Ireland’s Data Protection Commissioner (DPC) has launched an EU-wide investigation into Ryanair’s use of facial recognition technology to verify customers booking through third-party websites.
The probe will determine if the practice complies with the European Union’s privacy laws. The inquiry was initiated following complaints from several Ryanair customers across the EU regarding the additional verification process.
Ryanair, Europe’s largest airline by passenger numbers, welcomed the investigation, stating that the verification process is meant to protect customers. According to the airline, booking through third-party sites or online travel agents (OTAs) can sometimes result in incorrect contact or payment information being provided. Ryanair claims the facial recognition step is part of its efforts to ensure security and prevent such errors.
The airline’s website explains that passengers booking through OTAs not affiliated with Ryanair are required to undergo additional verification. This verification can be avoided by arriving at the airport two hours early or submitting a form with a passport or ID photo at least seven days before departure. Ryanair defends this as a necessary security measure.
Customers who book directly on Ryanair’s website or app do not face this extra step. Additionally, passengers who use OTAs that have signed commercial agreements with Ryanair, guaranteeing bookings are made directly with the airline, are also exempt. Since the beginning of the year, Ryanair has signed 14 such agreements with various OTAs.
Ryanair insists that both its biometric and non-biometric verification processes comply fully with the EU’s General Data Protection Regulation (GDPR). The company remains confident that the investigation will confirm the legality of its practices.
The outcome of the DPC’s investigation could have wider implications for the airline industry and the use of biometric technology in travel bookings, particularly when it comes to balancing privacy rights with security protocols.