Ask HN: Has anyone managed to get a GDPR data export from any travel company? - ankit219
======
thisone
Why do you ask?

~~~
ankit219
A couple of reasons.

One was that I tried to do it on an Indian site, Make my trip, and the email
address for privacy they had on their site did not work. [This one
has]([https://www.makemytrip.com/legal/privacy_policy.html](https://www.makemytrip.com/legal/privacy_policy.html))
email id listed as 'privacy@go-mmt.com' but the mail bounces when sent to this
id. So, they complied in the name only, and wanted to see if others did as
well.

second, I am curious as to what data these guys store on their customers. We
saw the kind of data spotify stores, which has a lot of depth. If travel
companies are storing a lot of data, this could give me another data point
whether or not to use the sites in incognito mode (they dont function if you
disable cookies).

Also, the more pertinent question is that if they have a lot of data and
really rich user profiles, why have the OTA sites not evolved much in the last
six seven years? (the new ones try to, but I think they rarely raise a big
round in B2C unless they are doing something like Airbnb. Probably because of
the consolidated market.)

~~~
kohanz
I wouldn't be surprised if compliance is nil. I don't live in India, but have
a name that is common in that part of the world (moreso Pakistan, to be
honest) and a Gmail address that reflects that. My address gets signed up for
different web services in India & Pakistan on nearly a daily basis. At least
50% of the time, the email address of the person signing up is not even
verified, so the account is immediately enrolled and I start receiving all
sorts of confidential information which is not intended for me (phone bills,
travel receipts, banking information, etc). I have almost never had success
contacting these companies to let them know they're sending this information
to a random individual. They often do not have "unsubscribe" options and, as
you mentioned, if they list a support address it often bounces or a human
reply is never encountered. Obviously I'm generalizing here, but my impression
of the standards in that region with respect to this stuff is pretty low
compared to North America. There appears to be little or no pressure to
comply.

~~~
ankit219
I can imagine that. Someone signed up on flipkart (indian ecom site) with my
email and kept ordering stuff with Cash on Delivery. I tried telling them its
not the right address, but they kept sending notifications/emails one after
another, until one day, I clicked on the links, and did a forgot password
option. Then I signed in, and changed the delivery address in my profile. No
more emails.

