Two Harvard students have developed a program which (when used with Meta’s smart glasses) can identify people without their knowledge, thereby highlighting a potentially serious privacy risk.

Why? 

In their report about their research, the two Harvard students, AnhPhu Nguyen and Caine Ardayfio, said their goal was “to demonstrate the current capabilities of smart glasses, face search engines, LLMs, and public databases, raising awareness that extracting someone’s home address and other personal details from just their face on the street is possible today”. 

Turning Glasses Into Facial Recognition Tools

As part of a project they called I-XRAY, the students developed a program that demonstrates the potential privacy risks of using AI with smart glasses like Meta’s Ray-Ban models.

Using their experimental system, the students have reported that they can stream live recordings from Meta’s Ray-Ban smart glasses (which are equipped with camera) to a computer, where AI is then used to spot when the glasses are looking at a face. Next, they are able to use AI and facial recognition tools, notably the PimEyes facial search engine while live streaming video from the glasses to Instagram, to positively identify strangers to whom the faces in the video belong.

Once the glasses detect a person’s face, the program can pull up images and publicly available personal information, including names, addresses, and more, within minutes.

The experiment shows how it’s possible to quickly access personal details of random individuals simply by walking past them and capturing their faces on camera, highlighting how invasive and dangerous this technology could become, if misused.

What Is PimEyes and How Can They Use It? 

PimEyes is a facial recognition search engine that allows users to upload an image of a face and find other images of that person across the web. It scans public databases, websites, and social media platforms to match facial features, making it possible to track someone’s online presence. In their experiment, the Harvard students used PimEyes to identify people in real-time by integrating it with Meta’s Ray-Ban smart glasses. As the glasses recorded video, PimEyes was used to find additional images and public information about individuals whose faces were captured.

Leveraged Today’s LLMs 

The students said that what makes their I-XRAY system so unique is that it operates entirely automatically, thanks to the recent progress in AI Large Language Models (LLMs). The system leverages the ability of LLMs to understand, process, and compile huge amounts of information from diverse sources, inferring relationships between online sources, such as linking a name from one article to another, and logically parsing a person’s identity and personal details through text. The students said that is this “synergy between LLMs and reverse face search” that “allows for fully automatic and comprehensive data extraction that was previously not possible with traditional methods alone”. 

Used ‘FastPeopleSearch’ To Get Other Personal Details From Names 

Worryingly, the students reported how their system (once they get an LLM-extracted name) can use a ‘FastPeopleSearch’ lookup to identify the person’s home address, phone number, plus their relatives. FastPeopleSearch is a free online tool that allows users to find personal information about individuals, such as addresses, phone numbers, and even family members or associates. It aggregates publicly available data from various sources to offer these details.

To use it, you go to the FastPeopleSearch.com website (if access is allowed – the website is using a security service – you may need a VPN), enter a person’s name, phone number, or address, and the tool will search its database to return matching results. It’s often used for background checks, though it raises privacy concerns due to the accessibility of personal information.

Doesn’t Have To Be Smart Glasses 

The students have highlighted that although Meta’s smart glasses have been used in their experiments, using their system, the same results could be achieved using just a simple phone camera. This means that anyone could use this technology to identify, track, or access personal information about strangers in real time, without their knowledge or consent. This raises serious privacy and security concerns, especially regarding stalking, harassment, or ‘doxxing’.

Are We Ready For This? 

As one of the student researchers in this experiment, AnhPhu Nguyen, said in an ‘X’ post about their findings, “Are we ready for a world where our data is exposed at a glance?”, with others commenting “Fascinating but Dystopian” and “looks like some govt entity will try and get hold of this”. 

How Can You Protect Yourself?

Despite demonstrating how easily facial recognition systems can be built using publicly available technologies and data, the Harvard researchers have also provided steps to help individuals protect their privacy – helpful links to do this can be found here. They explained how people can remove their data from major facial recognition and people search engines like PimEyes and FastPeopleSearch. Both PimEyes and Facecheck.id offer free services to opt-out, while major people search engines like FastPeopleSearch, CheckThem, and Instant Checkmate allow users to remove their information. Also, considering the potential financial havoc if a person’s US social security number (SSN) is leaked/part of a data dump, the researchers have recommended freezing credit and using two-factor authentication to prevent identity theft.

What Has Meta Said? 

Meta has reportedly said that the students’ experiment appears to involve them “simply using publicly-available facial recognition software on a computer that would work with photos taken on any camera, phone or recording device”, and has highlighted that its smart glasses are designed to comply with privacy laws, such as including a visible light to indicate when they are recording.

What Does This Mean For Your Business? 

This could be an important experiment in that it highlights just how vulnerable personal data can be in the age of advanced AI and facial recognition technology. While Nguyen and Ardayfio’s research shows the remarkable capabilities of current technologies, it also serves as a wake-up call to the broader public. The ease with which private details, such as names and addresses, can be extracted from something as simple as a passing glance on the street is a stark reminder of the privacy risks we face. The fact that these tools can be used not just with specialised smart glasses, but also with everyday devices like smartphones, makes the issue even more pressing.

For businesses, this raises important questions about the ethical and legal responsibilities of companies developing and deploying similar technologies. As facial recognition becomes more ubiquitous, organisations must navigate the fine line between innovation and privacy, ensuring that they not only comply with existing laws but also proactively address the potential misuse of their products. Meta’s response that their smart glasses are compliant with privacy regulations is likely to do very little to quell the growing concerns about how easily such technologies can be repurposed for invasive uses.

Looking ahead, as the use of AI and facial recognition continues to expand, so too will the need for stricter regulations and public awareness. Individuals, businesses, and governments alike must engage in a broader conversation about the balance between technological advancement and personal privacy to ensure that such powerful tools are not misused.

Following Tesla’s “We, Robot” event on October 10 at the Warner Bros. Studios in Los Angeles, we look at the big reveals, the reactions to them, plus some of the key comments made and opinions given.

A Showcase of Futuristic Visions 

Tesla’s long-anticipated “We, Robot” event, which captured the attention of millions worldwide, was CEO Elon Musk’s bold declaration of the company’s future direction, positioning Tesla not just as an electric vehicle manufacturer but as a cutting-edge robotics and artificial intelligence company. The showcase was reported to be rich with futuristic visions, but it left many wondering whether these concepts were truly within reach or just another example of Musk’s futuristic ambitions.

The Cybercab – A Robotaxi with No Steering Wheel 

The centrepiece of the evening was the long-awaited Tesla robotaxi, referred to as the “Cybercab”. A striking vehicle with gull-wing doors, the Cybercab was revealed as a completely autonomous car, lacking both a steering wheel and pedals. It operates solely on Tesla’s proprietary Full Self-Driving (FSD) technology, a vision-based system that relies on cameras rather than hardware such as lidar, which is commonly used by competitors like Waymo.

Musk announced that the Cybercab would be priced under $30,000 and would enter production in 2026, albeit without committing to a specific timeline for large-scale manufacturing. “The autonomous future is here,” Musk proclaimed to the audience, describing how these vehicles could be up to ten times safer than human-driven cars. He added that they could operate at a cost of only 20 cents per mile. Charging, he said, would be made even more convenient through inductive charging, which eliminates the need for physical charging plugs.

And …The Robovan, Tesla’s Autonomous Multi-Passenger Vehicle 

While the Cybercab was undoubtedly the star of the show, Musk also introduced a surprise in the form of Tesla’s ‘robovan’. Designed to carry up to 20 passengers, the robovan offers a vision for high-volume, autonomous transport. However, details about the robovan’s production timeline, features, and expected costs were reported to be notably sparse. Musk briefly mentioned that its operational costs could be as low as 5 cents per mile, making it potentially one of the cheapest transport solutions in the market.

Regulatory Hurdles Ahead 

Although the robovan could potentially revolutionise shared transport, industry analysts have been quick to point out the significant regulatory and technical hurdles that stand in the way. For example, Matthew Wansley, a professor of law at New York’s Cardozo School, commented, “What Tesla showed tonight was a lot of sci-fi smoke and mirrors… Musk has yet to prove that a vision-only approach for automation is viable.”

Tesla’s ‘Optimus’ Humanoid Robot 

As the event’s name suggests, “We, Robot” was not just about autonomous vehicles. Musk used the opportunity to highlight Tesla’s progress with ‘Optimus’, the company’s humanoid robot. Priced between $20,000 and $30,000, the robot is designed to handle many everyday tasks, offering a glimpse into how AI and robotics could reshape labour markets. Musk did not delve deeply into specific capabilities but promised that Tesla has made “a lot of progress” on the Optimus robot.

The unveiling of Optimus sparked a mixture of excitement and scepticism. For some, it reinforced Musk’s long-standing ambition to push AI and robotics into mainstream use. However, others expressed doubt about how quickly such a product could be scaled for consumer use, with some comparing it to past announcements from Tesla that have seen significant delays or failed to materialise.

Key Reactions and Investor Sentiment 

Despite the technological marvels on display, the event appears to have left some investors and experts feeling underwhelmed. One of the recurring criticisms seems to be the lack of concrete timelines and plans for the production and deployment of Tesla’s autonomous fleet. For example, Dennis Dick, reportedly an equity trader, has been quoted as summarising the sentiment of many investors, saying: “I’m a shareholder and pretty disappointed. I think the market wanted more definitive timelines. I don’t think he said much about anything.” 

Similarly, Bryant Walker Smith, a professor at the University of South Carolina, noted, “Tesla yet again claimed it is a year or two away from actual automated driving – just as the company has been claiming for a decade.” This remark highlights Tesla’s history of perhaps over-promising and under-delivering when it comes to autonomous driving capabilities.

Optimism 

Musk himself acknowledged that he often errs on the side of optimism when it comes to timelines. Yet, he maintained that Tesla’s approach, which eschews lidar in favour of a camera-based system, will ultimately be the most efficient and scalable. This approach, however, remains a point of contention among experts, with many pointing out that other companies in the autonomous vehicle race, such as Waymo and General Motors’ Cruise, have invested heavily in lidar technology, which they consider crucial for ensuring the safety and reliability of driverless cars.

Hurdles and Opportunities 

The robotaxi market, while potentially lucrative, appears to be fraught with obstacles with the establishment of a fully functional and safe fleet of autonomous vehicles looking like being no small feat. For example, Tesla’s reliance on vision-based AI, while cost-effective, faces significant challenges in terms of regulatory approval and the technology’s ability to handle complex driving environments, such as adverse weather or unpredictable pedestrian behaviour.

Despite these hurdles, Tesla’s massive fleet of electric vehicles, which already collect a wealth of driving data, gives the company a significant data advantage over rivals. KC Boyce, a vice president at data analytics firm Escalent, has been reported as commenting, “The vision-only system Tesla has chosen handicaps their capabilities versus how Waymo and Cruise have chosen to approach autonomy… Whether that data advantage is enough to close the sensor gap, I’m sceptical.” 

A Vision of the Future, But With Some Questions 

While the “We, Robot” event provided a tantalising glimpse into the future of transportation, it also raised many questions. On one hand, the promise of a $30,000 fully autonomous vehicle is certainly appealing, as is the prospect of making transportation safer, cheaper, and more efficient. Musk’s vision of a world where cars operate without human intervention could significantly alter how people live and work, offering the prospect of reclaiming valuable time spent commuting.

However, as history has shown, the road to full autonomy is long and fraught with both technical and regulatory challenges. Tesla’s vision of the future, while bold, still hinges on technological breakthroughs that have yet to be realised and on overcoming resistance from both regulators and the public.

In many ways, the “We, Robot” event could be considered to be a microcosm of Tesla’s broader strategy and a bold vision with world-changing potential, tempered by the practical realities of bringing that vision to life.

Whether the Cybercab and robovan become cornerstones of future transport or remain conceptual dreams is a question only time can answer.

Amazing Space X Rocket Return and Grab By “Chopsticks” 

While the “We, Robot” event may have left some attendees and investors underwhelmed due to its lack of concrete timelines and detailed plans, it is impossible to overlook the historic achievement made just days later by Musk’s other venture, SpaceX. On October 13, SpaceX successfully launched its fifth Starship test flight, but what truly captivated the world was the unprecedented mid-air capture of the “Super Heavy” booster rocket.

This was the first time SpaceX had managed to catch the 230-foot-tall booster using mechanical arms, nicknamed “chopsticks”, as it returned to the launch pad in Boca Chica, Texas. This groundbreaking recovery method is a crucial step towards making the Starship fully reusable, a key aspect of Musk’s vision for cost-effective and rapid space travel. As Musk himself stated, the achievement marked a “big step towards making life multiplanetary,” moving closer to SpaceX’s goal of using the Starship for moon and Mars missions in the near future.

This feat of engineering comes at a pivotal moment for SpaceX, particularly as NASA has selected the Starship for its upcoming crewed lunar missions under the Artemis programme. While Tesla’s robotaxi aspirations continue to face regulatory and technical hurdles, the extraordinary success of SpaceX in recovering the booster not only demonstrates Musk’s continued innovation but also underscores the broader vision he has for advancing humanity’s future beyond Earth.

What Does This Mean For Your Business? 

The “We, Robot” event undoubtedly provided a bold look at the future of transportation, particularly in terms of Tesla’s ambition to reshape how we think about mobility. For example, the unveiling of a $30,000 fully autonomous vehicle promises to disrupt the transport industry by making travel more accessible, safer, and more efficient. If realised, this could mark a pivotal moment in the shift towards self-driving technologies, potentially transforming how people and goods move across cities and countries. However, the event left some critical questions unanswered. Technological breakthroughs are still needed, and regulatory obstacles remain high. Tesla’s competitors, who are also racing to develop autonomous vehicles, will be watching closely. Companies such as Waymo and General Motors’ Cruise may accelerate their own efforts, sparking fierce competition in this rapidly evolving space.

For businesses and industries reliant on transportation, the potential impact of widespread autonomous driving is vast. Companies that depend on logistics, for example, could benefit from lower costs and improved efficiency, while new opportunities for services linked to mobility could emerge. However, this transition might also bring challenges, particularly for sectors like insurance and vehicle manufacturing, which may have to adapt quickly to changing demand and the reduction in human-driven vehicles.

In a broader economic sense, should Tesla succeed in making autonomous vehicles affordable, the ripple effect could extend to urban planning, employment in the transport sector, and even global supply chains. Entire industries may need to rethink their strategies in response to what could be a revolution in how transportation is managed and delivered. The knock-on effects on global economies, particularly in regions dependent on automotive industries, could be profound.

Meanwhile, the success of SpaceX in catching the Super Heavy booster rocket marked a monumental moment for Musk’s broader ambitions. While Tesla wrestles with challenges here on Earth, the achievement in space highlighted the potential for transformative change beyond our planet. This technological leap not only moves SpaceX closer to making the Starship fully reusable but also strengthens Musk’s vision of enabling human life on other planets. The success of SpaceX serves as a powerful reminder of Musk’s ability to push the boundaries of innovation across multiple industries, potentially outpacing competitors who are yet to make comparable breakthroughs.

Both Tesla’s ambitious autonomous vehicle plans, and SpaceX’s unprecedented achievements reveal a future of rapid change, not just for transportation on Earth, but potentially for space travel as well. For Tesla, its competitors, and the wider transport industry, the next few years will be crucial in determining whether this vision becomes a reality or remains a distant dream. As for SpaceX, its success signals that the future Musk envisions is not just a concept but an impending reality.

Following a recent US ruling that Google acted illegally to maintain a monopoly on its online search and the associated advertising, the US government has now proposed forcing Google to sell off parts of its business, potentially leading to the breakup of one of the world’s leading tech companies.

Antitrust Remedies – Structural Relief Suggested 

After years of investigation and following the outcome in August of a ten-week trial, a US judge delivered the landmark ruling that, “Google is a monopolist, and it has acted as one to maintain its monopoly.”  At the time, ‘structural’ remedies, i.e. ‘structural relief’ (altering the structure of a company to restore competitive conditions in a market) was one of the remedies suggested to curb Google’s anticompetitive practices (if other remedies weren’t adequate). In plain English, structural relief essentially means breaking up a company.

Sell Off Chrome Browser and Android OS? 

Following this ruling, The US Department of Justice (DoJ) and a coalition of state attorneys general have recently submitted a 32-page filing (PDF) document outlining suggested remedies to address Google’s monopolies in search and search advertising. The proposal suggests that Google could be forced to sell off key assets such as its Chrome browser and Android operating system, which the DoJ argues are used to maintain its illegal dominance.

Four Areas 

In fact, the DoJ has proposed four areas for potential remedies, which are:

1. Search distribution. The DoJ wants to limit or prohibit Google’s exclusive deals that set its search engine as the default on devices like iPhones and Android smartphones. This would reduce Google’s control over how users access search services and open the market for competition.

2. Data access and usage. This remedy would require Google to share its search data, such as search queries and results, with competitors. The goal is to prevent Google from having an unfair advantage through exclusive access to user data that can be used to improve its services. There are concerns about privacy and security risks, which Google has highlighted as a potential issue.

3. Extending search monopoly. With this issue, the DoJ is concerned that Google could use its dominance in search to extend its control to new areas, such as artificial intelligence. This proposal may prevent Google from using search data to train its AI models unless competitors have access to similar data.

4. Advertising practices. The DoJ is also targetting Google’s monopoly in digital advertising. It proposes increasing competition by forcing Google to license or syndicate its advertising platforms to other companies. This could involve changes to how Google auctions ad space, aiming to level the playing field for advertisers.

What Has Google Said In Response? 

Googles’ Lee-Anne Mulholland, Vice President, Regulatory Affairs has issued a written response online which she essentially argues that Google believes the DoJ’s proposals (which she says are “radical and sweeping”) go beyond the legal issues at hand and could have far-reaching, unintended consequences for consumers, businesses, and American technological leadership. For example, Mulholland made the following points in Google’s defence:

– In terms of privacy and security risks, Google argues that forcing it to share sensitive search data, such as queries and results, with competitors would create significant privacy and security risks. These concerns stem from the potential for bad actors to access personal data in less secure environments. Google emphasises that current strict security standards protect user data, and sharing this information with other companies could compromise this.

– In relation to the impact on AI innovation, Google is concerned that restrictions on its use of search data for training AI models would hinder American innovation. The company highlights the competitive nature of the global AI industry and argues that government intervention could skew investment and slow down the development of new technologies at a critical moment.

– On the key issue of divesting Chrome and Android, it’s not surprising that Google opposes the idea of separating Chrome and Android from its business, claiming that this would disrupt the products and their open-source nature. The company argues that Chrome and Android benefit users through security features and by keeping costs low. Splitting them off, according to Google, would make them more expensive to maintain, jeopardise security updates, and hurt competition with Apple’s ecosystem

– In relation to disruption to advertising, Google believes that changes to its advertising system would hurt small businesses and publishers that rely on its platform. It argues that its current system helps level the playing field for advertisers of all sizes and that mandated changes could reduce the value of online ads for everyone involved.

– Addressing concerns about overreach and consumer harm, Google criticises the DoJ’s proposed restrictions on search distribution contracts, arguing that these would create unnecessary friction for users trying to access information and would reduce revenue for companies like Mozilla and Android device manufacturers, potentially raising costs for consumers.

Appeal 

The DoJ’s filing is just a proposed framework of potential remedies, with a more detailed filing being due in November 2024. Google has stated that it plans to appeal the ruling in the DoJ’s antitrust case over its search monopoly. However, the exact date for Google’s appeal has not yet been set, although Google is expected to respond to the U.S. Department of Justice’s proposals by December 2024. The legal appeal process could take years before a final resolution is reached.

What Would Happen If Google Was Broken Up? 

If Google is eventually forced to sell off major parts of its business, like Android and Chrome, it would significantly impact both the company and the broader market. For example, some of the key impacts would be:

– To Google’s business. Losing Android and Chrome would dismantle Google’s integration across mobile and web platforms. Android, key to mobile search and app distribution, could fragment without Google’s resources, potentially increasing device costs and slowing updates. Chrome, which dominates the browser market, would also be less efficient without Google’s web service integration.

– The market impact. A breakup would create opportunities for competitors like Apple and Microsoft to gain market share. It would reduce anti-competitive barriers in mobile operating systems and browsers, enabling smaller players to thrive.

– Consumer and security concerns. Consumers might face fragmented services and reduced security, as Google’s current seamless integration between products could be disrupted. Google also argues that splitting off Android and Chrome could hinder innovation and security across platforms.

Didn’t Work Before With Microsoft

It should be noted here, however, that the DoJ’s attempt to break up Microsoft in 2000 failed, which showed how complex and uncertain efforts to dismantle tech giants can be. Also, subsequent attempts to limit Microsoft’s dominance, like the ineffective browser ballot in 2007, have highlighted the difficulty of regulating major companies, and Google may face similar challenges.

What About Search Evolution? 

Currently, the search market is evolving, with disruptions from AI and social media. While it may be true that Google still dominates, new technologies, such as large language models (LLMs), could weaken its hold, much like how Microsoft lost ground to Google Chrome in the browser wars. Google has, indeed, acknowledged that competition in search is growing, especially with AI transforming the landscape. This evolving market might naturally reduce Google’s dominance, potentially making a breakup less impactful over the long term.

What Does This Mean For Your Business? 

As the battle between Google and the DoJ continues, the question of whether the proposed breakup will actually happen remains uncertain. The complexities of dismantling a tech giant like Google are vast, as evidenced by previous attempts to regulate similar companies like Microsoft. While the DoJ is pushing hard for structural remedies, Google’s appeal and the lengthy legal process could stall any significant changes for years. Even if the breakup does occur, the impact might not be as transformative as expected, with AI and new technologies already shaking up the search market.

For Google, losing key assets like Android and Chrome would significantly weaken its control over the mobile and web ecosystems, making it harder to maintain the same level of integration and innovation. Competitors like Apple and Microsoft would undoubtedly benefit from the opening, gaining ground in both mobile and browser markets. However, consumers might face higher costs and fragmented services, especially if the separation affects Android’s open-source model or Chrome’s security features.

This shift could also create challenges for businesses that rely heavily on Google’s services. Many small and medium-sized enterprises depend on Google’s ad platform and tools like Google Analytics for visibility and revenue. A forced breakup could disrupt these services, raising costs or making the platforms less efficient. Similarly, businesses that develop apps for Android could face increased complexity if Android were to be handled by a different company, with potential delays in software updates and security patches affecting their operations.

At the same time, the evolving nature of search itself could change the landscape faster than any regulatory intervention. AI-driven platforms and social media are already challenging Google’s dominance, potentially rendering a breakup less impactful in the long term. Google has acknowledged that competition is intensifying, and the market could naturally shift away from its control as new technologies develop.

Ultimately, the road ahead is uncertain, and the final outcome of this antitrust case will set a precedent for future tech regulation. Whether through legal action or technological disruption, Google’s position at the top may not be as secure as it once was. The next few years will be pivotal in determining how the search market, and the broader tech industry, will evolve and how businesses that rely on Google’s ecosystem will adapt to this change.

What happens to data gathered as part of Ryanair’s extra ID verification requirement (from customers who don’t book directly through its website), has led to an inquiry being launched by Ireland’s Data Protection Commission (DPC).

Why ID Verification? 

For travellers booking flights through third-party websites or online travel agents (OTA), rather than directly through Ryanair, the Irish low-cost airline requires them to complete a Customer Verification Process. The reason, given by Ryanair, is that third-party agents sometimes provide incorrect or incomplete passenger information, e.g. fake contact or payment details, which can interfere with Ryanair’s ability to communicate important flight details directly to passengers.

Also, Ryanair has long opposed OTAs and third-party websites that sell its tickets without permission, often through “screen scraping” techniques. This practice involves OTAs gathering flight data from Ryanair’s website and reselling tickets, sometimes at inflated prices. Ryanair argues that this is what leads to the incorrect information being given to it, and to poor customer experiences. For example, in July 2024, a US court ruled against Booking.com in a screen-scraping case, reinforcing Ryanair’s stance. The airline, therefore, urges customers to book directly through its site to avoid such issues and ensure proper communication and service.

What Type of ID Verification Does Ryanair Require? 

Ryanair offers travellers two verification options when they attempt to book flights through OTAs and third-party websites. These are:

– Express verification. This (faster option) actually uses facial recognition technology to confirm the traveller’s identity. It costs around €/£0.59 and can be completed in a few minutes with the use of a passport or national ID and a device with a camera.

– Standard Verification. This is the free alternative where travellers submit a signed customer verification form along with their ID. However, this method can take up to seven days to process, so it’s not ideal for last-minute bookings.

Why The DPC Inquiry? 

It seems, however, that aspects of Ryanair’s ID verification requirement have led to scrutiny, particularly concerning the use of facial recognition and compliance with GDPR regulations.

On October 4, Ireland’s DPC announced that it had opened an inquiry into Ryanair’s processing of personal data as part of the Customer Verification Processes in question. Graham Doyle, Deputy Commissioner with the DPC commented: “The DPC has received numerous complaints from Ryanair customers across the EU/EEA who after booking their flights were subsequently required to undergo a verification process. The verification methods used by Ryanair included the use of facial recognition technology using customers’ biometric data. This inquiry will consider whether Ryanair’s use of its verification methods complies with the GDPR.” 

Data Processing  

The DPC said the decision to conduct the inquiry under Section 110 of the Data Protection Act 2018[2], taken by the Commissioners for Data Protection, Dr. Des Hogan and Dale Sunderland, “was notified to Ryanair earlier this week”. The DPC has also said the inquiry is “cross-border [3] in nature” (reportedly, with one other country) and “will consider whether Ryanair has complied with its various obligations under the GDPR, including the lawfulness and transparency of the data processing”. 

Considering Ryanair is an international airline, it’s perhaps not surprising that there’s a cross-border nature to the inquiry. Looking at the wider meaning of DPC’s statement about the inquiry, it looks likely that it will assess whether Ryanair’s data processing practices comply with the GDPR, particularly focusing on key areas like lawfulness (whether Ryanair had a legitimate basis to collect and use passengers’ data) and transparency (whether passengers were adequately informed about how their data would be used). This scrutiny is often triggered when there are concerns over how personal data, including sensitive information such as biometric data, is handled, especially given Ryanair’s use of facial recognition technology during its verification process.

What Does Ryanair Say? 

A Ryanair spokesperson has been (widely) quoted as saying: “We welcome this DPC inquiry into our Booking Verification process, which protects customers from those few remaining non-approved OTAs, who provide fake customer contact and payment details to cover up the fact that they are overcharging and scamming consumers. 

“Customers who book through these unauthorised OTAs are required to complete a simple verification process (either biometric or a digital verification form) both of which fully comply with GDPR. This verification ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required.” 

What Does This Mean For Your Business? 

The inquiry into Ryanair’s third-party booking verification process not only places the airline under scrutiny but also raises significant questions for the wider aviation industry. As data protection laws like the GDPR continue to evolve, airlines worldwide must carefully consider how they collect, process, and store customer data, particularly when it comes to sensitive biometric information. It’s worth remembering that this case relates to the use of acial recognition just at the booking stage, not at passport control, and with the DPC examining whether Ryanair’s use of facial recognition and other data practices comply with GDPR, this case could set a precedent that impacts other airlines, potentially forcing them to reassess their own data handling processes to avoid similar regulatory challenges.

For Ryanair’s competitors, should the DPC find Ryanair’s practices in breach of GDPR, it might prompt a broader review of data collection methods across the industry. Airlines that rely on similar verification processes, or those planning to introduce biometric solutions, may need to quickly adapt to ensure compliance. On the other hand, airlines with more traditional booking and verification systems could use this moment to differentiate themselves by emphasising stronger privacy protections and more transparent data use.

From a customer perspective, the inquiry highlights growing concerns about privacy and the use of personal data in an increasingly digital world. As biometric technology becomes more common in verification and security processes, passengers are becoming more aware of how their data is used and protected. Trust, transparency, and a clear explanation of how personal data is processed may become critical factors in how customers choose which airline to fly with. Airlines that successfully balance security with privacy may gain a competitive advantage, particularly in an industry where reputation and customer loyalty are so crucial.

Ultimately, the outcome of this inquiry may have some far-reaching consequences, not only for Ryanair but for the aviation sector as a whole. This case is a reminder that data protection is now a key pillar of operational strategy, and one that cannot be overlooked in the drive to enhance customer security and streamline digital processes. The industry will be watching closely to see how Ryanair navigates these regulatory waters and what this means for the future of data handling in the aviation world.

The U.S. National Labour Relations Board (NLRB) has accused Apple of restricting employees’ rights to advocate for better conditions by limiting their use of social media and Slack and retaliating against those who raised concerns.

The NLRB’s allegations, filed this month, focus on Apple’s work rules regarding Slack and social media use. Apple, which introduced Slack to its employees several years ago, saw the platform grow as a key tool for workers to discuss workplace concerns, particularly during the COVID-19 pandemic. However, the NLRB says that Apple has since imposed restrictions on how workers can use the platform, undermining their ability to freely advocate for better working conditions.

The NLRB claims that Apple maintained illegal policies, including restricting the creation of new Slack channels without management’s approval and requiring employees to report workplace concerns directly to a manager or designated support team. The complaint also includes accusations of Apple sacking an employee for workplace activism and pressuring another to delete a social media post, actions which the NLRB claims violate labour laws.

The complaint is part of a broader pattern, with Apple facing a similar NLRB complaint just a week earlier, accusing it of enforcing overly broad confidentiality, nondisclosure, and noncompete agreements that limited workers’ rights. In both cases, Apple has denied the accusations. An Apple spokesperson is reported as saying that Apple is committed to providing “a positive and inclusive workplace”, takes employee concerns seriously, and strongly disagrees with the NLRB’s claims.

The current case stems from a 2021 complaint filed by former Apple employee Janneke Parrish, who claims she was sacked in retaliation for her role in workplace activism. Parrish had used Slack and social media to organise efforts around remote work, pay equity, and discrimination at Apple. Parrish’s lawyer argues that Apple engaged in “extensive violations” of workers’ rights, asserting that employees were punished for raising critical workplace issues, particularly around gender and racial discrimination.

If Apple and the NLRB can’t reach a settlement on the matter, it looks likely that the case will go to a hearing before an administrative judge in February. The outcome of the hearing could set a significant precedent for the rights of employees in the tech industry, with broader implications for how companies handle worker communication and activism.

China-backed hackers have breached the wiretap systems of several major U.S. telecom and internet providers, exposing critical vulnerabilities and likely collecting vast amounts of internet traffic to gather intelligence on Americans.

These wiretap systems, required by the 1994 Communications Assistance for Law Enforcement Act (CALEA), grant authorised personnel (e.g. law enforcement agencies) almost unfettered access to user data, including internet traffic and browsing histories. However, these systems have long been viewed as security risks, with experts warning of their potential misuse. For example, Georgetown Law professor Matt Blaze called the breach “inevitable,” highlighting the inherent dangers of building backdoors meant for lawful purposes, which are prone to exploitation by malicious actors.

The Wall Street Journal recently reported that the hacking group, known as ‘Salt Typhoon’, breached at least three of the largest U.S. providers – AT&T, Lumen, and Verizon – to access these systems. While the full extent of the damage remains unclear, some US national security sources have described the breach as potentially catastrophic. The hackers are thought to be positioning for future cyberattacks, possibly as part of tensions between the U.S. and China over Taiwan. The breach has reignited debate over the risks of government-mandated backdoors, with experts like Stanford’s Riana Pfefferkorn pointing out that such systems “jeopardise” rather than protect users.

The revelations come amidst growing global concern over government backdoors and encryption, with other countries, including those in the EU, also considering legislation that could weaken digital security. Signal president Meredith Whittaker echoed warnings that “there’s no way to build a backdoor that only the ‘good guys’ can use,” underscoring the wider implications of the breach.

To guard against the risk of such attacks, the advice for businesses is to use strong encryption, limit data access to the minimum necessary personnel, and continuously review and update security practices to close potential vulnerabilities in systems.