Airbnb may collect your facial recognition data and copies of government-issued ID documents like passports or driver's licenses to verify who you are.
This analysis describes what Airbnb's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Biometric data is among the most sensitive categories of personal information because it is permanent and cannot be changed if compromised; its collection is regulated by specific laws in several US states and under GDPR.
Interpretive note: The exact verbatim policy text was not fully rendered in the truncated document; the provision description is inferred from standard Airbnb Privacy Policy content and publicly available policy language. Specific wording may vary from the version analyzed.
This provision means that when you verify your identity on Airbnb, the platform may collect and process biometric data derived from your photos and copies of your government-issued ID, which are stored and handled under Airbnb's retention practices and may be subject to state-level biometric privacy protections depending on where you live.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Airbnb has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may collect biometric information to verify your identity, such as facial recognition data derived from photos or videos you submit. We may also collect government-issued identification documents, such as a passport or driver's license, for identity verification purposes.— Excerpt from Airbnb's Airbnb Privacy Policy
REGULATORY LANDSCAPE: Biometric data collection engages Illinois BIPA, Texas CUBI, and Washington state biometric privacy law, each of which imposes written consent, data retention schedule, and destruction requirements before or at the time of collection. Under GDPR Article 9, biometric data processed for the purpose of uniquely identifying a natural person constitutes special category data requiring explicit consent or another Article 9 basis. The FTC may treat deceptive or unfair practices around biometric data under Section 5 of the FTC Act. Relevant enforcement authorities include State Attorneys General in Illinois, Texas, and Washington, as well as EU/UK data protection authorities. GOVERNANCE EXPOSURE: High. The collection of biometric data and government ID triggers heightened legal obligations in multiple US jurisdictions and under GDPR. Illinois BIPA in particular carries a private right of action with statutory damages of $1,000 to $5,000 per violation, making non-compliant biometric data practices a material litigation risk. Compliance requires documented written consent policies, defined retention schedules, and prohibition on sale or profit from biometric identifiers. JURISDICTION FLAGS: Illinois (BIPA), Texas (CUBI), Washington (My Health MY Data Act), and EU/UK (GDPR Article 9) create the highest exposure. California CPRA also classifies government ID and biometric data as sensitive personal information subject to opt-out rights. Organizations with employees or users in these jurisdictions should treat this provision as requiring specific consent and governance mechanisms. CONTRACT AND VENDOR IMPLICATIONS: Organizations using Airbnb for business travel or employee accommodation should assess whether biometric data collected from employees during Airbnb verification flows creates employer obligations under applicable biometric privacy laws. Vendor agreements with Airbnb's identity verification partners should be reviewed for data processing terms, subprocessor disclosures, and cross-border transfer mechanisms. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that Airbnb's consent interface for biometric data collection meets the written, informed, and prior consent standard required under BIPA and analogous statutes. Data mapping exercises should document the biometric data flow from collection through third-party verification providers to deletion. Retention and destruction schedules for biometric identifiers should be audited against applicable state law timelines.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Biometric data is among the most sensitive categories of personal information because it is permanent and cannot be changed if compromised; its collection is regulated by specific laws in several US states and under GDPR.
This provision means that when you verify your identity on Airbnb, the platform may collect and process biometric data derived from your photos and copies of your government-issued ID, which are stored and handled under Airbnb's retention practices and may be subject to state-level biometric privacy protections depending on where you live.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Airbnb.