Business

Ryanair’s use of facial recognition technology investigated by data regulator

The inquiry centres on use of biometric data for bookings made through third party sites

Ryanair group CEO Michael O'Leary. The carrier says on its website that in order to comply with safety and security requirements it must verify the identity of passengers booking elsewhere.
Colin Gleeson
Fri Oct 04 2024 - 12:32

The Data Protection Commission (DPC) has opened an EU-wide investigation into whether Ryanair’s use of facial-recognition technology to verify the identity of customers booking through third-party websites violates the bloc’s privacy laws.

The regulator said it had received a number of complaints from Ryanair customers across the European Union over the airline’s practice of requesting additional verification from those booking travel tickets through third-party sites or online travel agents, as opposed to directly with Ryanair.

“The DPC has received numerous complaints from Ryanair customers across the EU/EEA who after booking their flights were subsequently required to undergo a verification process,” DPC deputy commissioner Graham Doyle said in a statement.

“The verification methods used by Ryanair included the use of facial-recognition technology using customers’ biometric data. This inquiry will consider whether Ryanair’s use of its verification methods complies with the GDPR.”

READ MORE

The Irish carrier, Europe’s largest by passenger numbers, says on its website that in order to comply with safety and security requirements it must verify the identity of passengers booking elsewhere because agents often do not provide Ryanair with customers’ contact and payment details.

Passengers can avoid verifying through facial recognition by showing up at the airport at least two hours before departure or submitting a form and picture of their passport or national ID card in advance, a process Ryanair said can take seven days to complete.

A similar process is not required when booking through Ryanair’s website or mobile phone app.

Ryanair said last year when a complaint was lodged on the issue that its biometric and non-biometric processes were both fully compliant with all the EU’s General Data Protection Regulation (GDPR).

“We welcome this DPC inquiry into our booking verification process, which protects customers from those few remaining non-approved online travel agents, who provide fake customer contact and payment details to cover up the fact that they are overcharging and scamming consumers,” Ryanair said in a statement.

“Customers who book through these unauthorised online travel agents are required to complete a simple verification process (either biometric or a digital verification form) both of which fully comply with GDPR. This verification ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required.”

The DPC said it had opened an inquiry into Ryanair’s “processing of personal data as part of the customer verification processes for customers who book Ryanair flights from third party websites or online travel agents”.

Additional reporting: PA

  • Sign up for the Business Today newsletter and get the latest business news and commentary in your inbox every weekday morning
  • Opt in to Business push alerts and have the best news, analysis and comment delivered directly to your phone
  • Join The Irish Times on WhatsApp and stay up to date
  • Our Inside Business podcast is published weekly – Find the latest episode here
Colin Gleeson

Colin Gleeson

Colin Gleeson is an Irish Times reporter

Business Today

Business Today

Get the latest business news and commentary from our expert business team in your inbox every weekday morning