The data-protection watchdog has opened an inquiry into the way Ryanair processes certain types of personal data.

The inquiry relates to data used as part of verification processes for customers who book Ryanair flights from third-party websites or online travel agents (OTAs).

In a response this afternoon (4 October), Ryanair welcomed the inquiry, saying that its processes protected customers from unauthorised OTAs.

'Numerous' complaints

The Data Protection Commission (DPC) said that it had received “numerous” complaints about Ryanair’s practice of requesting additional ID verification from customers who book travel tickets via third-party websites, as opposed to booking directly on Ryanair’s website.

Graham Doyle (deputy commissioner) said that the verification methods used by Ryanair included the use of facial-recognition technology using customers’ biometric data.

“This inquiry will consider whether Ryanair’s use of its verification methods complies with the GDPR,” he added.

The inquiry is being conducted under section 110 of the Data Protection Act 2018, and is cross-border in nature.

It will examine whether Ryanair has complied with its various obligations under the GDPR – including the lawfulness and transparency of the data processing.

Process 'protects' customers

A Ryanair statement said that its booking-verification process protected customers from “those few remaining non-approved OTAs, who provide fake customer contact and payment details to cover up the fact that they are overcharging and scamming consumers”.

“Customers who book through these unauthorised OTAs are required to complete a simple verification process (either biometric or a digital verification form) both of which fully comply with GDPR.

“This verification ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required,” the airline added.