Spain'S New Travel Data Requirement Draws Opposition

The European Travel Agents' and Tour Operators' Associations (ECTAA) is sounding the alarm bell on a new decree in Spain that will require travel agencies, accommodations and car rental companies to share travelers' personal data with the Ministry of the Interior.

ECTAA issued its warning alongside its Spanish representative, the Corporate Association of Specialist Travel Agencies, and the associations FETAVE and UNAV.

The associations have contacted the Spanish government with their concerns, asking for suspension of the regulation.

According to ECTAA, the decree was designed to increase security and share traveler information with police forces.

"However, the scope of requested data is excessive and could violate data-protection regulations," ECTAA said.

Legislators in Spain have attempted to halt the decree so it can be further discussed, but the government "continues to provide no response to the requests for suspension and review of the regulation," ECTAA said.

As it sits, the decree will go into effect on Dec. 2. Travel agencies, tourist accommodations and car rental companies will be required to share a number of data points on travelers -- more than 40 pieces of information are required for accommodation bookings and more than 60 are required for car rental bookings, according to ECTAA.

ECTAA highlighted some of the data points required: phone number, contact email, family relationship details, information about the payment methods used on the trip and travel patterns for three years.

Submitting those details, the association said, could expose travelers to misuse of their information if a cyberattack were to occur.

"This makes travelers the main victims of the potential exposure of their sensitive data, as this regulation is unprecedented in any other European country," ECTAA said.