Ireland: Closed investigation into Airbnb Ireland over alleged GDPR Infringements including User Access and Right to be Forgotten

On 14 September 2022, the Irish Data Protection Commission (DPC) closed an inquiry into Airbnb Ireland. The decision to open the inquiry was due to accusations against Airbnb of not adhering to the GDPR. In particular, according to the accusations, Airbnb would not have guaranteed users the right to delete their data by attaching to the satisfaction of the request the uploading, by the user, of documents not previously requested. The DPA's assessment has therefore concerned the satisfaction of both the user's access and deletion rights, as well as the legitimacy of the request to provide additional documents. According to the DPC, Airbnb could have adopted different identity verification methods from those implemented and therefore considered the request for an identity document to be unlawful. Moreover, the failure to guarantee access to the response to the user's cancellation request also constitutes, according to the DPA, a breach of the GDPR.