Ryanair faces GDPR turbulence over customer ID checks
Ireland's Data Protection Commission (DPC) has launched an inquiry into Ryanair's Customer Verification Process for travelers booking flights through third-party websites or online travel agents (OTA).
The concerns center around Ryanair's practice of demanding extra ID verification from customers who don't book directly through its website and what happens to that personal data, which may include biometrics.
Graham Doyle, Deputy Commissioner with the DPC, said: "The DPC has received numerous complaints from Ryanair customers across the EU/EEA who after booking their flights were subsequently required to undergo a verification process. The verification methods used by Ryanair included the use of facial recognition technology using customers' biometric data. This inquiry will consider whether Ryanair's use of its verification methods complies with the GDPR."
Ryanair's antipathy toward OTAs and third-party websites that sell tickets on its aircraft without the company's permission is well documented. In July 2024, a US court ruled against Booking.com in a screen-scraping case that involved sourcing and reselling tickets.
