This is a bit BS, isn’t it? I cannot remember any time I stayed in any hotel in Spain, where they didn’t ask me for my ID (which they promptly photocopied), and a payment card (which they kept on file). So they already had the data, and from what it seems, they were illegally storing it, i.e. they weren’t following GDPR.
The difference is that all that data should now be uploaded to a government website.
Thus the problem here is that, since they won’t invest in protecting travellers’ data, they are now shifting the blame to the government.
Finally. Let’s hope this then also extends to all the other Spanish businesses that haphazardly photocopy your ID. Been a problem forever
What kind of sensitive data do they collect, exactly? The article doesn’t mention it. I heard about those rules (but no specifics) a couple years ago which actually pushed down Spain on my to-go list.
Just did quick search and found here entire list
https://www.barcelonatravelhacks.com/en/news/2024-tourist-data-collection-law
For some reason I couldn’t copy the text but copied from different website so this one may be incomplete
Details of the lessor company: Name or company name of the owner, CIF or NIF, municipality, province, landline and/or mobile phone number, e-mail address, company website and url.
- Establishment details: Type of establishment, name, full address, postcode, town and province.
- Tourists’ details: full name, sex, identity document number, type of document (ID card, passport, TIE), nationality, date of birth, usual place of residence (full address, town and country), landline and mobile phone, e-mail, number of tourists and relationship between tourists (if any of them are minors).
- Transaction data: Contract (reference number, date and signatures), contract execution data (date and time of entry and date and time of exit) and payment data (type, identification of the payment means such as card type and number, holder of the payment means, card expiry date and date of payment).
In addition, for non-professional accommodation some data varies, including full name, gender and ID of the owner of the property, as well as number of rooms or internet connection of the site.
In the case of car rental agencies, the data to be provided are similar to those for accommodation, but with the addition of the corresponding information on the main driver and the second driver (if applicable).
