Austrian group for the protection of digital rights nyob (from “none of your business”) has filed a complained with the Spanish Data Protection Authority against Ryanair’s “invasive facial recognition” verification process required of passengers booking tickets through third party websites.
“There is no reasonable justification for Ryanair to implement this system. Instead, it seems like the airline is willingly violating their customer’s right to data protection in order to obtain an unfair competitive advantage over alternative booking channels”, reads a statement from the group.
Ryanair’s verification process looks like another attempt to make the lives of travellers and competitors more complicated to increase profits.Romain Robert, Program Director at noyb
The complaint comes after a woman in Spain received an e-mail from Ryanair, after booking her tickets through the online travel agency eDreams, informing her she needs to verify her identity to be allowed to board the flight. She could either do that online, through facial recognition, a process taking up to 7 days and costing 59 cents, or do it by checking in at the airport, for an additional fee of 30 to 55 euros.
The airline justifies the verification process by saying that third party agencies “scrape Ryanair’s inventory and in many cases miss-sell our flights and ancillary services with hidden mark-ups, while providing incorrect customer contact information and payment details”. Since the verification of a passenger’s identity is necessary to “ensure that they (as the passenger) make the necessary security declarations and are informed directly of all safety and regulatory protocols required when travelling, as legally required”, Ryanair argues the request is GDPR compliant.
However, noyb points out the airline already has the passenger’s contact details to send them the verification email, proving additional identity confirmation should not ne required. “A verification of contact details via biometrics also doesn’t make a lot of sense: Your email address is not printed on your face or in your passport”, said nyob Program Director Romain Robert.
The information provided by Ryanair is so confusing that travellers may even think their booking is invalid.Felix Mikolasch, Data Protection Lawyer at noyb
Furthermore, the group argues Ryanair does not provide comprehensible information about the purpose of this “intrusive process”, thus the passenger’s consent is not cannot be informed or specific.
“By nudging customers to go through its intrusive facial recognition process, the airline manages to both violate their customer’s privacy and ensure that they don’t book via external providers another time”, said Felix Mikolasch, Data Protection Lawyer at noyb.
The group also highlights that Ryanair has unsuccessfully tried to sue online travel agencies selling its flights in the past and has now resulted “mere annoyance” to deter people from booking through any other website except Ryanair’s.
Based on the airline’s profit of €4.8 billion in 2022, nyob is expecting the Spanish Sata Protection Authority to issue a fine of up to €192 million.