What happened

On 4 October 2024, Ireland’s Data Protection Commissioner (DPC) launched an EU-wide investigation into Ryanair’s use of facial recognition technology for verifying the identity of customers booking through third-party websites.

The inquiry was triggered by multiple complaints from customers across the EU who were asked to provide additional verification when booking tickets through online travel agents (OTAs) not directly affiliated with Ryanair.

Ryanair, Europe’s largest airline by passenger numbers, defended the practice, stating that the additional verification process is necessary to protect customers from unauthorized OTAs that may provide incorrect contact or payment information.

The company offers an alternative to facial recognition, allowing passengers to submit a form with a photo of their passport or ID card in advance, although this process can take up to seven days. This additional verification is not required for bookings made directly through Ryanair’s website, mobile app, or OTAs with a commercial agreement with the airline.

Why it matters

This investigation raises critical questions about the use of biometric data for identity verification in the travel industry and whether Ryanair’s process aligns with GDPR regulations, potentially impacting customer trust and the use of facial recognition in future travel bookings across Europe.

Source