Schrems’ privacy group challenges Ryanair’s use of facial recognition

NOYB alleges airline is violating customers’ rights to data protection

Digital rights group NOYB on Thursday filed a complaint against Ryanair, alleging that it is violating customers’ rights to data protection by using facial recognition to verify their identity when booking through online travel agents (OTAs).

NOYB, led by Austrian privacy activist Max Schrems, filed the complaint with Spain’s data protection agency on behalf of a complainant who booked a Ryanair flight through the Spanish-based online travel agency eDreams Odigeo.

Ryanair’s website states that it needs to verify the identity of passengers who book with OTAs as they often do not provide the airline with customers’ contact and payment details.

A spokesman pointed out that Ryanair has no commercial relationship with any OTAs nor does it authorise them to sell its flights.


Passengers can avoid verifying through facial recognition by showing up at the airport at least two hours before departure or submitting a form and picture of their passport or ID card in advance, which Ryanair says can take seven days to complete.

What are the big challenges facing the aviation sector post-pandemic?

Listen | 53:23

“There is no reasonable justification for Ryanair to implement this system,” said NOYB, claiming the company was violating customers’ right to obtain an unfair competitive advantage over alternative booking channels.

Ryanair says the steps are needed when passengers buy flights through an agent to manage their booking, online check-in and to comply with safety and security requirements. A similar process is not required when booking through its website or mobile phone app.

“OTAs scrape Ryanair’s inventory and, in many cases, miss-sell our flights and ancillary services with hidden mark-ups and provide incorrect customer contact information/payment details,” said its spokesman.

As a result, he explained that customers booking through OTAs need to complete a verification process, and could choose biometric verification, or complete a digital verification form, both of which he said complied fully with GDPR rules.

“This is to ensure that they (as the passenger) make the necessary security declarations and are informed directly of all safety and regulatory protocols required when travelling, as legally required,” the spokesman added.

Ryanair’s figures show that, this week, eDreams and Opodo, also part of Spanish-based Odigeo group, charged up to €60 payment fees and for flight cancellations, for which the airline itself does not charge.

They also added various other charges, or increased the fees that the airline seeks for extras such as check-in baggage, doubling this to €42 for a 10kg bag in the case of eDreams, or seat allocation, whose cost Opodo trebled to €23.99.

Ryanair wrote to Spanish consumer groups outlining this and noting that it has won several court battles against OTAs. – Reuters