Ryanair DAC – Complaint Upheld (Ireland, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Ryanair didn't provide a customer with a call recording they requested, which was part of their personal data. The Irish Data Protection Commission found this violated GDPR rules about accessing personal data. This case highlights the importance of companies responding to data requests promptly and thoroughly.
What happened
Ryanair failed to provide a customer with a call recording they requested as part of their personal data access request.
Who was affected
The affected individual was a customer who requested access to their personal data from Ryanair.
What the authority found
The Data Protection Commission ruled that Ryanair violated GDPR by not providing the requested personal data within the required timeframe.
Why this matters
This decision emphasizes the need for companies to have robust processes for handling data access requests. It serves as a reminder that failing to provide requested data can lead to regulatory scrutiny, even if no fine is imposed.
GDPR Articles Cited
National Law Articles
The Irish Data protection Commission (DPC), acting in its capacity as lead supervisory authority, commenced an examination of a complaint originally received by the U.K. Data Protection Authority. The complaint concerned cross-border processing in which the DPC was competent to act as lead supervisory authority. The complaint concerned a subject access request made by the complainant to Ryanair. Ryanair provided the complainant with certain personal data on foot of the request. However, it failed to provide the complainant with a copy of a recording of a call that the complainant had made. Due to the delay on Ryanair’s part in processing the request, Ryanair had since deleted the call recording in accordance with company policy and they had been unable to retrieve it. The decision found that Ryanair infringed Article 15 of the GDPR by failing to provide the complainant with a copy their personal data that was undergoing processing at the time of the request. The decision also found that Ryanair infringed Article 12(3) of the General Data Protection Regulation by failing to provide the complainant information on action taken on their request under Article 15 within the statutory timeframe of one month. The decision also reprimanded Ryanair in respect of the infringements.
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Ryanair DAC in IE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Ryanair DAC - Ireland (2020). Retrieved from cookiefines.eu
Last updated: