Holidaymakers who have booked a trip in Spain this summer are arriving to their hotels and discovering significant delays at check-in due to stringent new regulations.
The rules which came into effect in December, 2024, are causing considerable delays as they require hotels, private rentals, and car hire companies to collect extensive personal information and share it with the Spanish Ministry of Interior, raising concerns over privacy and the potential for unchecked child trafficking.
Under the new system, hotels must collate up to 42 pieces of data from each guest, including full names, passport or ID numbers, addresses, dates of birth, email addresses, phone numbers, bank details, and even relationships to accompanying travellers. The shift from the previous quick ID scans to manual data entry is leading to long waits at reception, in some cases hours, at hotels all over the country.
Jorge Marichal, president of the Spanish Confederation of Hotels and Tourist Accommodation (Cehat), has said the process is like 鈥渁pplying for a visa to the United States,鈥 warning that check-ins are taking significantly longer, especially for groups and families.
Hotel check-in delays said to be in interests of 鈥榮ecurity鈥
The Spanish government claims the measures are to improve national security by combating terrorism and organised crime. However, the requirement to transmit sensitive information, including bank card details, to the authorities has alarmed tourists and privacy advocates. The Spanish Data Protection Agency has already ruled that photocopying IDs is illegal, a common practice for many years in Spain, forcing hotels to manually input data to avoid privacy violations, further slowing the process.
Critics are particularly concerned about glaring loopholes in the process which cancel out the claim of 鈥榮ecurity鈥 from the government. The new rules exempt children under 14 from the data collection. While this is said to protect young guests鈥 privacy, it raises serious questions about the effectiveness of the regulations in preventing child trafficking. With no mandatory records of minors staying at hotels, authorities may struggle to track vulnerable children, potentially undermining the security goals of the new law.
Be prepared to wait at hotel reception
Holidaymakers are advised to prepare for a much longer wait at check-in times and ensure their personal details are accurate and to-hand to avoid delays. Those privacy-conscious travellers may also want to ask at reception about how the hotel is going to handle and store that data. The new rules, part of Spain鈥檚 broader efforts to regulate tourism, but have sparked debate on platforms like X, where users have labeled the measures 鈥渂ig brother鈥 and an 鈥渋nquisition.鈥
The information the hotel or rented accommodation in Spain is expected to gather and share with the government, is the following:
Personal Identification (6鈥8 data points):
Full name (first and last names).
Passport number or ID number.
Nationality.
Date of birth.
Place of birth.
Country of residence.
Home address (street, city, postal code, country).
Contact Information (3鈥5 data points):
Email address.
Mobile phone number.
Fixed-line phone number (if applicable).
Emergency contact details (name and phone number, if required).
Travel Details (6鈥10 data points):
Date of arrival.
Date of departure.
Check-in time.
Check-out time.
Purpose of travel (e.g., tourism, business).
Number of travellers in the party.
Relationship to accompanying travellers (e.g., spouse, friend).
Room number or accommodation details.
Booking reference number.
Travel agency or platform used (if applicable).
Payment Information (4鈥6 data points):
Payment method (e.g., credit card, cash, bank transfer).
Bank card number (if applicable).
Cardholder name.
Card expiry date.
Card issuer (e.g., Visa, Mastercard).
Transaction ID (if applicable).
Additional Personal Details (5鈥8 data points):
Occupation (reported in some sources as a required field).
Marital status (potentially included for relationship verification).
Number of accompanying adults.
Number of accompanying children (though data on children under 14 is not stored).
Language spoken (if relevant for communication).
Previous stays at the accommodation (if tracked).
Loyalty program membership (if applicable).
Security and Administrative Details (5鈥10 data points):
Type of identification document (e.g., passport, national ID).
Issuing authority of the ID.
Issue date of the ID.
Expiry date of the ID.
Visa details (if applicable for non-EU travelers).
Entry point into Spain (e.g., airport, border crossing).
Destination after leaving the accommodation (if known).
Vehicle details (e.g., license plate or chassis number/VIN for car rentals, if applicable).
Signature or digital acknowledgment of data submission.