Would you tell a stranger your name, date of birth, credit card number and address? Would you give him your email address and reveal where you work? What about the destination of your next business trip, your hotel and room number, the price of the room and your frequent flyer number? While you’re at it, why not share your spouse’s and children’s names and birthdays?

Would you tell a stranger your name, date of birth, credit card number and address? Would you give him your email address and reveal where you work? What about the destination of your next business trip, your hotel and room number, the price of the room and your frequent flyer number? While you’re at it, why not share your spouse’s and children’s names and birthdays?

Millions of people do just that whenever they use web-based travel services. These increasingly popular services are frequently accessed through apps on smartphones that help users manage travel data like flight itineraries, hotel reservations and frequent flyer memberships, as well as information about business events. Well-designed apps allow users to access all this data simply by touching the screen. The services are also conveniently equipped with reminder functions and route planning.

To save users the hassle of typing in their data, some services provide an email address where all reservation data and confirmations can be sent. The server then siphons off the information which the user wants to have displayed on his smartphone. Just like that, all data becomes available in one spot.

Combined with the personal information that the user enters during registration, an immense data pool is delivered right to the provider’s doorstep. No wonder these services are usually offered for free. The user is no longer the customer, but the merchandise. Do you really want a single provider to have uncontrolled access to all of this sensitive data?

You can try resorting to the law. But who are you going to sue? Where do you do it? And how do you stop further abuses? The global set up of these services provides a perfect hiding place. A smartphone user seeking justice has his hands tied.

Automatic breach of law

When using (legally) acquired apps, smartphone owners are unwittingly exposed to yet more dangers. There are many new apps that expand the communication possibilities between people who use the same app on their smartphone. Instant messaging and video telephone apps usually require the counterpart to use the same application. So that the user can see the people in his address book who have a particular app, these apps register onto a server using the smartphone’s telephone or IMEI number. At the same time, the app loads the user’s entire address book onto the server, as this is the only way to assess who is using the same app. The system automatically scans all your friends, acquaintances and business contacts.

All of the names, addresses, email addresses, birthdays and nicknames in an address book can therefore be downloaded onto an unknown server without your knowledge or permission. With these applications, users pass on data about their friends and business contacts without ever asking or receiving their permission.

People naturally accuse the service provider, because he is to blame for letting his apps download the data. But you’re just as responsible for what happens to your contacts’ data. You have to know what will happen to the data before using an app. The legal consequences of unauthorised data transmission affect not only the service provider, but may also lead to claims for damage compensation directed at you. This can hurt not only your wallet, but also your friendships and business relationships.