heise PlusAbo
Anzeige

Questionable facial recognition at Ryanair: Data protection investigation opened

Some Ryanair customers have to undergo facial recognition after booking flights. The Irish data protection authority is investigating whether this is permitted.

listen Print view
A Ryanair plane stands on the tarmac.

Some customers can only board the plane after a facial recognition check: a data protection investigation is to clarify whether Ryanair is allowed to demand this of its customers.

(Image: Renatas Repcinskas/Shutterstock.com)

3 min. read
By
Contents

The Irish Data Protection Commission (DPC) is now investigating whether the Irish low-cost airline Ryanair was allowed to demand biometric verification from its customers. According to its own information, it is examining whether Ryanair's facial recognition is compliant with the applicable law of the European Union and the European Economic Area (EEA).

The investigation relates to the verification procedures for customers who have booked their Ryanair flights on external websites or online travel portals. The DPC had received numerous complaints from customers who subsequently had to confirm their identity with Ryanair, said the Deputy Commissioner of the DPC, Graham Doyle, on Friday. Facial recognition with the use of biometric data had also been used. It is now being examined whether the verification methods used by Ryanair are compatible with the General Data Protection Regulation.

Ryanair has already been informed

The investigation was ordered by the Data Protection Commissioners Dr. Des Hogan and Dale Sunderland and is based on Section 110 of the Data Protection Act 2018. The DPC is to examine across borders – not only in Ireland – whether Ryanair has complied with its obligations under the GDPR, including the lawfulness and transparency of data processing.

And it is not only the Irish DPC that has received complaints about Ryanair's verification practices: The EU Travel Tech association, which includes companies such as Airbnb, Booking.com, eDreams, Expedia and Skyscanner, also complained about this to the French and Belgian data protection authorities in May.

Read also

Data protection complaint in Spain too

Since December 2023, the low-cost airline has required them to verify passengers without a customer account with Ryanair using automated facial recognition and ID data. This primarily affects customers who book their flight via an online travel agency. EU travel tech also referred to the GDPR and warned that it "can no longer be revoked or changed".

In July 2023, the civil rights organization Noyb also lodged a complaint against the forced facial recognition of a customer of the eDreams portal. After booking a Ryanair flight via eDreams, she was forced to pay for verification by Ryanair.

Videos by heise

Harassment of customers?

From Noyb's point of view, however, this was not even necessary because the airline already had all the necessary information to rule out illegal practices. In reality, the airline simply wanted to "make the lives of travelers and competitors more complicated in order to increase its own profits".

Ryanair, on the other hand, insisted in 2023 on protecting customers from phishing, account abuse, dubious online travel agents and other fraudsters. The airline has not yet commented on the current DSC proceedings.

(nen)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten