Hotels and agencies demand the elimination of traveler data protection regulations

PalmaThe Spanish tourism sector has opened a new front of confrontation with the Ministry of the Interior over the traveler registry. The main hotel and travel agency associations have called for the repeal of Royal Decree 933/2021 after the European Commission opened an infringement procedure against Spain for possible violations in the processing of personal data.

In the Balearic Islands, the hotel sector's position has been particularly forceful. The Balearic Business Hotel Federation (FEHM), integrated into the Spanish Confederation of Hotels and Tourist Accommodations (CEHAT), considers that Brussels' decision "confirms" the warnings they have been expressing for a long time and validates their criticisms of a regulation they describe as "unenforceable".

According to the hotel employers' association, the system obliges companies to collect and submit large volumes of sensitive customer data, which increases the administrative burden and raises questions about privacy protection. They also warn of the legal risk arising from possible incompatibility with European law, especially regarding the principles of proportionality and data minimization.

FEHM, which has supported CEHAT's claims from the outset, is now calling for the immediate repeal of the decree and the opening of a dialogue table with the sector to design an alternative model. The president of CEHAT, Jorge Marichal, has lamented that the Ministry of the Interior has ignored the sector's warnings and trusts that the European procedure will force a review of the system.

Travel agencies are also pushing: "We are not obligated subjects"

The travel agency front has joined the criticism. The Spanish Confederation of Travel Agencies (CEAV) has insisted that they must be excluded from the application of the decree and considers that the European Commission's investigation confirms their "years-long concerns".

The sector denounces that the current model involves the massive collection of personal data and its retention for three years, with a bureaucratic burden that they describe as "unbearable", especially for companies acting as intermediaries.

CEAV also warns of the duplication of information generated by the system, as various actors in the sector have to submit the same data. This, they maintain, does not improve security, but it does increase costs and risks in managing sensitive data.

Furthermore, the employers' association questions the legal basis of the decree, as state citizen security regulations do not explicitly include travel agencies as subjects obliged to comply. Therefore, it considers that the extension of these obligations via regulation raises doubts about regulatory hierarchy and legal certainty.

A mobilized sector with a common demand

Along the same lines, the employers' associations UNAV and FETAVE – in the process of merging – have also called for the urgent suspension of the decree's application for travel agencies and the halting of any regulatory development that maintains these obligations.

The organizations agree on the same demand: to open a working group with the sector to redefine the traveler registration system and to reconcile public safety with respect for European data protection law.

While Brussels analyzes the case, the Balearic tourism sector sees this procedure as an opportunity to force a regulatory change that it has considered necessary for years. The tug-of-war between companies and the Administration, however, intensifies at a key moment for an industry that is the main economic driver in the Islands.