wizz air right to rectification

Wizz Air: €1 for a flight, €35 for your GDPR right

Despite the free right to rectification under the GDPR, the airline charged € 35 in phone charges to update a surname.

Updating name allegedly only possible in case of marriage.

After changing her surname and consequently her email address, an Austrian passenger of Wizz Air needed to update her data stored with the company using her right to rectification provided by GDPR. As the passenger couldn’t do this herself, she filed a “rectification request” for her surname and email address with Wizz Air’s Data Protection Officer (DPO).

Three months later, the data subject still had not received any response. She submitted a new request to change her surname using the company’s contact form. Customer Service told her that she could not change her surname online except in case of marriage. In her case, she would need to call the Wizz Air Call Center, which costs of more than 1 Euro per minute.

35,67 Euros later – a partial success. 

Only after being on the phone for about 32 minutes did Wizz Air change the passenger’s surname, however, they still did not change her email address. Even minor inaccurate data often has real life consequences: Information about a cancelled flight was sent to the passenger’s former email address. As a result, the passenger only coincidentally learned about the cancelled flight in the last minute, as the notification was sent to the passenger’s former email address.

Wizz Air requires passengers to keep their account data accurate. By law, updating your data must be free, so low costs airlines can’t make compliance with the GDPR another one of their hidden fees.” – Ala Krinickytė, data protection lawyer at noyb

The GDPR gives customers the right to correct their information free of charge (Article 12(5) GDPR). By forcing customers to call their expensive hotlines for changes, Wizz Air fails to let customers exercise this “right to rectification”. The case of the passenger is not an isolated one. Other Wizz Air customers have complained about similar issues too (for example here).

“The GDPR states controllers should take ‘every reasonable step’ to ensure that data is accurate. In this case, it feels like Wizz Air failed to take any steps at all. The request for rectification is probably the least contentious data protection request a data subject can submit to the controller. Especially with airlines, it is of great importance that their passenger lists matches the passports. They make things more complicated and costly than necessary.” – Ala Krinickytė, data protection lawyer at noyb

Complaint filed, with a potential fine of up to €97 million.

Due to the fact that Wizz Air has shown a systematic failure to deal with the right to correct personal data without undue delay and free of charge, noyb has filed a complaint with the Austrian data protection authority.

“According to Forbes, Wizz Air is now ‘Europe’s largest airline’, which makes it all the more important for them to adjust their practices and ensure their customers’ GDPR rights. Given that this is a larger problem at Wizz Air, the data protection authority should impose an effective and dissuasive fine. Companies need to understand that they can’t simply ignore their passengers’ data protection rights.” – Ala Krinickytė, data protection lawyer at noyb

Original article: NOYB

Photo by Markus Winkler on Unsplash.

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts

dpa gdpr

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the application of the GDPR. They

Read More »

Zpracovává vaše společnost osobní údaje?

Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje


Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 

Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?

Kas teie ettevõte kogub ja töötleb isikuandmeid?

Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?

Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data