Cardiff Pub Owner Breaches GDPR with Personal Text Message

In the United Kingdom a pub landlord breached UK GDPR when he messaged a customer after copying her phone number that was supplied for Covid track and trace purposes.

The breach took place after the owner of St Canna’s Alehouse in Cardiff sent a customer an SMS that was described as “creepy”. The woman whose data was breached was in her early 20s and had visited the establishment during November.

Pub owner James Karran messaged her at just before 8.20pm on 19 November telling her she had a “super pretty face”. The woman was still in the pub when she received the message. She had provided her phone number in order to adhere with government rules to trace any local spread of Covid.

The text message read: “Just so you know you’ve got a super pretty face so you’re allowed to not wear a mask at the bar. Everyone else must wear one.”

The woman’s partner posted screenshots of his WhatsApp conversation with the pub owner on Facebook, after a review of the pub that he published on the same platform had been deleted: “St. Canna’s Ale House thanks for deleting my review on your page. Last night my partner was a victim of GDPR breach. She went into this establishment, filled out the Track and Trace without thinking anything of it. She proceeded to order a drink at the bar, but the barman/owner James told her to remove the mask as he couldn’t hear her apparently, but only for this man to see what she looked like. Then [he] took her details from the Track and Trace sheet and messaged her illegally. My partner then left the establishment as soon as she had this creepy text from the owner/manager, frightened and worried if anything would happen to her. Luckily nothing happened. After I was told this I then proceeded to message James immediately to tell him that I’ll be taking this further and will be contacting the police. He replied with his ‘profound apologies’ and he said not to take it further. But I believe he’s only sorry he’s been caught doing it. Shame on you.”

Mr Karran replied to the post saying: “My profound apologies. No excuse, but I’ve [sic] so sorry for doing this to you and your girlfriend. I promise this will not happen again but can I please ask if you won’t take it further. I’m so sorry. St Canna’s has always been known as a safe place to be, but recently that reputation has become tarnished. To grow and improve for the future we will be launching a series of positive initiatives aimed at re-establishing our reputation for safety and welcome to all. These will include: becoming accredited with the Good Night Out Campaign; implementing a ‘safer spaces’ policy; overhauling our business practises around the management and prevention of Covid; supporting the charity Women’s Aid throughout 2022, including initially donating one whole Saturday night’s takings. We cannot change the past but we hope people will see the actions we have taken, and continue to support this small business as it plays its role in the local community.”