Ryanair faces EU-wide investigation. Reason: use of facial recognition
Ryanair has been in the news several times this year. In March, it was one of the airlines hit with a million-dollar fine for charging for carry-on luggage, and in September its CEO hinted that he might raise the average price of its tickets by 30%. Now the Irish Data Protection Commission (CPD) started an investigation about the company’s client verification process.
The European regulator notes that Ryanair is requesting additional identity verification for people who book through third-party platforms or travel agencies. As they explain, they received several complaints about this practice, so they decided to initiate a formal procedure in accordance with the General Data Protection Regulation (GDPR).
Ryanair investigated by Ireland
Graham Doyle, deputy commissioner of the DPC, said customers of Europe’s largest airline must undergo biometric scanning which enables facial recognition technology after purchasing a ticket on external pages. “This investigation will look at whether Ryanair’s use of verification methods complies with the GDPR,” he said.
The Reuters article notes that the aforementioned additional screening can be skipped if passengers show up at the airport at least two hours before their flight departs. They also have the option of submitting a form with a photo of their passport or ID, but the latter process can take up to seven days, according to Ryanair.
But there are also exceptions. Ryanair customers do not need to go through an additional verification process if they have booked through own platforms company or through an online travel agency (OTA) that has commercial agreements with Ryanair. The airline is very active in promoting this type of cooperation, having concluded 14 agreements this year.
We are facing a cross-border investigation that will cover the entire European Union. The aim will be to determine whether Ryanair has complied with its various obligations under the GDPR, particularly in relation to the lawfulness and transparency of data processing. As a reminder, the Irish authority is responsible for enforcing the GDPR.
Images | Nastya Dulye | Luke Davis
In Hatak | Why European fines against Google are so important for the future of your privacy, we tell you in this video