Artificial Intelligence & Machine Learning , General Data Protection Regulation (GDPR) , Next-Generation Technologies & Secure Development

Irish DPC Probes Ryanair Over Facial Recognition

Company Has Long Running Fight Against Fare Scrapers
Irish DPC Probes Ryanair Over Facial Recognition
The Irish Data Protection Commission will investigate Ryanair's use of facial recognition to verify customers who book through intermediaries. (Image: Shutterstock)

The Irish data regulator launched an investigation into Dublin-based ultra low-cost carrier Ryanair to identify potential privacy violations related to the company's use of third-party facial recognition technology.

See Also: New OnDemand Webinar | Overcoming Top Data Compliance Challenges in an Era of Digital Modernization

The Irish Data Protection Commission on Friday said it received 18 complaints from Ryanair customers across Europe over how the company uses third-party facial recognition technologies to verify national IDs.

"This inquiry will consider whether Ryanair's use of its verification methods complies with the General Data Protection Regulation," said Graham Doyle, deputy commissioner.

Under European privacy law, biometrics data is a "special category" information that needs additional protection. Companies processing that data must obtain explicit consent from customers and must conduct a data protection impact assessment.

The DPC's investigation will determine whether Ryanair and its third-party service providers have met all the requirements under the General Data Protection Regulation for processing the sensitive data.

"We welcome this DPC inquiry," said a Ryanair spokesperson, adding that its partners' use of the technology is compliant with the GPDR. The no-frills airliner served 184 million passengers in the 12 months ending in March, earning 13.4 billion euros in revenue.

Ryanair on its website says its uses facial recognition to verify passengers who book through intermediaries, who "often send Ryanair fake contact and/or payment details that do not belong to our customer."

The Irish Times reported that passengers can avoid the airliner's facial recognition system - if they show up at the airport at least two hours before departure or submit a picture of their ID at least seven days in advance.

Passengers who book directly through the Ryanair website or mobile app don't need to go through facial recognition.

Among the ranks of dissatisfied Ryainair customers is a European resident who turned to Austrian privacy watchdog None Of Your Business to file a July 2023 complaint with the Spanish Data Protection Authority over the third party booking facial recognition requirement. The true purpose of the verification requirement, NOYB asserted, "is to keep customers from booking a flight through online travel agencies."

Ryanair earlier this year won a lawsuit in U.S. federal court against Booking.com accusing the online company of unlawful scraping its website for fares. A jury also dismissed counterclaims from Booking.com, which owns Kayak, Agoda and Priceline. The company is appealing the verdict.

Ryanair in a celebratory statement compared third party booking sites to "pirates" and said they overcharge customers.

The airliner in December 2023 also won from the Irish High Court a permanent injunection against screenscraper Flightbox. It asserted in October that online ticket agents mark up Ryainair prices by as much as 169%.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.