Spain imposes strict data collection rules for tourists, igniting privacy concerns

In Spain, new regulations are set to come into effect, mandating that hotels collect vast amounts of personal information from tourists, including details relating to family, financial accounts, and addresses, totaling up to 31 different data points. This legislation, which is expected to be the most stringent in the European Union, will also extend to tour operators, holiday rental platforms, and car rental agencies, all of which will be required to upload this information to a centralized platform for Spanish security services. The reforms are backed by Spain's Interior Minister Fernando Grande-Marlaska, who argues that they are essential for combating organized crime within the country. However, this move has met with criticism from hospitality industry leaders who describe it as draconian and liken it to an infringement on privacy rights. They argue that the obligations imposed could potentially lead to violations of EU data protection laws, specifically the General Data Protection Regulation (GDPR). Furthermore, the industry warns that the implementation of these rules could result in significant disruptions for tourists, particularly during busy check-in times, leading to longer wait times and an overall compromised experience. The tourism sector, a vital component of Spain’s economy contributing approximately 12% to the national GDP, expresses concerns that tourists may opt for alternative destinations to avoid sharing sensitive personal data with authorities. Despite these grievances, Grande-Marlaska maintains that the new regulations consider both privacy rights and the need for heightened security measures, aiming to protect the safety of society as a whole. The rules are poised to go into effect shortly after delays over the preceding three years.