Top

Privacy group challenges Ryanair’s use of facial recognition

By Padraic Halpin

DUBLIN (Reuters) – Digital rights group NOYB on Thursday filed a complaint against Ryanair, alleging that the airline is violating customers’ data protection rights by using facial recognition to verify their identity when booking through online travel agents.

NOYB, led by Austrian privacy activist Max Schrems, filed the complaint with Spain’s data protection agency on behalf of a complainant who booked a Ryanair flight through the Spanish-based online travel agency eDreams ODIGEO.

The Irish airline, Europe’s largest by passenger numbers, says on its website that in order to comply with safety and security requirements it must verify the identity of passengers’ booking with travel agents because agents often do not provide Ryanair with customers’ contact and payment details.

Passengers can avoid verifying through facial recognition by showing up at the airport at least 2 hours before departure or submitting a form and picture of their passport or national ID card in advance, a process Ryanair said can take seven days to complete.

A similar process is not required when booking through Ryanair’s website or mobile phone app.

“There is no reasonable justification for Ryanair to implement this system,” NOYB said in a statement. “Instead, it seems like the airline is willingly violating their customer’s right to data protection in order to obtain an unfair competitive advantage over alternative booking channels.”

Ryanair
General view of the Ryanair logo at their headquarters in Dublin, Ireland, September 16, 2021. REUTERS/Clodagh Kilcoyne/File Photo

NOYB has successfully launched privacy challenges against some of the world’s largest multinational companies across the European Union under the bloc’s General Data Protection Regulation (GDPR), introduced in 2018.

NOYB alleged that Ryanair’s verification procedures are not valid under the GDPR because the company does not provide comprehensible information about the purpose of the “intrusive process.”

Ryanair said in response that its biometric and non-biometric processes are both fully compliant with all GDPR regulations.

“Online travel agents scrape Ryanair’s inventory and in many cases miss-sell our flights and ancillary services with hidden mark-ups and provide incorrect customer contact information / payment details,” the low cost carrier said in a statement.

“As a result, and in order to protect customers, any customers who book through an online travel agents are required to complete a simple customer verification process. This is to ensure that they make the necessary security declarations.”