Tourism under scrutiny

Spain tightens traveller registration laws, sparking privacy debate: security measure or overreach?

by ilaria iaquinta

As Spain’s tourism sector rebounds from years of economic downturn, it now faces a new regulatory challenge. Effective from 2 December 2024, Royal Decree 933/2021 mandates that accommodation providers and self-drive vehicle rental companies collect and report specific personal data of their clients to enhance public security. This legislation has ignited a heated debate over its proportionality and its implications for data protection. While the government advocates for increased oversight, experts warn of potential legal and operational risks that could undermine the industry’s competitiveness.

NEW REQUIREMENTS

The decree compels establishments to record detailed information about guests or users, including full name, gender, date of birth, nationality, and identity document details—be it a National Identity Document (DNI), passport, or Foreign Identity Card (TIE). Additionally, they must document habitual residential addresses, contact information, number of companions, and, in the case of minors, the nature of their relationship to accompanying adults. Reservation-specific data, such as check-in and check-out dates, payment methods, and identification of the accommodation or rented vehicle, are also required.

This information must be transmitted to the Ministry of the Interior via the digital platform SES.HOSPEDAJES within 24 hours of booking confirmation or service commencement. Businesses are obligated to retain these records electronically for three years, during which authorities may request access.

INDUSTRY CONTROVERSIES

…

DOWNLOAD THE MAGAZINE TO READ THE ARTICLE

Experts: José Antonio Fernández de Alarcón, partner at Monlex; Miguel Recio, board member of the Spanish Professional Privacy Association (APEP), and Lola Carranza, head of digital law and technological business at Montero Aramburu & Gómez-Villares Atencia