Analyzed Changes
7 changes analyzed since monitoring began.
What changed
Booking.com updated their Booking.com Privacy Statement on April 23, 2026. Change detected: 19 sentence(s) added, 9 sentence(s) removed, 10 sentence(s) modified. Document contained 520 sentences after update.
Consumer impact
Booking.com has added a dedicated California privacy section that explicitly lists all categories of personal data collected about you — including identifiers, geolocation, sensitive information, and inferences — and clarifies when sharing that data may count as a 'sale' under California law. California residents now have an explicit right to opt out of data sales and sharing, opt out of cross-context behavioral advertising, and limit the use and disclosure of sensitive personal information. You can exercise these rights by contacting Booking.com as described in the 'Your rights' section of their privacy policy.
Why it matters
California residents now have explicit, enforceable rights to opt out of data sales, behavioral advertising, and sensitive data processing by Booking.com — rights that were not clearly articulated in the prior policy. The removal of the non-California US section is a potential compliance gap that could affect users in other US states with privacy laws.
What changed
Booking.com updated their Booking.com Privacy Statement on April 22, 2026. Change detected: 10 sentence(s) added, 19 sentence(s) removed, 11 sentence(s) modified. Document contained 510 sentences after update.
Consumer impact
Booking.com has removed explicit California-specific privacy rights, including the right to limit the use and disclosure of sensitive personal information and the right for authorized agents to act on behalf of consumers. The policy now covers all US users outside California under a single section, reducing the specificity of protections previously available to California residents. You can review the updated 'Your Rights' section on Booking.com's website to understand which rights still apply to you and submit an opt-out request for the sale or sharing of your personal data.
Why it matters
California residents previously had an explicit right to limit how Booking.com used their sensitive personal information — that right has now been removed from the policy without replacement. The addition of a new credit card data-sharing arrangement with Imprint Payments, Inc. as an independent controller also introduces a new party that will hold your financial and personal data outside of Booking.com's direct control.
What changed
Booking.com updated their Booking.com Privacy Statement on April 19, 2026. Change detected: 516 sentence(s) added, 3 sentence(s) modified. Document contained 519 sentences after update.
Consumer impact
Booking.com has published a comprehensive new Privacy Notice for Travelers covering how your personal data is collected, shared with third parties and group companies, used for AI and automated decisions, and what rights you have over it. The notice explicitly addresses specific markets including the US, California, and insurance products, giving more targeted transparency to those users. You can review the updated privacy notice on Booking.com to understand what data is collected about you and how to exercise your rights, including access, deletion, and objection.
Why it matters
This is the first time a readable, comprehensive privacy notice has been accessible at Booking.com's privacy policy URL in the detected period, meaning travelers can now actually understand how their data is used, shared, and protected. The inclusion of AI, automated decision-making, and California-specific sections significantly expands the transparency travelers receive.
What changed
Booking.com updated their Booking.com Privacy Statement on April 18, 2026. Change detected: 1 sentence(s) modified. Document contained 3 sentences after update.
Consumer impact
The detected change appears to reflect a rotation of security challenge tokens on Booking.com's privacy policy page rather than any substantive update to the privacy statement itself. No changes to consumer data collection, rights, or protections are evident from the available content. No consumer action is warranted based on this capture.
Why it matters
When a privacy policy monitor captures a security challenge page instead of policy text, it creates a gap in oversight — a substantive change to consumer data rights could be missed. A clean re-capture is needed to confirm whether Booking.com's actual privacy statement changed.
What changed
Booking.com updated their Booking.com Privacy Statement on April 14, 2026. Change detected: 1 sentence(s) modified. Document contained 3 sentences after update.
Consumer impact
The detected change in Booking.com's privacy policy document on April 14, 2026 appears to be a technical update to an internal security challenge script (AWS WAF nonce/token rotation) rather than a substantive change to privacy terms. No consumer rights, data handling practices, or policy commitments were altered. There is no action required from consumers at this time.
Why it matters
This change appears to be a monitoring false positive caused by a bot-detection wall, not a real privacy policy update. No consumer-facing terms were altered.
What changed
Booking.com updated their Booking.com Privacy Statement on April 05, 2026. Change detected: 1 sentence(s) modified. Document contained 3 sentences after update.
Consumer impact
The detected change in Booking.com's Privacy Statement on April 5, 2026 appears to be a technical update to internal security script parameters rather than a substantive change to privacy practices or consumer rights. No new data collection, sharing, or user rights provisions appear to have been added, removed, or modified. Based on the available diff, no specific consumer action is required.
Why it matters
Because the captured diff shows only a technical security script rather than actual privacy policy text, it is unclear whether any meaningful policy change occurred. Verification of the underlying policy is needed to confirm no substantive consumer rights changes were made.
What changed
Booking.com updated their Booking.com Privacy Statement on April 03, 2026. Change detected: 1 sentence(s) modified. Document contained 3 sentences after update.
Consumer impact
The detected change reflects a routine rotation of internal security challenge tokens on Booking.com's privacy policy page, not an amendment to any privacy rights or data practices. No consumer-facing policy language was modified, added, or removed as a result of this update. There is no action required by consumers at this time.
Why it matters
Because the privacy policy page was blocked by a bot-challenge at time of capture, the true content of any policy change could not be verified. Compliance teams should confirm no substantive changes were made to the underlying document.
No provisions indexed for this document yet.