Ryanair has been in the news several times this year. In March, it was one of the airlines sanctioned with a million-dollar fine for charging for hand luggage, and in September its CEO hinted that it could increase the average price of its tickets by 30%. Now, the Irish Data Protection Commission (CPD) has launched an investigation about the company’s customer verification process.
The European regulator notes that Ryanair requests additional identity verification for people who book tickets through third-party platforms or travel agencies. As they explain, they have received several complaints about this practice, so it has been decided to initiate a formal procedure in compliance with the General Data Protection Regulation (GDPR).
Ryanair, investigated by Ireland
Graham Doyle, Deputy Commissioner of the DPC, said that customers of Europe’s largest airline have to undergo a biometric scan which includes facial recognition technology after purchasing the ticket through external pages. “This investigation will consider whether Ryanair’s use of verification methods complies with the GDPR,” he said.
A Reuters article comments that the aforementioned additional verification can be omitted if passengers appear at the airport at least two hours before their flight takes off. They also have the option of submitting a form with a photo of their passport or ID card, but the latter process can take up to seven days to complete, according to Ryanair.
But there are also exceptions. Ryanair customers do not need to go through the additional verification process if they made their reservation through the own platforms of the company or through a online travel agency (OTA) that have commercial agreements with Ryanair. The airline has been very active in promoting this type of collaboration, closing 14 agreements this year.
We are facing a cross-border investigation that will cover the entire European Union. The purpose will be to determine whether Ryanair has complied with its various obligations under the GDPR, especially with regard to legality and transparency in data handling. Let us remember that the Irish body is in charge of guaranteeing compliance with the GDPR.
Images | Nastya Dulhiier | Luke Davies
In Xataka | Why Europe’s fines against Google are so relevant for the future of your privacy, we tell you in this video
Add Comment