Ireland launches EU-wide investigation into Ryanair’s use of facial recognition technology

Ireland’s Data Protection Commissioner (DPC) launched an EU-wide investigation into Ryanair’s use of facial recognition technology for customers booking through some third-party websites. The probe aims to determine if this practice violates EU privacy laws. The DPC’s action follows complaints from Ryanair customers across Europe regarding the airline’s additional verification process for bookings made through online travel agents (OTAs) rather than directly with Ryanair.

Ryanair, the largest airline in Europe by passenger numbers, welcomes the investigation, emphasising that the verification process protects customers from unverified online travel agents (OTAs) that may provide inaccurate contact or payment information. According to the airline’s website, these additional identity checks are part of its safety and security protocols. Passengers who wish to avoid facial recognition can either arrive at the airport two hours before departure or undergo a manual verification process, which may take up to seven days to complete.

Ryanair stated that verification is not required for bookings made directly on its website, mobile app, or through OTAs that have entered into commercial agreements with the airline. Since the beginning of the year, Ryanair has established 14 such partnerships. The airline asserts that both its biometric and manual verification methods are fully compliant with the EU’s General Data Protection Regulation (GDPR).