After months of constructive dialogue with the European Commission, other stakeholders and intense efforts of teams across our business, we reached a major milestone today: our compliance with the requirements under the Digital Markets Act (DMA).
Booking.com is the first European company subject to the Digital Markets Act (DMA). Booking.com’s success is deeply intertwined with Europe. Founded in 1996 in Amsterdam, we have grown from a small Dutch startup to one of the most successful travel companies in the world.
We are proud of our success in a dynamic and highly competitive sector where we operate alongside other global online travel platforms, regional and niche players, direct channels, offline travel agencies, and many new entrants. By investing in technology that takes friction out of travel, we have built a platform where travelers from all over the world and partners of all sizes connect, making it easier for anyone to experience the world. Through our platform, we enable thousands of European small businesses to thrive, contributing to Europe’s position as the number one travel destination in the world.
At Booking.com, we recognize that with success comes responsibility. Trust, fairness and transparency are values we embrace and uphold in how we operate our platform.
Booking.com has been actively involved in policy discussions from the very beginning. It’s important for us to be an engaged partner, helping to lend our voice on issues that have a lasting impact. Regulations play a significant role in creating frameworks for how businesses operate and getting them right is mutually beneficial to companies, consumers, and regulators.
Over the past two years, we have worked hard to get ready for this day. Seeing business leaders, engineers, lawyers, and compliance professionals come together in a true team effort to fulfill our requirements and engage with partners for feedback has made me incredibly proud. This has led us to a position where we are confident that our compliance solutions satisfy the requirements of the DMA and deliver the experience that both travelers and our partners expect of us.
Our dialogue with stakeholders does not end with today’s compliance deadline; in fact, the journey is only beginning. We remain committed to continuing the constructive discussions with the European Commission and interested stakeholders. We also look forward to presenting how we have complied with the DMA requirements during our DMA compliance workshop on 25 November.
I’d like to express our appreciation to the European Commission and all our other stakeholders for the constructive input and collaborative discussions. We look forward to building the next chapter of Europe’s success together, remaining committed to build innovative and trusted products and services that meet travelers’ and partners’ ever-evolving needs.
Our responsible and constructive approach to regulation has guided the design of our DMA compliance solutions. We have undertaken extensive assessments of our business practices to identify what each of the DMA’s provisions means for Booking.com. In addition, we have built the necessary governance and controls to ensure we remain compliant looking beyond today’s compliance deadline.
On this basis, we introduced changes in our business operations in the European Economic Area (EEA) to comply with the DMA requirements. Additional details can be found in our compliance report. In particular, we have:
Removed all parity requirements throughout the EEA.
Following a comprehensive review, we have updated contracts with our partners in the EEA to remove or waive all parity requirements applicable to EEA-based travel offerings. This means that our partners do not have to provide the same or better rates and conditions to Booking.com than those that they make available on any online or offline channel.
We have taken action on this provision several months ahead of the DMA compliance deadline as this is a key change for Booking.com introduced by the DMA.
We have also looked beyond the terms of our agreements to ensure compliance with the DMA’s parity prohibition and will continue to ensure that we do not impose — and will not later introduce — any conditions to participate on our platform that effectively prevent partners from offering better prices or conditions for inventory in the EEA or other channels.
Launched a new tool to give users even more access to, and control over, their personal data.
We have launched the Data Portability Application Programming Interface (API) that provides travelers using our platform with free-of-charge, effective, real-time, and continuous access to relevant personal data.
Importantly, the API provides new ways for travelers to port their data directly to a registered third party of their choice. And the API enables this while ensuring that travelers remain informed and in control of where their data goes.
Further improved partners’ access to business-relevant data.
We have long taken the view that sharing useful data with partners helps them make the most of the platform. As such, we were already providing partners with rich data access and analytics tools. We have nonetheless carefully reviewed whether we could do better.
Based on this exercise, we have launched two new Partner Insight Dashboards for Car rentals and Attractions partners. These new dashboards make additional data available to partners and allow them to download data in an accessible format. We have also enabled the download of additional data on our existing portal for Accommodations partners — the Extranet — to make it even easier for partners to process the data we make available.
Implemented additional controls over personal data flows within our business.
Booking.com has always been committed to handling personal data of its travelers responsibly. We strive to be transparent about the processing of personal data to earn and retain our traveler’s trust.
The DMA requires us to obtain consent from travelers for Booking.com to engage in certain types of cross-data processing of traveler personal data involving other Booking Holdings Inc. (BHI) services, such as Agoda, Kayak, OpenTable or Priceline, or third parties. Already prior to the DMA, there were limited flows of personal data between Booking.com and other BHI services (and between Booking.com and third parties). Each of BHI’s main brands is a separate data controller under the GDPR, maintains a separate privacy policy, and stores data in separate back-ends.
Nonetheless, recognizing that in some respects the DMA’s obligations extend beyond those of the GDPR, we have ceased a small number of data flows that would require consent under the DMA since, at this time, we do not intend to roll-out an additional consent for such a small number of data flows.
Further information
For more information on how we are complying, please read our DMA compliance report. Our public feedback form can be found here.
View source
