The Data Protection Commission (DPC) has opened an inquiry into Ryanair’s process of gathering biometric data on some passengers.
The investigation relates to the airline’s processing of personal data as part of its Customer Verification Processes for customers who book Ryanair flights from third-party websites or online travel agents.
The DPC said the inquiry is on the back of complaints regarding Ryanair’s practice of requesting additional ID verification from customers who book tickets via third parties, as opposed to booking directly on Ryanair’s website. Those verification methods may include biometric data such as facial recognition.
“The DPC has received numerous complaints from Ryanair customers across the EU/EEA who after booking their flights were subsequently required to undergo a verification process,” Graham Doyle, Deputy Commissioner with the DPC said.
“The verification methods used by Ryanair included the use of facial recognition technology using customers’ biometric data. This inquiry will consider whether Ryanair’s use of its verification methods complies with the GDPR.”
Data Protection Commissioners Dr Des Hogan and Dale Sunderland will conduct the inquiry which was notified to Ryanair earlier this week.
The inquiry is cross-border in nature and will consider whether Ryanair has complied with its various obligations under the GDPR, including the lawfulness and transparency of the data processing.
In a statement, Ryanair said it welcomed the inquiry into its Booking Verification process, which it said protects customers from non-approved third parties which it said provide fake customer contact and payment details to “cover up the fact that they are overcharging and scamming consumers.”
“Customers who book through these unauthorised OTAs are required to complete a simple verification process (either biometric or a digital verification form) both of which fully comply with GDPR,” Ryanair said.
“This verification ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required.”