"Privacy group challenges Ryanair's use of facial recognition", 27 July 2023

... Digital rights group NOYB... filed a complaint against Ryanair (RYA.I), alleging that the airline is violating customers' data protection rights by using facial recognition to verify their identity when booking through online travel agents.

NOYB, led by Austrian privacy activist Max Schrems, filed the complaint with Spain's data protection agency on behalf of a complainant who booked a Ryanair flight through the Spanish-based online travel agency eDreams ODIGEO. (EDRE.MC).

The Irish airline, Europe's largest by passenger numbers, says on its website that in order to comply with safety and security requirements it must verify the identity of passengers' booking with travel agents because agents often do not provide Ryanair with customers' contact and payment details.

Passengers can avoid verifying through facial recognition by showing up at the airport at least 2 hours before departure or submitting a form and picture of their passport or national ID card in advance, a process Ryanair said can take seven days to complete.

A similar process is not required when booking through Ryanair's website or mobile phone app.

"There is no reasonable justification for Ryanair to implement this system," NOYB said in a statement. "Instead, it seems like the airline is willingly violating their customer's right to data protection in order to obtain an unfair competitive advantage over alternative booking channels."

NOYB alleged that Ryanair's verification procedures are not valid under the GDPR because the company does not provide comprehensible information about the purpose of the "intrusive process."

Ryanair said in response that its biometric and non-biometric processes are both fully compliant with all GDPR regulations.