements under India Digital Personal Data Protection Act
Explore the intricacies of data sharing in India, focusing on compliance with the Digital Personal Data Protection Act 2023 (DPDPA). Learn about the importance of Data Sharing Agreements (DSAs) and discover key elements, best practices, and legal considerations for businesses. Ensure responsible and ethical data sharing while mitigating legal risks with this comprehensive guide.
- India DPDPA
Understanding the Colorado Privacy Act (CPA) and Its Implications for Data Privacy
Explore the key provisions of the Colorado Privacy Act (CPA) and learn how businesses can achieve compliance in 2024. Discover the implications, requirements, and consumer rights outlined in this comprehensive privacy legislation, signed by Governor Jared Polis in 2021 and enforced from July 2023.
Understanding the Difference: Clickwrap Agreement vs. Browsewrap Agreement, and Enforceability of Terms and Conditions
Discover the ins and outs of clickwrap and browsewrap agreements in our comprehensive blog post. Learn their impact on user experience, enforceability under data privacy regulations, and how to choose the right agreement for your website. Clickwrap vs. browsewrap compared, including advantages, disadvantages, and crucial legal considerations.
- Data Protection