Spain’s recent introduction of stricter data collection requirements for tourism businesses has sparked controversy, particularly in the hospitality and car rental sectors. Starting Monday, new rules mandate that hotels, camp sites, travel agencies, and car rental firms collect and submit detailed personal information about customers through a digital platform. The government states that these measures aim to enhance security, targeting terrorism and organized crime. Non-compliance could lead to fines of up to €30,000 ($31,500).
Under the new regulations, businesses must gather over 40 data points for lodging clients and more than 60 for car rentals. This includes not only basic information such as names, email addresses, and passport numbers but also sensitive details like birthdays, phone numbers, and payment methods.
Industry groups have raised concerns over the potential impact on privacy and the operational burden on businesses. Juan Molas, president of Spain’s Tourism Board, called the decree “unfortunate and incomprehensible.” The Confederation of Spanish Hoteliers (CEHAT) also voiced worries that the new rules could harm businesses, with some even considering legal action. CEHAT’s secretary general, Ramon Estalella, warned that the extensive data collection and storage requirements pose a significant risk to personal data security.
Additionally, the Spanish Confederation of Travel Agencies (CEAV) cautioned that the excessive bureaucratic demands could dissuade tourists, particularly as many smaller firms may struggle with the financial and logistical costs of implementing the system.
Although the new regulations were initially set to begin on October 1, the government delayed the enforcement to allow businesses more time to prepare. The move underscores the tension between security goals and the concerns of privacy advocates and the tourism industry.
