We received a complaint from a data subject whose webchat with a Ryanair employee was accidentally disclosed by Ryanair in an email to another individual who had also used the Ryanair webchat service. The transcript of the webchat contained details of the complainant’s name and that of his partner, his email address, phone number and flight plans. The complainant told us that he had been alerted to the disclosure by the individual who had been erroneously sent the transcript of his webchat.

In our examination of the complaint, we established that Ryanair’s live webchat service is provided by a third party, which is a data processor for Ryanair. We also established that the system that sends the webchat transcripts by email has an auto-fill function that populates the recipient field with the email address of the last customer emailed. On the date in question, the data processor received requests from four Ryanair customers for transcripts of their webchats, all of which were processed by the same agent. However, the agent did not correctly change the recipient email address when sending each transcript so that they were sent to the wrong recipients . Ryanair informed us that in order to prevent a recurrence of this issue the auto-fill function in the live webchat system has been disabled by the data processor and refresher GDPR training has been provided to staff.

Many of the complaints that the DPC receives relating to unauthorised disclosure of personal data in an electronic context — for example, emails containing personal data sent to the wrong recipient — stem from use of the auto-fill functions in software. While data controllers may consider this a useful timesaver tool in a data-entry context, it has inherent risks when it is used to populate recipient details for the purposes of transmitting personal data. Auto-fill functions should therefore be used with caution, and where controllers decide to integrate such a function into their software for data-processing purposes, at a minimum other safeguards should be deployed, such as dummy addresses at the start of the address book, or on-screen prompts to double-check recipient details. The principle of safeguarding the security and confidentiality of personal data goes hand in hand with data protection by design and default so that when data controllers and processors are devising steps in a personal-data-pro- cessing programme or software, the highest standards of protection for the personal data are built in, particularly with regard to assuring the integrity, security and confidentiality of personal data.