Booking.com removed a dedicated privacy section that previously explained how it and its insurance partners handle personal data when you purchase insurance products through the platform. The section previously clarified that both Booking.com and the insurer are jointly responsible for how your data is used, and encouraged you to review the insurer's privacy notice. This section is no longer in the updated privacy statement as of May 5, 2026.
Booking.com previously had a distinct section explaining that when you buy travel insurance through its platform, both Booking.com and the contracted insurer separately determine how your personal data is handled, and it encouraged you to read the insurer's privacy notice. This dedicated clarification has been removed as of May 5, 2026. The removal means travel insurance data practices are now described only in the general sections of the privacy policy rather than in a product-specific subsection. If you purchase travel insurance through Booking.com, your data handling practices and the division of responsibility between Booking.com and the insurer are no longer clearly signposted in a dedicated section; you will need to review the general sections of the privacy notice and the insurer's own privacy materials to understand how your data is processed.
Travel insurance purchases involve sensitive financial and potentially health data. The removed section had explicitly clarified the division of data responsibility between Booking.com and insurers and encouraged consumers to review insurer policies. Consolidating this into general sections reduces product-specific transparency for a category of personal data that regulatory frameworks like GRAMM-LEACH-BLILEY and CCPA treat with heightened scrutiny.
→ If you purchase travel insurance through Booking.com, review the general sections of Booking.com's updated privacy notice to understand how your data is handled.
→ Request and review the contracted insurer's privacy notice separately to understand the insurer's independent data handling practices.
→ You may not clearly understand the division of responsibility between Booking.com and the insurer for your insurance-related personal data.
→ If a dispute arises about how your insurance-purchase data was used, you will have no dedicated product-specific disclosure to reference for clarification.
Removed dedicated language clarifying joint data responsibility between Booking.com and insurers when consumers purchase travel insurance, and removed encouragement to review insurer privacy notices.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Booking.com no longer has a distinct section explaining how your data is handled when you buy travel insurance; you must find this information in general policy sections instead.
Booking.com removed a dedicated Insurance privacy subsection (previously covering US Insurance and general insurance data handling) that had explicitly stated joint responsibility between the platform and contracted insurers, and encouraged consumers to review insurer privacy notices. The removed language addressed data handling under frameworks like GRAMM-LEACH-BLILEY and California law. This consolidation may affect transparency obligations under consumer protection and privacy frameworks in jurisdictions where insurance purchase data handling requires clear disclosure. Organizations that rely on Booking.com's privacy disclosures for vendor assessment or that conduct travel insurance sales through the platform may need to evaluate whether the removal of dedicated product-specific disclosure language affects their own privacy notices or vendor data processing agreements.
CCPA (California Consumer Privacy Act), GRAMM-LEACH-BLILEY Act (financial privacy of insurance customers), FTC Act Section 5 (unfair or deceptive practices related to privacy disclosures), state insurance privacy laws, GDPR (where applicable to EU users purchasing insurance products)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001634.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherThe detected change in Booking.com's published document consists entirely of technical updates to nonce values and timestamp parameters in the …
Booking.com's Terms and Conditions document appears to have been replaced with an error page or security challenge page on May …
Booking.com's privacy statement update on May 7, 2026 involved a technical modification to security scripting nonce values that protect against …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.