The Data Protection Commission has initiated an inquiry into Ryanair’s personal data processing practices, particularly concerning additional ID verification for customers booking through third-party websites and travel agents.
Complaints concerning Ryanair’s verification methods, including facial recognition technology, prompted the investigation, which will assess compliance with the General Data Protection Regulation (GDPR) regarding the lawfulness and transparency of data processing.
Ryanair stated that its verification process aims to protect customers from unauthorized online travel agents and insisted that the methods used comply with GDPR.
The airline shared “facial recognigtion protects customers from non-approved online travel agents (OTAs) “who provide fake customer contact and payment details to cover up the fact that they are overcharging and scamming consumers. Customers who book through these unauthorised OTAs are required to complete a simple verification process (either biometric or a digital verification form) both of which fully comply with GDPR. This verification ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required,”
Graham Doyle, Deputy Commissioner with the DPC shared: the DPC has received numerous complaints from Ryanair customers across the EU/EEA who after booking their flights were subsequently required to undergo a verification process. The verification methods used by Ryanair included the use of facial recognition technology using customers’ biometric data,
The inquiry has garnered support from privacy advocates like Max Schrems, who criticized the necessity of facial recognition for customers using third-party services, suggesting it may be a strategy to limit competition rather than a necessity for security.
Max Schrems shared “It seems more like a punishment that you have to go through with this whole facial recognition exercise and there doesn’t seem to be any valid point for doing it. Anybody that booked on the Ryanair website directly did not have to go through any facial recognition and usually when you book a flight on any other website site you do not have to go through it either. Our big concern was that this was really just being done to rein in competitors and not really for any legitimate reason whatsoever.”
