Ryanair: Legal complaint lodged over account requirement to buy tickets

noyb alleges practice is against GDPR and competition law

Image:
Ryanair: Legal complaint lodged over account requirement to buy tickets

noyb, the privacy focused legal non-profit headed by activist and lawyer Max Schrems, has filed a complaint against budget airline Ryanair.

The legal complaint [pdf], lodged with the Italian data protection authorities, focuses on Ryanair's requirement that customers create an account before they can buy tickets, and that these accounts must be "verified", to protect customers against fraud and scamming, according to the airline.

nyob alleges that Ryanair uses this verification as a lock-in to keep users on its website where they can be sold add-ons such as hotel bookings and car rental, rather than having them purchase tickets and services from a third-party travel agent.

"This approach is at odds with the GDPR and competition law at the same time," the complaint says, describing forced verification as a "technique to block and hinder OTAs [online travel agencies] from conducting their business in an anti-competitive move by Ryanair."

noyb says that it knows of no other airline that requires creation of a permanent account to buy a ticket, alleging that the practice is in violation of data minimisation rules.

It also alleges that in the verification procedure Ryanair "nudges [customers] towards a pre-selected and highly invasive biometric facial recognition process," with the airline describing this option as ‘Express Verification’ rather than ‘Standard Verification’.

If customers do not wish to hand over biometric data, "Ryanair requires them to send them a hand-written signature and a copy of their government ID," noyb alleges.

“Ryanair unlawfully nudges its users towards the processing of their highly sensitive biometric data, completely disregarding its legal obligations," said Felix Mikolasch, data protection lawyer at noyb in a blog post.

"There seems to be no obvious reasons why Ryanair needs such verification, given that other airlines do not require a face scan to buy a ticket.”

Based on Ryanair’s turnover of €10 billion in 2023, the data protection authority could issue a fine of up to €431 million, according to noyb. However. In view of past fines, this would be extremely unlikely.

This is not the first time that noyb has acted against Ryanair over its use of facial recognition technology. In 2023 it filed a complaint calling the airline's use of the technology in its online booking process as "invasive" and "unjustified”. That case is still pending.

In October 2024, the Irish DPC launched an investigation into Ryanair’s use of facial recognition technology for identity verification.

We have contacted Ryanair for comment.