Booking.com updated their privacy policy on April 22, 2026, replacing the California-specific privacy section with a broader 'US (other than California)' section. The new section simplifies how personal data categories and sale disclosures are described, and adds information about a co-branded Genius Reward Visa credit card and data sharing with Imprint Payments, Inc. Several California-specific rights — including the right to limit use of sensitive personal information and protections for authorized agents acting on behalf of consumers — have been removed from the policy.
Booking.com has removed explicit California-specific privacy rights, including the right to limit the use and disclosure of sensitive personal information and the right for authorized agents to act on behalf of consumers. The policy now covers all US users outside California under a single section, reducing the specificity of protections previously available to California residents. You can review the updated 'Your Rights' section on Booking.com's website to understand which rights still apply to you and submit an opt-out request for the sale or sharing of your personal data.
You can no longer ask Booking.com to restrict how it uses your sensitive data (like health info or immigration status) based on this policy.
A parent or legal representative can no longer formally exercise privacy rights on your behalf under the terms stated in this policy.
+ 2 more obligation changes. Full breakdown available with Watcher.
Unlock — $9.99/mo →California residents previously had an explicit right to limit how Booking.com used their sensitive personal information — that right has now been removed from the policy without replacement. The addition of a new credit card data-sharing arrangement with Imprint Payments, Inc. as an independent controller also introduces a new party that will hold your financial and personal data outside of Booking.com's direct control.
ConductAtlas has recorded 2 material changes to this document (since April 2026). An additional minor or cosmetic changes were excluded.
Across all monitored documents, Booking.com has made 4 significant changes.
2 of Booking.com's significant changes have been classified as negative for consumers.
Removed the previously stated right for consumers to limit how Booking.com uses and discloses sensitive personal information, a right previously required under CPRA.
Removed the provision allowing parents, guardians, or authorized agents to exercise privacy rights on behalf of consumers.
The California-specific privacy section was replaced with a generic US (non-California) section, reducing the specificity of disclosures for all US users.
ConductAtlas Policy Archive Entity: Booking.com | Document: Booking.com Privacy Statement | Record: CA-C-000615 Captured: 2026-04-22 06:17:00 UTC URL: https://conductatlas.com/change/2026-04-22-bookingcom-bookingcom-privacy-statement-615/ Accessed: May 2, 2026
Unlock the full analysis
14-day free trial available.
Booking.com restructured its US privacy notice on April 22, 2026, replacing a California-specific section (CCPA/CPRA-focused) with a generic US (non-California) section. Key removals include: the right to limit sensitive personal information use (required under CPRA, Cal. Civ. Code §1798.121), authorized agent provisions (§1798.135(c)), and granular data category disclosures previously required under CCPA. A new data-sharing arrangement with Imprint Payments, Inc. for a co-branded credit card was introduced without full independent controller disclosure detail. Compliance teams should assess whether the removal of sensitive data limitation rights creates CPRA exposure and whether the Imprint Payments arrangement triggers GLBA or state financial privacy obligations.
1. CCPA/CPRA — Cal. Civ. Code §1798.100 et seq.: Removal of the right to limit use and disclosure of sensitive personal information (§1798.121) and authorized agent provisions (§1798.135(c)) may constitute non-compliance with required disclosures for California residents. §1798.130(a)(5) requires businesses to disclose all categories of personal information collected and the purposes for which they are used.
Compliance intelligence locked
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-000615.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Unlock full diff — Watcher $9.99/moBooking.com updated their Terms and Conditions on April 29, 2026 by removing the link and reference to 'Don't sell or …
Booking.com updated its privacy policy on April 23, 2026 to replace the general 'US (other than California)' section with a …
Booking.com replaced what appeared to be a security challenge page with their full Terms and Conditions document on April 23, …
We monitor 200+ platforms and archive every change — verified and timestamped.