October 5, 2024 at 05:40AM
The DPC launched an inquiry into Ryanair’s customer verification process, focusing on the use of biometric data and other personal information for passengers booking through third-party websites. Ryanair’s dispute with OTAs led to a verification process, but the inquiry aims to determine whether this process complies with GDPR obligations. The inquiry involves multiple EU/EEA member states.
From the meeting notes provided, it seems that the Data Protection Commission (DPC) has launched an inquiry into Ryanair’s Customer Verification Process. Concerns have been raised around Ryanair’s practice of demanding extra ID verification from customers who don’t book directly through its website and the use of facial recognition technology involving customers’ biometric data. The DPC has received numerous complaints from Ryanair customers across the EU/EEA regarding this process. The inquiry will aim to determine whether Ryanair’s use of its verification methods complies with the GDPR, focusing on lawfulness and transparency of data processing.
Ryanair has stated that the Customer Verification Process is aimed at protecting customers from unauthorized online travel agents (OTAs) and insists that the process complies with GDPR. However, the DPC’s inquiry will be cross-border in nature and will involve multiple member states to assess whether Ryanair has indeed met its GDPR obligations.
It appears that the main focus of the inquiry is to ensure that Ryanair’s Customer Verification Process aligns with GDPR requirements and that customers’ personal data is being handled lawfully and transparently.