Airbnb Ireland has been reprimanded by the Irish Data Protection Commission over breaches related to the retention and processing of identity documentation.
The DPC commenced the inquiry in March 2022 following a complaint that Airbnb had unlawfully requested a copy of a user's ID in order to verify their identity.
The DPC found that Airbnb's retention of a copy of the complainant’s identity documentation, following the successful completion of the identity verification process, infringed the principles of data minimisation and storage limitation contained within the General Data Protection Regulation (GDPR).
It also found breaches related to the continued processing and retention of partially redacted and out-of-date identity documents that had been deemed inadequate or insufficient.
The DPC has issued Airbnb with a reprimand.
It also ordered the company to take steps to remedy the breaches identified in the case and to prevent similar infringements occurring in the future.
This includes an order to revise its internal policies and procedures concerning user identity verification.
Airbnb said it would comply with the findings.
"We take our privacy obligations seriously and are making necessary changes to comply with the findings of the Data Protection Commission," the company said in a statement.
