Airbnb Doesn’t Delete Confidential User Data

I wanted to unsubscribe from Airbnb emails but they have no unsubscribe function as required under Australian law (Spam Act 2003). To unsubscribe, Airbnb’s terms state only to “send us an email” to terminate the agreement. An email was sent as requested with the subject and body “cancel my account” for two accounts (i.e. Germany and Australia).

For the first account, Airbnb advised me with three reply emails sent from a third party (zendesk.com) that the requested account was cancelled. I conducted a test five days later to confirm the cancellation had failed. Access was granted to the cancelled account on login with the last password. Confidential account and profile information including my date of birth and phone number were still accessible, able to be updated, and obviously still held by Airbnb.

Airbnb refused to cancel my second account unless a “government ID” was provided, in spite of the request being sent from the same email address used to login. Airbnb was advised that the email reply was indistinguishable from a “phishing” scam. Airbnb was asked to state what legal authority Airbnb relied on to demand a government ID from me to cancel my account.

Airbnb simply continued to demand proof of identity to cancel the account without stating the legal authority for their demand other than suggesting it was merely an Airbnb policy. After replying to all further Airbnb responses with automatic resending of the original “cancel my account” request, Airbnb finally advised that the account had been cancelled but the data would not be deleted due to my failure to provide ID.

Airbnb has demonstrated their: failure to provide an unsubscribe facility as required by the Australian Spam Act 2003; failure to terminate (AKA “cancel my account”) the agreement while claiming to have done so; failure to give physical effect to the termination of the agreement granting Airbnb the right to hold confidential personal information necessary for service delivery by not deleting that information on termination.

The above evidence shows blatant breaches of Airbnb’s own policy, the Australian Spam Act 2003, and the German GDPR, which proves Airbnb’s intention not to protect consumer information.

Posted in Airbnb Guest Stories and tagged , , , , , .

Leave a Reply

Your email address will not be published.