Eire’s Information Safety Fee (DPC) has launched an inquiry into Ryanair’s Buyer Verification Course of for vacationers reserving flights by third-party web sites or on-line journey brokers (OTA).
The issues focus on Ryanair’s apply of demanding further ID verification from clients who do not e-book instantly by its web site and what occurs to that non-public information, which can embrace biometrics.
Graham Doyle, Deputy Commissioner with the DPC, mentioned: “The DPC has obtained quite a few complaints from Ryanair clients throughout the EU/EEA who after reserving their flights had been subsequently required to endure a verification course of. The verification strategies utilized by Ryanair included the usage of facial recognition know-how utilizing clients’ biometric information. This inquiry will contemplate whether or not Ryanair’s use of its verification strategies complies with the GDPR.”
Ryanair’s antipathy towards OTAs and third-party web sites that promote tickets on its plane with out the corporate’s permission is effectively documented. In July 2024, a US court docket dominated in opposition to Reserving.com in a screen-scraping case that concerned sourcing and reselling tickets.
The airline’s response to its tickets showing in unauthorized locations was to insist on a Buyer Verification Course of wherein passengers are requested to add info resembling passport particulars and full an ID test. This led to some clients with flights booked by OTAs dropping whole holidays after failing the method.
Nonetheless, the difficulty isn’t the inconvenience of the method or Ryanair’s dispute with third events, however fairly whether or not the method complies with GDPR. Ryanair is at pains to insist it does.
A Ryanair spokesperson mentioned: “We welcome this DPC inquiry into our Reserving Verification course of, which protects clients from these few remaining non-approved OTAs, who present pretend buyer contact and cost particulars to cowl up the truth that they’re overcharging and scamming customers.
“Clients who e-book by these unauthorized OTAs are required to finish a easy verification course of (both biometric or a digital verification type) each of which totally adjust to GDPR. This verification ensures that these passengers make the mandatory safety declarations and obtain instantly all security and regulatory protocols required when travelling, as legally required.”
In keeping with the DPC, the inquiry might be cross-border in nature – a couple of member state is concerned – and can contemplate whether or not Ryanair has certainly complied with its GDPR obligations, together with lawfulness and transparency of knowledge processing. ®
