Amadeus IT Group Receives GDPR Fine
Spain's data protection authority fined Amadeus IT Group €18 million for GDPR violations tied to its Global Distribution System, which powers booking and travel data infrastructure used across the global travel industry. Amadeus voluntarily paid the fine, receiving a 20% reduction for doing so.
Why this matters: Amadeus is not a brand most travelers recognize, but its systems sit behind an enormous share of the world's flight, hotel, and travel bookings. That means the data at issue is not abstract — it is itineraries, passport details, payment records, and travel histories for millions of people. A fine this size signals that regulators are willing to go after the infrastructure layer, not just the consumer-facing companies. If the pipes that carry your data are not compliant, the fact that you never heard of the company running them does not protect you.
Who should care: Lawyers · Privacy officers · Compliance · AI governance · General readers · Policy
This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.