The Irish Data Protection Commission (DPC) has initiated an investigation into Ryanair’s use of facial recognition technology to authenticate customers booking through third-party intermediaries. This investigation stems from 18 complaints submitted by dissatisfied passengers across Europe who express concerns regarding potential privacy violations linked to the airline’s verification methods. The DPC’s inquiry aims to determine whether Ryanair’s practices align with the stringent requirements of the General Data Protection Regulation (GDPR), which mandates explicit consent for the processing of biometric data.
Ryanair has been utilizing third-party facial recognition technology to combat fraudulent bookings, as many intermediaries reportedly provide fake contact and payment details that do not belong to the actual customers. While the airline insists that its verification process is necessary to maintain the integrity of its bookings, critics argue that this practice may infringe upon customer privacy rights. Under GDPR, biometric data is categorized as sensitive information that requires additional safeguards, including thorough data protection impact assessments and explicit consent from individuals before processing their data.
The DPC’s investigation will closely scrutinize whether Ryanair and its third-party service providers have adhered to all GDPR requirements for handling biometric data. Graham Doyle, the DPC’s deputy commissioner, stated that the inquiry will assess if the airline has sufficiently protected customers’ personal information. In a statement, a Ryanair spokesperson expressed confidence in the legality of their facial recognition practices, asserting that the airline’s partners comply with GDPR standards. However, the ongoing investigation highlights the need for greater transparency regarding how personal data is utilized in the airline industry.
Passengers booking directly through Ryanair’s website or mobile app are exempt from the facial recognition requirement, which has drawn mixed reactions from the public. Some passengers have expressed their frustration with the added complexity of the verification process, while others appreciate the measures taken to prevent fraud. Ryanair’s recent legal battles against third-party booking sites, including a lawsuit against Booking.com for unlawful fare scraping, have further fueled the controversy surrounding its verification methods. As the DPC investigates, the outcome may significantly impact not only Ryanair but also the broader landscape of privacy regulations and biometric data usage in the airline sector