The Data Protection Commission (DPC) in Ireland has initiated an investigation into Ryanair’s use of facial recognition technology following numerous complaints from customers across the EU regarding the airline’s handling of personal data. The inquiry will examine whether Ryanair’s verification processes comply with the EU’s General Data Protection Regulation (GDPR).
Complaints centered on Ryanair’s practice of requesting additional identification verification from customers who book flights through third-party websites and online travel agents (OTAs). DPC deputy commissioner Graham Doyle noted that the verification methods employed by Ryanair included facial recognition, utilizing customers’ biometric data.
Ryanair expressed its support for the inquiry, stating that its verification process protects customers from unauthorized OTAs that may engage in overcharging or fraudulent practices. The airline emphasized that the verification methods, whether biometric or through a digital form, comply with GDPR requirements.
In addition, digital privacy advocacy group NOYB (None Of Your Business) previously filed a complaint against Ryanair in Spain, arguing that there was no valid justification for the airline to implement such a verification system. This complaint stemmed from a customer who booked through the online travel agency eDreams and subsequently received a request from Ryanair to complete a verification process.
Currently, Ryanair offers three identification verification methods for customers booking through third-party agents: an “Express Verification” option using facial recognition, a “standard verification” process that can take up to a week, and “in-person verification” at airport check-in desks.