Ireland’s data watchdog said on Friday it will investigate whether airline Ryanair’s use of facial recognition to verify the identity of customers booking through third-party websites breaches EU privacy laws.
The Data Protection Commission (DPC) — which also helps police EU data privacy — said it had received complaints from Ryanair customers across the bloc about its processing of personal data and said the investigation would be throughout the EU.
The regulator said the complaints related to the carrier’s practice of asking for additional identity verification from those booking travel tickets through third-party websites and online travel agents (OTAs), as opposed to directly with Ryanair.
“The DPC has received numerous complaints from Ryanair customers across the EU/EEA who, after booking their flights, were then asked to undergo a verification process,” DPC deputy commissioner Graham Doyle said in a statement.
Revolut urges Meta to boost cyber fraud compensation
“The verification methods used by Ryanair included the use of facial recognition technology using biometric customer data,” he said.
Doyle said the investigation will examine whether Ryanair’s use of verification methods complies with the EU’s General Data Protection Regulation (GDPR).
Ryanair said it “welcomes” the investigation.
The booking verification process “protects customers from the few remaining unapproved OTAs, who provide fake customer contact and payment information to cover up the fact that they are overcharging and defrauding consumers,” the low-cost airline said in a statement.
“Customers booking through these unauthorized OTAs must complete a simple verification process (either a biometric or a digital verification form) both of which are fully GDPR compliant,” Ryanair said.
“This verification ensures that these passengers make the necessary security declarations and directly receive all security and regulatory protocols required when traveling as required by law,” it said.
Biden official urges talks as US port strike enters second day
A prominent digital privacy campaign group filed a complaint against Ryanair in Spain last year over the practice.
Austria’s NOYB (None Of Your Business) said there was no “reasonable justification” for the airline — Europe’s biggest by passenger numbers — to implement the system.
NOYB said the complaint came from a customer from Spain who booked a Ryanair flight through Barcelona-based online travel agency eDreams and then received an email from Ryanair asking her to complete a “verification process”.
The case was filed with the Spanish Data Protection Agency (AEPD).
Ryanair currently offers three methods of identity verification for its customers using third party travel agents.
These include the so-called “Express Verification” option that uses facial recognition technology provided by an external company.
It also offers a larger option of “standard verification” which can take up to a week and “in-person verification” which can be completed at airport check-in desks before travel.
Source: AFP