Investigation into Ryanair’s processing of passenger biometric data 

The DPC said the inquiry is on the back of complaints regarding Ryanair’s practice of requesting additional ID verification from customers who book tickets via third parties, as opposed to booking directly on Ryanair’s website. Those verification methods may include biometric data such as facial recognition.

“The DPC has received numerous complaints from Ryanair customers across the EU/EEA who after booking their flights were subsequently required to undergo a verification process,” Graham Doyle, Deputy Commissioner with the DPC said.

“The verification methods used by Ryanair included the use of facial recognition technology using customers’ biometric data. This inquiry will consider whether Ryanair’s use of its verification methods complies with the GDPR.” 

Data Protection Commissioners Dr Des Hogan and Dale Sunderland will conduct the inquiry which was notified to Ryanair earlier this week.

The inquiry is cross-border in nature and will consider whether Ryanair has complied with its various obligations under the GDPR, including the lawfulness and transparency of the data processing.

In a statement, Ryanair said it welcomed the inquiry into its Booking Verification process, which it said protects customers from non-approved third parties which it said provide fake customer contact and payment details to “cover up the fact that they are overcharging and scamming consumers.”

“Customers who book through these unauthorised OTAs are required to complete a simple verification process (either biometric or a digital verification form) both of which fully comply with GDPR,” Ryanair said.

“This verification ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required.”