There’s been a requirement in the EU to collect this data for like 20 years.
And just like you say. It’s not like they will verify the data somehow. It’s collected, forgotten, and then dumped eventually.
Just like it’s been done for decades in other countries. Spain clearly has been slightly slow to implement the rules. And the data is stored under GDPR so it’s not like they can just sell it.
Will you tell us the same whenever the USA does likewise? Currently for a visitor from a “visa waiver” country who wishes to vist the USA the following are required:
WHAT DO I NEED TO APPLY?
Valid passport(s) from a Visa Waiver Program country. Traveler's valid email address. Traveler's home address and phone number. Traveler's emergency point of contact phone and email. Payment method: Fee for application is $21.00 USD. Valid payment methods include MasterCard, VISA, American Express, Discover (JCB or Diners Club only), and PayPal.The following information may also be required:
Traveler's aliases or other names (If Applicable). Traveler's National ID or Personal ID number (If Applicable). Traveler's Global Entry/NEXUS/SENTRI ID number (If Applicable). Traveler's employer address and phone number (If Applicable). Traveler's U.S. point of contact name, address, and phone (If Applicable).[/quote]
Note also that from some time in 2025, all visa-exempt visitors to the EU will be required to complete an electronic travel authorisation
When filling out the application, you will be asked to provide the following information:
Personal information including your name(s), surname, date and place of birth,nationality, home address, parents’ first names, email address and phone number; Travel document details; Details about your level of education and current occupation; Details about your intended travel and stay in any of the countries requiring ETIAS; Details about any criminal convictions, any past travels to war or conflict zones, and whether you have recently been subject of a decision requiring you to leave the territory of any country.
What surprises me about this, is that GDPR requires that companies must justify the reasons for collecting personal data, and prove they are securely handling it, plus retaining it only for as long as is required, then securely deleting it.
The Spanish government has effectively over-ridden such justifications, saying it must be collected, even though the company has no need for much of it. I presume that covers the company against GDPR prosecution for collecting data without justification, but that they’ll still be on the hook if that data is leaked/lost from them or en-route to the Spanish government.
Looking at new entry data requirements, some but not all of these data items are listed (mostly stuff on the passport) Data held by the EES - European Union
but not things like address, phone numbers, email address, relationships between travellers in a group. Is there additional EU legislation that requires these?
Yes, it’s originally in the Schengen Treaty from 1985. Spain joined in 1995. Countries can nationally legislate how to comply with the Article 45 of the treaty.
A key thing to remember is that in reality, nothing really changed in Spain. The new legislation simply extends the obligation that was already in place for hotels. Now airbnb and such have to comply as well. You had to give your address in the past as well. The old law was from 1993 so it was somewhat outdated.
You’ve had to give this information for a long time in Sweden, Finland, Germany, France, Italy etc etc. Spain has been a little lax, but the new decree isn’t really that strict. The new items they are collecting are things like email address (not relevant in 1993), but don’t tell me you often check in at a hotel and they don’t have your payment information, email address and such.
This truly is much ado about nothing. I checked in to my hotel in Zaragoza yesterday, and there was nothing different to the previous times I’ve been here.
“(a) the managers of establishments providing accommodation
or their agents see to it that aliens accommodated therein,
including nationals of the other Contracting Parties and
those of other Member States of the European
Communities, with the exception of accompanying spouses
or accompanying minors or members of travel groups,
personally complete and sign registration forms and
confirm their identity by producing a valid identity
document;”
1 Like
thanks for that Mikko
The reason for data collection appears to be driven by counter-terrorism / interpol reasons. Understandable.
My concern is less with the what is being collected, but more with the ‘who’ is collecting it. It seems to be a case of outsourcing to organisations (hotels), and now with the inclusion of airbnb type operations, individuals.
Will all have a sound grasp of the competing GDPR legislation, and the perils of mis-use of data collected? (rhetorical question - I’d assume no). I am happy with giving personal details to the police, but especially home address / phone number represents a risk if they have links to criminals in the person’s company “hey guys, this is their address and they’re away for at least 2 weeks - here’s the phone number to check no-one else is at home. Hope this helps with the burglary”. Will this actually happen? 99.9% no, but we’ve seen with frequent burglaries of sporting figures in the UK, that there are gangs that target houses when they know someone will be away from home.
Is the data controller in this instance the national government? If so, would they be liable for a data breach by one of their data collectors? Sometimes governments are reluctant to accept the liabilities that a company in a similar position would have. In this instance, I’d see liability for them if they failed to ensure proper security of such data collection by the people collecting data on their behalf.
If I were a representing a company implementing such collection, I’d probably require an online study & test to be completed by every person collecting such data, plus a declaration that data is either transmitted on the secure interface and immediately deleted locally, or if stored for any length of time, that this is properly secured. For belt & braces, it might need ad-hoc inspections to ensure adherence.
With re. Airbnb, I bet it will be AirBnb itself who will collect this data and I bet they will do a fine job with GDPR.
Most European countries have been doing this for decades already. This really is a non issue.
Find the address of your neighbor who is most heavily armed and use that. Enjoy the fireworks.
In the US most of the time you use your drivers license. Theres your address right there. This is making a mountain out of a molehill.
1 Like
That would be a sensible approach, but the article says they’re not doing the collecting:
“Meanwhile, Airbnb has told property owners renting out accommodation through its website they will need to be registered with the Spanish government and collect data from their customers.”
So no more Airbnb in Spain (not necessarily a bad thing). That obviously wont last long.
(Its very hard to register as a registered accommodation provider in Spain).
I just did this for an Airbnb trip this week (they seem to have activated it) They only needed the information that’s on the main pages of our passports and no additional banking or CC data.
All entered via a third party website that took the info from a scan of the passport.
2 Likes
Who the f)))* has a landline?
Don’t ask…
Moi. Can’t get rid of it ever since my then 7 year old daughter noticed that the last five numbers spell out our last name
1 Like
When the power goes out and the cell phones go dead the landline still works. Besides, cell service is horrible in my town.
Those two factors are similar for me, also I prefer to give out landline so it gets most of the spam calls (I don’t answer it unless I recognize the number). It’s usually on silent (no ring, no sound when answering machine records). It’s a pretty modest cost compared to others things that offer less value to me.
-Al
1 Like
I have my my landline parked at this point. If somebody calls it and leaves a message I get an email with an MP4 file attached.
1 Like
From AOL?