pwshub.com

Ryanair faces GDPR turbulence over customer ID checks

1 week ago

Ireland's Data Protection Commission (DPC) has launched an inquiry into Ryanair's Customer Verification Process for travelers booking flights through third-party websites or online travel agents (OTA).

The concerns center around Ryanair's practice of demanding extra ID verification from customers who don't book directly through its website and what happens to that personal data, which may include biometrics.

Graham Doyle, Deputy Commissioner with the DPC, said: "The DPC has received numerous complaints from Ryanair customers across the EU/EEA who after booking their flights were subsequently required to undergo a verification process. The verification methods used by Ryanair included the use of facial recognition technology using customers' biometric data. This inquiry will consider whether Ryanair's use of its verification methods complies with the GDPR."

Ryanair's antipathy toward OTAs and third-party websites that sell tickets on its aircraft without the company's permission is well documented. In July 2024, a US court ruled against Booking.com in a screen-scraping case that involved sourcing and reselling tickets.

The airline's response to its tickets appearing in unauthorized places was to insist on a Customer Verification Process in which passengers are asked to upload information such as passport details and complete an ID check. This led to some customers with flights booked through OTAs losing entire holidays after failing the process.

  • Brits hate how big tech handles their data, but can't be bothered to do much about it
  • EU kicks off an inquiry into Google's AI model
  • UK Lords push bill to tame rogue algorithms in public sector
  • Teens take a million metaverse Ryanair flights in Roblox

However, the issue is not the inconvenience of the process or Ryanair's dispute with third parties, but rather whether the process complies with GDPR. Ryanair is at pains to insist it does.

A Ryanair spokesperson said: "We welcome this DPC inquiry into our Booking Verification process, which protects customers from those few remaining non-approved OTAs, who provide fake customer contact and payment details to cover up the fact that they are overcharging and scamming consumers.

"Customers who book through these unauthorized OTAs are required to complete a simple verification process (either biometric or a digital verification form) both of which fully comply with GDPR. This verification ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required."

According to the DPC, the inquiry will be cross-border in nature – more than one member state is involved – and will consider whether Ryanair has indeed complied with its GDPR obligations, including lawfulness and transparency of data processing. ®

Source: theregister.com

Other stories
19 minutes ago - Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.
20 minutes ago - Preorders go live on Oct. 21, at 8 a.m. PT., and the $250 console is expected to ship in the first quarter of 2025.
20 minutes ago - If you’re looking for a nice pillow-top mattress, it’s hard to top the WinkBed -- especially for the price. Here’s what you need to know about this mattress before you buy, including who it’s best for.
20 minutes ago - CNET's shopping experts have a secret tool to help you get the best deals sent right to your phone so you don't miss any deals.
20 minutes ago - Can regular swimming sessions have a positive impact on sleep? I tried it, and here's what I found out.