The Data Protection Commission (DPC) has opened an inquiry into Ryanair’s processing of personal data as part of the verification procedure for customers who book flights on third party websites or online travel agents.
The DPC said it has received a number of complaints regarding Ryanair’s practice of requesting additional ID verification from customers who do not book tickets directly on the airline’s website.
The verification methods may include facial recognition technology.
The Data Protection Commission has launched an inquiry into Ryanair's Customer Verification Process.Press release here 👉 https://t.co/2QrHf7TBM4 pic.twitter.com/Em9VQDikM9
— Data Protection Commission Ireland (@DPCIreland) October 4, 2024
Graham Doyle, deputy commissioner at the DPC, said: “The DPC has received numerous complaints from Ryanair customers across the EU/EEA who after booking their flights were subsequently required to undergo a verification process.
“The verification methods used by Ryanair included the use of facial recognition technology using customers’ biometric data.
“This inquiry will consider whether Ryanair’s use of its verification methods complies with the GDPR.”
The decision to conduct the inquiry under Section 110 of the Data Protection Act was taken by commissioners Des Hogan and Dale Sunderland. Ryanair was notified of the decision earlier this week.
The DPC said the inquiry is cross-border in nature and will consider whether Ryanair has complied with its various obligations under the GDPR, including the lawfulness and transparency of data processing.
A spokesman for the airline said: “We welcome this DPC inquiry into our booking verification process, which protects customers from those few remaining non-approved OTAs (online travel agencies) who provide fake customer contact and payment details to cover up the fact that they are overcharging and scamming consumers.
“Customers who book through these unauthorised OTAs are required to complete a simple verification process (either biometric or a digital verification form), both of which fully comply with GDPR.
“This verification ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required.”