AirBnb Ireland UC – Complaint Upheld (Ireland, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Airbnb Ireland was asked to verify a user's identity by providing a high-resolution copy of their ID. The user felt this request was too much and worried about identity theft, leading them to file a complaint. This case shows the importance of balancing user privacy with safety measures.
What happened
Airbnb required a user to submit a high-resolution copy of their ID for identity verification when booking a property.
Who was affected
The user who wanted to book a property on Airbnb and was asked for their ID.
What the authority found
The Data Protection Commission found that Airbnb's ID verification process was necessary to protect users and the platform.
Why this matters
This case highlights how companies must carefully consider privacy rights while ensuring safety. Other businesses should evaluate their verification processes to avoid similar complaints.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A data subject was asked by AirBnb (the controller) to submit an ID card together with a newly taken photograph for identity verification when booking a property on the platform. The initial redacted copy of his ID was refused and the controller again requested the data subject to provide a copy of his ID together with a newly taken photograph to prove his identity. The controller only allowed the booking when the data subject provided a high resolution copy of his ID with only the access code redacted. Following this, the data subject thought that the amount of personal data required was excessive and that the refusal of a redacted copy of his ID by the controller could potentially lead to an identity theft. Thus, the data subject filed a complaint which ended up at the Berlin DPA. In May 2020, however, the complaint was transferred from the Berlin DPA to the Irish DPC as competent lead supervisory authority under Article 56 GDPR, which initiated the cooperation mechanism according to Article 60 GDPR. The controller explained in its submissions that its verification procedures are to preserve the legitimate interests of safeguarding the AirBnb platform and its users, particularly where the hosts and guests will meet face to face in the rental process. The controller further submitted that when designing its ID verification processes, it gave careful consideration to the correct balance to strike between the privacy rights of its users and their rights as hosts and guests to a safe and secure stay during a reservation. Further, in this case, the host of the property had specifically asked that verified IDs be provided by potential guests and according to its policy, Airbnb is required to facilitate such requests by hosts. The controller also stated that given the risks in allowing a potentially fraudulent or otherwise illegitimate booking to proceed, it believed that its redaction policy was adequate, relevant and necessary for the purpose of verifying user id
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for AirBnb Ireland UC in IE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. AirBnb Ireland UC - Ireland (2023). Retrieved from cookiefines.eu
Last updated: