Press Release

Ryanair Imposes Invasive Facial Recognition Verification Process on Passengers Booking through Travel Agents

In an attempt to discourage consumers from booking their flight tickets through travel intermediaries, Ryanair has introduced an invasive facial recognition process which could be in breach of the General Data Protection Regulation (GDPR). Passengers that refuse to be subject to this extra step of verification, which carries inherent privacy risks, are required to complete the check-in at the airport for a EUR 55 fee.

“Ryanair’s facial recognition process is a disproportionate and privacy-invasive attempt by Ryanair to drive consumers away from travel agents. European regulators should intervene to ensure Ryanair stops this practice immediately,” stated Emmanuel Mounier, Secretary General of eu travel tech.

For the processing of sensitive data such as biometric data, the GDPR introduces a series of strict conditions such as the need for data subjects to give their consent (Article 9). The use of such data should also be strictly necessary and proportionate. The Regulation also prescribes that consent shall be freely given (Article 7). Such consent is not considered valid if the data subject has no real choice, feels compelled to consent or will endure negative consequences if such consent is not given. Ryanair’s facial verification process is a condition for passengers to access their own ticket, a practice that leaves them no real choice but to go through this privacy-invasive procedure.

“We are encouraged by the legal complaint against Ryanair filed today by NOYB, the European Center for Digital Rights. eu travel tech and its member companies will monitor these developments closely and stand ready to support the authorities to ensure action is taken to stop similar practices by airlines,” concluded Emmanuel Mounier.

It will be essential for the European Commission and the national data protection authorities to take a stand against this practice to ensure all Ryanair customers are adequately protected, whatever distribution channel they have chosen to use.