The article states that the solution is designed with Privacy by Design/Default in mind. Good but NOT good enough! Its not enough to have a compliant technology. Thats not the same as ongoing compliance by the data controller. The data controller is accountable for data privacy under GDPR Article 5 not the data processor, something that seems to be forgotten too often.
The widely reported alleged breach of the Indian governments own biometric database Aadhaar last year does also not inspire confidence that our data is managed properly.
But surely the airport will have a solid compliance practice and does not think that the solution provider will make sure the data is safe.