Ryanair is under scrutiny from EU Travel Tech – a lobby group representing the interests of travel technology companies and online travel agencies in Europe – and from data protection authorities in France and Belgium over its online booking verification process, which uses facial recognition technology.
Introduced in 2023, the process aims to prevent unauthorized third-party agents from selling flights at inflated prices, and prompts customers booking through third parties to complete the online biometric verification or pay an additional €55 fee to check in at the airport.
The biometric verification process has raised concerns among corporate travelers and data protection advocates, due to the fact that it involves scanning customers’ faces to verify their identities, leading to complaints about friction in the booking process and potential security risks related to the handling of biometric data.
EU Travel Tech stated that Ryanair’s biometric verification process infringes on privacy rights and violates GDPR principles of lawfulness, fairness, and transparency. The group argues that the use of biometric data without clear justification introduces risks such as data breaches and identity theft, and that once compromised, biometric data cannot be changed.
This complaint follows a similar one by the digital rights group NOYB in July 2023, which also claimed that Ryanair’s use of facial recognition breached GDPR rules. EU Travel Tech has criticized the slow pace of the investigation following NOYB’s complaint and called for immediate measures to halt Ryanair’s verification process and impose a proportionate fine under GDPR Article 83.
GDPR Article 83 outlines the conditions and guidelines for imposing administrative fines on organizations that violate the GDPR, specifying that fines should be effective, proportionate, and dissuasive, with maximum penalties reaching up to €20 million or 4 percent of the annual global turnover, whichever is higher.
Ryanair defended its verification process, stating it was introduced to protect consumers from unauthorized sales and ensure that passengers are informed of all safety and regulatory protocols, and claims the process complies with GDPR regulations and aims to prevent fraud.
Despite Ryanair’s assurances, some corporate travel programs have removed Ryanair from their preferred carrier lists due to these security concerns.
Source: BTN Europe
—
May 22, 2024 – by Tony Bitzionis
Related News
Ryanair Faces Privacy Complaint Over Biometric IDV
Irish Data Protection Commissioner Opens EU Investigation Into Ryanair’s Use of Facial Recognition
Another Dating App Gets Targeted with a BIPA Class Action Lawsuit
Getaround Sued for Alleged Violations of Illinois Biometric Privacy Law
British High School Gets Formal Reprimand Over Facial Recognition Use
Scots Under Arrest Now Get Biometric Info Leaflets
Follow Us