Irish regulator to probe Ryanair use of facial recognition
Ireland's data watchdog said Friday it will probe whether budget airline Ryanair's use of facial recognition to check the identity of customers booking through third-party websites violates EU privacy laws.
The Data Protection Commission (DPC) -- which also helps to police EU data privacy -- said it had received complaints from Ryanair customers across the bloc about its processing of personal data, and said the probe would be EU-wide in scope.
The regulator said the complaints concerned the carrier's practice of requesting additional identification verification from those booking travel tickets through third-party sites and online travel agents (OTAs), as opposed to directly with Ryanair.
"The DPC has received numerous complaints from Ryanair customers across the EU/EEA who after booking their flights were subsequently required to undergo a verification process," DPC deputy commissioner Graham Doyle said in a statement.
"The verification methods used by Ryanair included the use of facial recognition technology using customers' biometric data," he said.
Doyle said the inquiry will consider whether Ryanair's use of its verification methods complies with the EU's General Data Protection Regulation (GDPR).
Ryanair said it "welcomes" the inquiry.
Its booking verification process "protects customers from those few remaining non-approved OTAs, who provide fake customer contact and payment details to cover up the fact that they are overcharging and scamming consumers," said the low-cost airline in a statement.
"Customers who book through these unauthorised OTAs are required to complete a simple verification process (either biometric or a digital verification form) both of which fully comply with GDPR," said Ryanair.
"This verification ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required," it said.
A prominent digital privacy campaign group last year filed a complaint against Ryanair in Spain over the practice.
Austria's NOYB (None Of Your Business) said there was "no reasonable justification" for the airline -- Europe's largest by passenger numbers -- to implement the system.
NOYB said the complaint came from a customer from Spain who booked a Ryanair flight through the Barcelona-based online travel agency eDreams and then received an email from Ryanair requesting her to complete a "verification process".
The case was filed with the Spanish Data Protection Agency (AEPD).
Currently, Ryanair offers three identification verification methods for its customers using third-party travel agents.
These include a so-called "Express Verification" option that uses facial recognition technology provided by an external company.
It also offers a longer "standard verification" option that can take up to a week, and "in-person verification" that can be completed at airport check-in desks before travel.
T.Álvarez--ESF