Airbnb Ireland UC – Complaint Upheld (Ireland, 2023)

A data subject requested Airbnb Ireland UC, the controller, to delete all personal data relating to him in 2018 and then submitted that he wished to withdraw his consent for the storing using and sharing of his personal data processed by the controller. The only response of the controller was that it would delete his personal data unless it is allowed or required to retain such data under the GDPR, and that this may take a long time. The data subject never received any further updates on his deletion request. The data subject initially filed a complaint with the Cypriot DPA in December 2018 against the controller for failing to comply with his erasure request, for unlawfully retaining his data and for failing to comply with the principle of data minimization and transparency in relation to its obligation to provide information to the data subject. In its capacity as concerned Supervisory Authority, the Cypriot DPA transferred the case to the Irish DPC as Lead Supervisory Authority in March 2019, which decided on the case in accordance with Article 60 GDPR. In its submissions to the DPC, the controller stated that it was aware that the complainant run eight accounts on its platform and it stated that his accounts were suspended after learning that he had assaulted a guest in November 2018, evidenced by a police record provided by the guest. The controller justified its decision not to comply with the data subject’s erasure request of December 2019 by stating that such data could potentially be used in criminal or civil proceeding on the assault involving the data subject and potentially the controller too. In the controller’s view this is allowed under Article 17(3)(b) GDPR and Article 17(3)(e) GDPR, as the information was kept for legal compliance purposes and it complies with the principles of processing of Article 5 GDPR and on the basis of Article 6(1)(f) GDPR as the controller has a legitimate interest in keeping its platform safe. In a further submission by th