Ryanair accused of GDPR violations with biometric passenger verification

Travel policy advocacy group eu travel tech has lodged a formal complaint with the French and Belgian Data Protection Authorities (DPAs) against Ryanair, challenging the airline’s new biometric data processing policy for customer verification.

The policy, which was introduced on December 8, 2023, mandates biometric verification for customers without existing accounts, including those booking via Online Travel Agencies (OTAs). These customers are required to submit live self-images or signature images along with passport details to manage bookings and check-in online.

eu travel tech argues that this requirement infringes on individual privacy and contravenes the General Data Protection Regulation (GDPR). The organization asserts that Ryanair’s biometric verification process breaches GDPR principles of lawfulness, fairness, and transparency, particularly concerning the handling of sensitive biometric data.

eu travel tech members include prominent OTA’s like airbnb, Booking.com and expedia group, along with Amadeus.

The group has called on the DPAs to investigate Ryanair’s practices urgently and to implement provisional measures to suspend the biometric verification process under GDPR Article 66. The organization emphasizes the need for immediate action due to the potential harm to individuals’ rights and freedoms, and suggests that a substantial fine, as prescribed by GDPR Article 83, may be warranted.

Additionally, the complaint draws attention to the protracted nature of previous investigations. Notably, a similar complaint regarding Ryanair’s facial verification process was filed by the European Center for Digital Rights (NOYB) in July 2023. The status of the Irish DPA’s investigation into that complaint remains unclear, raising concerns about the effectiveness of GDPR enforcement.

In addition to filing the complaint, eu travel tech, along with the European Travel Agents’ and Tour Operators’ Associations (ECTAA) and the European Passengers’ Federation (EPF), has sent a letter to European Commission Vice-President Věra Jourová, urging the commission to explore measures to ensure timely and robust GDPR enforcement.

The coalition says it hopes these actions will prompt a swift and decisive response to protect individuals’ data rights across Europe.

Article Topics

biometrics  |  data protection  |  GDPR  |  passenger processing  |  selfie biometrics