Booking.com updated its privacy policy on April 23, 2026 to replace the general 'US (other than California)' section with a dedicated California-specific section that lists detailed categories of personal information collected and your rights under California law. The new section expands the list of data categories collected, explicitly names types of 'sale' or 'sharing' of data, and adds new rights including the ability to limit use of sensitive personal information. This matters because California residents now have a clearer, more detailed picture of what data is collected about them and have explicit new rights they can exercise.
Booking.com has added a dedicated California privacy section that explicitly lists all categories of personal data collected about you — including identifiers, geolocation, sensitive information, and inferences — and clarifies when sharing that data may count as a 'sale' under California law. California residents now have an explicit right to opt out of data sales and sharing, opt out of cross-context behavioral advertising, and limit the use and disclosure of sensitive personal information. You can exercise these rights by contacting Booking.com as described in the 'Your rights' section of their privacy policy.
You can tell Booking.com not to sell or share your personal data with other companies.
You can ask Booking.com not to use your data to show you targeted ads across different websites or apps.
+ 2 more obligation changes. Full breakdown available with Watcher.
Unlock — $9.99/mo →California residents now have explicit, enforceable rights to opt out of data sales, behavioral advertising, and sensitive data processing by Booking.com — rights that were not clearly articulated in the prior policy. The removal of the non-California US section is a potential compliance gap that could affect users in other US states with privacy laws.
ConductAtlas has recorded 3 material changes to this document (since April 2026). An additional minor or cosmetic changes were excluded.
Across all monitored documents, Booking.com has made 6 significant changes.
3 of Booking.com's significant changes have been classified as negative for consumers.
Booking.com now explicitly lists 10 categories of personal information collected from California residents, including sensitive information such as passport numbers and account sign-in details, satisfying CPRA disclosure requirements.
Booking.com explicitly acknowledges that sharing certain personal data categories with third parties may constitute a 'sale' under California law, triggering mandatory opt-out rights for consumers.
California residents can now request that Booking.com limit the use and disclosure of sensitive personal information to what is strictly necessary to provide services.
ConductAtlas Policy Archive Entity: Booking.com | Document: Booking.com Privacy Statement | Record: CA-C-000638 Captured: 2026-04-23 06:21:35 UTC URL: https://conductatlas.com/change/2026-04-23-bookingcom-bookingcom-privacy-statement-638/ Accessed: May 2, 2026
Unlock the full analysis
14-day free trial available.
Booking.com restructured its US privacy disclosures on April 23, 2026, replacing a general non-California US section with a dedicated California section that satisfies CCPA/CPRA requirements. The new section enumerates all 10 categories of personal information collected, identifies data sharing practices that constitute 'sales' or 'sharing' under Cal. Civ. Code §1798.100 et seq., and adds three explicit consumer rights: opt-out of sale/sharing, opt-out of cross-context behavioral advertising, and limit use of sensitive personal information (required under CPRA). Any organization with California-resident customers using Booking.com in their travel or expense stack should note that Booking.com now formally acknowledges data sale/sharing practices and the associated opt-out obligations. Action required: review vendor classification and update internal privacy disclosures if Booking.com is listed as a data processor or service provider.
1. California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA): Cal. Civ. Code §1798.100 (right to know), §1798.110 (categories of personal information), §1798.115 (right to know about sales/disclosures), §1798.120 (right to opt out of sale or sharing), §1798.121 (right to limit use of sensitive personal information), §1798.135 (notice requirements for sale/sharing). The new section directly implements these requirements.
Compliance intelligence locked
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-000638.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Unlock full diff — Watcher $9.99/moBooking.com updated their Terms and Conditions on April 29, 2026 by removing the link and reference to 'Don't sell or …
Booking.com replaced what appeared to be a security challenge page with their full Terms and Conditions document on April 23, …
Booking.com updated their privacy policy on April 22, 2026, replacing the California-specific privacy section with a broader 'US (other than …
We monitor 200+ platforms and archive every change — verified and timestamped.