Key Points
- Ireland’s DPC launched an EU-wide investigation into Ryanair’s use of facial recognition technology for third-party bookings.
- Ryanair argues the process protects customers from incorrect details provided by unaffiliated OTAs.
- Alternative verification methods include in-person checks or submitting ID documents in advance.
- Ryanair claims full compliance with GDPR and has signed 14 agreements with OTAs to simplify bookings.
Ireland’s Data Protection Commissioner (DPC) has launched an EU-wide investigation into Ryanair’s use of facial recognition technology to verify the identities of customers who book through third-party websites. The inquiry aims to determine whether the practice violates the European Union’s privacy laws, particularly the General Data Protection Regulation (GDPR). This comes after the DPC received multiple complaints from Ryanair customers across the EU, raising concerns about the airline’s additional verification process.
Ryanair, Europe’s largest airline by passenger numbers, introduced the verification step for customers who book travel tickets through online travel agents (OTAs) or third-party websites. The airline argues that this measure is necessary to protect customers from the potential risks associated with OTAs that are not officially affiliated with Ryanair. According to the airline, some third-party sites may provide inaccurate customer details, including incorrect contact and payment information.
In response to the investigation, Ryanair welcomed the probe, asserting that its use of facial recognition and other verification methods complies fully with EU privacy laws. The company’s website explains that these additional checks are required to meet safety and security standards, ensuring that passenger data is correct and protected. However, these extra steps are not necessary for passengers who book directly on Ryanair’s website, mobile app, or through OTAs that have commercial agreements with the airline.
Passengers booking through non-affiliated third-party platforms are asked to verify their identity using facial recognition technology. Alternatively, they can opt out of this by either showing up at the airport at least two hours before departure or submitting a form with a photo of their passport or national ID card in advance. According to Ryanair, this alternative verification method can take up to seven days to process.
Ryanair has tried to address concerns about third-party bookings by signing 14 commercial agreements with OTAs this year. These agreements ensure that tickets are booked directly through Ryanair’s system, thus avoiding the need for additional verification steps.
The DPC’s investigation will assess whether Ryanair’s facial recognition technology complies with GDPR, which regulates how personal data is collected, stored, and processed. Ryanair emphasized that its biometric and non-biometric processes fully comply with the EU’s strict privacy regulations.
