“Gender identity of the customer is not required information for the purchase of a ticket”
On January 7, 2025, the European Court of Justice ruled that the inclusion of the title “Mrs.” or “Mr.” in the course of an online ticket purchase violates the General Data Protection Regulation (GDPR). This was based on proceedings against the French railroad company SNCF Connect. This company sells tickets via its websites and apps, and customers are obliged to specify the gender “man or woman” when purchasing them.
The action brought against this company argued, among other things, that the collection of this personal data under the GDPR could not be based on one of the legal bases listed in Art. 6 I and that the collection of this data also violated the principle of data minimization.
The court agreed and ruled that the collection of this data was not necessary for the fulfillment of the contract for ordering a train ticket. Insofar as this was necessary, for example in the case of sleeping cars due to gender diversity, this would have to be taken into account separately in the online process, but could not result in all customers having to provide the details man or woman. The existence of a legitimate interest of the company in the sense of a polite form of address was also denied.
Assessment of the ruling
Even if the ruling is formally correct - and data protection is of course important - it is to be feared that the ruling will not be viewed positively everywhere. First of all, the inclusion of husband or wife is not very sensitive and it remains to be seen whether it will go down well if all customers soon have to be addressed as “Hello” - first name - last name - instead of politely as “Dear Sir or Madam”. Even the French data protection authority did not consider this to be a problem, but the plaintiff (the Moussee association, which campaigns against sexual discrimination in France) was not satisfied with this and took legal action all the way to the Court of Justice of the European Union.
Outside of data protection, however, it is already the case that the inclusion of only man/woman is not sufficient, because it is also recognized in German civil status law that there is also a “diverse gender”. In addition, the General Equal Treatment Act (AGG) stipulates that no one may be discriminated against because of their gender, and job advertisements are therefore regularly headed with m/f/d. In the case decided by the Court of Justice of the European Union, various people would be excluded from the ordering process for a train ticket, if viewed strictly, because they do not belong to either the male or female group. This constitutes discrimination against these people. It would therefore have been necessary to include the diverse gender as well.
Against the background of the ruling, which relates less to discrimination and more to data protection, there are now further consequences. For example, it will be necessary to recommend not including man/woman/diverse/ at least in contact and online forms and only request the surname and first name. An exception only applies if the provision of this personal data is absolutely necessary for the purpose for which the data is required. The further discussion on this still very new ruling will certainly be exciting.
Author: Jörg Conrad