Legal London, United Kingdom

Global Privacy Director

Company Intro

Booking Holdings (NASDAQ: BKNG) is the world leader in online travel and related services, provided to customers and partners in over 220 countries and territories through six primary consumer-facing brands –, KAYAK, priceline,,, and OpenTable. The mission of Booking Holdings is to make it easier for everyone to experience the world.

Booking Holdings Financial Services UK (hereinafter “BHFSUK”) is based in London, UK and provides financial services in the form of payment services and e-money products across all the brands. BHFSUK is committed to conducting its business in compliance with applicable laws, regulations and guidelines, with integrity and to the highest ethical standards.

Job Summary

Booking Holdings Financial Services (BHFS) is looking for an experienced privacy lawyer with international experience to lead privacy and data protection legal advice to our businesses globally.  

The selected candidate will have the opportunity to directly support and advise multiple business areas on key elements of our privacy program and emerging privacy risks which may impact the establishment and scale of BHFS.

You will support a dynamic organization of executives, finance leaders, risk managers, compliance professionals, product managers, finance and treasury professionals, software and hardware engineers, designers, deal makers, and operations specialists who are responsible for bringing payments and financial services products to life across Booking Holdings Inc’s global portfolio of brands and making an impact on millions of travelers per day.

The role demands a product-savvy and technically competent privacy lawyer. This opportunity represents an exceptional chance to embed yourself with one of the world’s most exciting organisations, and help define the future for accessing travel experiences across the world.

Key Responsibilities

  • You will report to the Global Head Legal of Booking Holdings Financial Services and be responsible for handling all data privacy legal matters related to the BHFS business, worldwide. 

  • You will work closely with the Data Protection Officer for each of the BHFS entities and with privacy lawyers and professionals in other BHI brands. 

  • You will provide expert data protection advice, supporting the business. In all matters, advising the business commercially and pragmatically. Advise key stakeholders on privacy issues affecting the business in a commercially savvy way, taking into account the nature of the business, its risk appetite, providing a steer and offering a view

  • Advise on new products and services; providing actionable and practical advice to the business on GDPR, CCPA/CPRA, LGPD and NYDFS compliance.

  • Providing advice and guidance on a full range of privacy legal issues and for privacy related matters globally, including electronic marketing, data localisation, security laws, commercial contracts, data processing agreements and disputes eview & draft DPAs.

  • Advise on data protection impact assessments, legitimate interest assessments and legal assessments relating to international data transfers.

  • Supporting the negotiation and drafting of critical third party contracts with appropriate privacy terms, optimising for commercial outcomes whilst adopting a privacy centric approach which protects the company data assets.

  • Horizon scan and be a thought leader on regulatory and legal developments on privacy worldwide. 

  • You will be called upon to provide practical and actionable advice on a variety of regulated products and services and you will need to exercise legal judgment and commercial acumen in assessing legal risks in respect of privacy across multiple jurisdictions.

  • Working with internal stakeholder groups, the BHI Group and other brands within the Holdings Group, to support and manage the data sharing and analytics elements in support of ‘The Connected Trip’.

  • Analysing relevant case law and proposed new privacy, e-privacy and cyber laws and regulations that may impact the business and its growth and support the implementation of any regulatory requirements.

  • Managing external counsel where needed and constantly looking for opportunities to improve ways of working/process/controls.

  • Your legal and strategic business advice will help develop a comprehensive, long-term approach to our relationships with key partners on all aspects of our payments operations.

  • As a senior member of the team, fostering collaboration and encouraging best practices in ways of working and knowledge sharing.

Knowledge Skills & Abilities

  • Law degree from a top law school, and excellent academic credentials. Admitted to practice law in the UK, Ireland or the US.

  • Have a very sound knowledge of law and market practice in the field of data privacy, cyber security and data governance (and, depending on the candidate, commercial and IP law) and understand the regulatory, legal and commercial challenges companies face in relation to data.

  • Experience of working in an inhouse role where providing data protection legal advice was the primary responsibility. 

  • Excellent technical knowledge of data privacy law and data commercialization legal issues.

  • A deep understanding and experience of the following is required:

  • The General Data Protection Regulation (GDPR), e-Privacy Directive (as implemented currently). Experience with CCPA/CPRA and other emerging US-based privacy laws (e.g. Virginia), LGPD, POPIA, NYDFS  is desirable. 

  • A broad understanding of other data privacy regulations applying in the rest of the world will be an advantage. 

  • Contract experience and an awareness of risk and technology (from a privacy perspective)

  • Advising on privacy of new product development and product delivery channels.

  • Identifying and liaising with local counsel around the globe, identifying suitable partners, commissioning work, challenging deliverables, managing budget etc.

  • Must be skilled in assessing and advising on controls to manage data privacy risks

  • Previous experience of working within a technology and digital legal environment is desirable.

  • Experience of dealing with government agencies and privacy regulators. 

  • The idea candidate would have experience of working internationally or on international matters, especially the US

  • A strong commercial instinct and helps to apply that knowledge in practical and actionable ways

  • Experience in a role with global scope – the lawyer in this role should equally have a global worldview – and be capable of sourcing, critiquing and managing input form a range of internal and external stakeholders to form a view even outside of his or her direct experience

  • Experience of having to use business judgment, excellent interpersonal skills, along with a demonstrated ability to collaborate with internal and external stakeholders, including senior management.

  • Ability to work collaboratively in a team environment as well as on own initiative and embedded in the business. Interested in building out a state-of-the-art legal function to support the expanding needs of a growing, international business.

  • Positive attitude, high level of integrity and intellectual curiosity. 

  • Ability to tolerate change and apply judgment where there is ambiguity in the law.

  • Excellent writing, communication, verbal and written, and organizational skills.

  • Eager to learn new technologies and from others. Comfortable navigating complicated and nuanced issues.

Our Brands