Netherlands: Closed Dutch Data Protection Authority investigation into Booking's compliance with data breach reporting obligation

On 3 April 2024, the Dutch Data Protection Authority (DPA) closed its investigation into Booking. The investigation focused on the platform's adherence to data leak reporting regulations. This investigation followed a fine of EUR 475'000 imposed on Booking.com in 2021 for not reporting a data breach in a timely manner, which led to personal data, including credit card details, being compromised. The DPA found that Booking demonstrated compliance by timely reporting all incidents of data breaches and taking measures to prevent future breaches. The DPA's investigation aimed to ensure Booking's compliance with measures to protect user data and maintain transparency in incident reporting. The DPA will continue to monitor Booking's practices and impose corrective measures if necessary.