Ireland’s Data Protection Commission is investigating Ryanair’s use of facial recognition and biometric data requirements during bookings made through third-party travel websites. The inquiry addresses complaints from EU travelers about excessive data requests and will determine Ryanair’s compliance with GDPR. Ryanair argues these measures protect consumers from fraudulent OTAs, amid ongoing legal disputes with agencies over ticket sales.
The Data Protection Commission (DPC) of Ireland has initiated an investigation into Ryanair’s biometric verification process, which incorporates facial recognition technology that requests passenger biometric data when bookings are made through third-party websites. This inquiry was triggered by multiple complaints from travelers within the EU who felt that Ryanair was overly demanding in their identification protocols. Graham Doyle, deputy commissioner of the DPC, indicated that the investigation would assess whether Ryanair’s methods conform to European General Data Protection Regulation (GDPR) requirements. This scrutiny extends beyond Ireland, covering the entire EU in relation to the airline’s practices. Ryanair has a contentious history with numerous online travel agencies (OTAs), accusing them of “screen scraping”—the selling of Ryanair tickets without proper authorization. Despite securing a court ruling against Booking.com in Delaware that provided a nominal compensation of $5,000, the airline continues to pursue a permanent injunction against the site, highlighting their ongoing battle over ticket sales through unauthorized channels. In response to the investigation, a Ryanair spokesperson asserted that their biometric verification measures were essential for consumer protection against potential scams presented by unauthorized OTAs, asserting compliance with GDPR regulations.
As the use of biometric technologies such as facial recognition increases, there are rising concerns about privacy and data protection. The DPC’s investigation into Ryanair brings into focus the implications of the GDPR, which governs how personal data is processed and protected within the EU. Biometric data, which includes personal identifiers derived from physical traits, compels organizations to implement stringent safeguards to avoid unauthorized use and breaches. Ryanair’s practice of demanding biometric verification from customers who book via third-party services raises questions about the adequacy of its privacy measures, especially in light of ongoing disputes with online travel agencies regarding unauthorized sales of its tickets. This inquiry is not only about Ryanair but also reflects growing scrutiny of how businesses use personal data in compliance with stringent EU regulations.
The DPC is actively investigating the legality of Ryanair’s use of biometric verification in response to growing concerns from consumers across the EU. The outcome of this investigation could have significant implications for both Ryanair and the standards applied to biometric data processing within the airline industry. Ryanair defends its practices as necessary for customer protection but faces ongoing challenges regarding unauthorized ticket sales and compliance with GDPR, making the result of the inquiry critical for their operational model.
Original Source: www.independent.ie
