Airbnb may collect your facial recognition data and copies of government-issued ID documents like passports or driver's licenses to verify who you are.
This analysis describes what Airbnb's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Biometric data is among the most sensitive categories of personal information because it is permanent and cannot be changed if compromised; its collection is regulated by specific laws in several US states and under GDPR.
Interpretive note: The exact verbatim policy text was not fully rendered in the truncated document; the provision description is inferred from standard Airbnb Privacy Policy content and publicly available policy language. Specific wording may vary from the version analyzed.
Current version explicitly names facial recognition technology and adds collection from videos, while removing the general 'support the safety of the Airbnb platform' justification.
View full change record →This provision means that when you verify your identity on Airbnb, the platform may collect and process biometric data derived from your photos and copies of your government-issued ID, which are stored and handled under Airbnb's retention practices and may be subject to state-level biometric privacy protections depending on where you live.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Airbnb has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect biometric information to verify your identity, such as facial recognition data derived from photos or videos you submit. We may also collect government-issued identification documents, such as a passport or driver's license, for identity verification purposes.— Excerpt from Airbnb's Airbnb Privacy Policy
REGULATORY LANDSCAPE: Biometric data collection engages Illinois BIPA, Texas CUBI, and Washington state biometric privacy law, each of which imposes written consent, data retention schedule, and destruction requirements before or at the time of collection. Under GDPR Article 9, biometric data processed for the purpose of uniquely identifying a natural person constitutes special category data requiring explicit consent or another Article 9 basis. The FTC may treat deceptive or unfair practices around biometric data under Section 5 of the FTC Act. Relevant enforcement authorities include State Attorneys General in Illinois, Texas, and Washington, as well as EU/UK data protection authorities. GOVERNANCE EXPOSURE: High. The collection of biometric data and government ID triggers heightened legal obligations in multiple US jurisdictions and under GDPR. Illinois BIPA in particular carries a private right of action with statutory damages of $1,000 to $5,000 per violation, making non-compliant biometric data practices a material litigation risk. Compliance requires documented written consent policies, defined retention schedules, and prohibition on sale or profit from biometric identifiers. JURISDICTION FLAGS: Illinois (BIPA), Texas (CUBI), Washington (My Health MY Data Act), and EU/UK (GDPR Article 9) create the highest exposure. California CPRA also classifies government ID and biometric data as sensitive personal information subject to opt-out rights. Organizations with employees or users in these jurisdictions should treat this provision as requiring specific consent and governance mechanisms. CONTRACT AND VENDOR IMPLICATIONS: Organizations using Airbnb for business travel or employee accommodation should assess whether biometric data collected from employees during Airbnb verification flows creates employer obligations under applicable biometric privacy laws. Vendor agreements with Airbnb's identity verification partners should be reviewed for data processing terms, subprocessor disclosures, and cross-border transfer mechanisms. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that Airbnb's consent interface for biometric data collection meets the written, informed, and prior consent standard required under BIPA and analogous statutes. Data mapping exercises should document the biometric data flow from collection through third-party verification providers to deletion. Retention and destruction schedules for biometric identifiers should be audited against applicable state law timelines.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Biometric data is among the most sensitive categories of personal information because it is permanent and cannot be changed if compromised; its collection is regulated by specific laws in several US states and under GDPR.
This provision means that when you verify your identity on Airbnb, the platform may collect and process biometric data derived from your photos and copies of your government-issued ID, which are stored and handled under Airbnb's retention practices and may be subject to state-level biometric privacy protections depending on where you live.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Airbnb.