Ireland: Announced DPC investigation into Ryanair for alleged non-compliance with GDPR in facial recognition verification process

On 4 October 2024, the Data Protection Commission of Ireland announced an investigation against Ryanair for non-compliance with the General Data Protection Regulation (GDPR) in the facial recognition verification process. The investigation focuses on Ryanair's handling of personal data related to its customer verification processes for customers booking flights through third-party websites, amid complaints regarding the requirement for additional identity verification that may involve facial recognition of biometric data. The investigation aims to assess Ryanair's compliance with GDPR obligations in its identity verification processes, focusing on the lawfulness and transparency of its data processing practices.