Ryanair’s ‘Customer Verification Process’ for tickets booked via third party websites has drawn the attention of the country’s Data Protection Commission (DPC).
An affected customer speaking to consumer rights programme Rip Off Britain (via The Register), claimed the stringent process entails “an ID check, facial similarity [checks], [a] liveness check and [a] profile data check”, with some customers opting to write off the cost and book a flight with a different airline upon failing it.
The DPC has indicated that more than one European Union (EU) member state is involved in the inquiry, which will rule on whether Ryanair is keeping to its legal obligations to GDPR specifically, including whether it is being transparent as to how the data is being used, and whether the data is being used within the bounds of EU law.
Ryanair’s data protection DPC case
The perceived wisdom is that the Ryanair is entitled to perform the verification process. In July 2024, a US court ruled that online travel agent (OTA) Booking.com sold Ryanair tickets by accessing the airline’s website “without permission”, and in doing so, made it difficult for the airline to stay in contact with customers.
To this end, a Ryanair spokesperson stressed to The Register the verification process “ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required.”
They also seemed enthusiastic about settling the legal status of the verification process in court, while damning supposedly unscrupulous OTAs.
"We welcome this DPC inquiry into our Booking Verification process, which protects customers from those few remaining non-approved OTAs, who provide fake customer contact and payment details to cover up the fact that they are overcharging and scamming consumers.”