As of 2nd December 2024, the Spanish government has introduced new regulations requiring hotels to collect extensive personal data from tourists, including family details, bank card information, and addresses, which must then be provided to security services. While Spanish hotels already request guests' ID card or passport information, these new rules are expected to be the most stringent in the EU, with up to 42 pieces of personal data being collected.
The new rules are part of Royal Decree 933/2021, a regulation that has been postponed until now and establishes the documentation and information registration requirements for individuals or entities engaged in accommodation and motor vehicle rental activities. We have all the details of the new rules that are already sparking controversy in Spain and abroad.
Spain's traveller registration system
The main change is the introduction of a traveller registration system, which obliges companies in the sector to provide up to 42 details about reservations and travellers. Hoteliers and travel agencies are considering legal actions, as they believe the implementation requires data that European data protection agencies prohibit collecting, such as credit card details.
The regulation mandates the sharing of reservation information, including reference numbers (contract identifiers), booking, check-in, and check-out dates, as well as details about the establishment (type, name, and address). It also requires traveller numbers and payment methods, along with the personal details of the person making the booking, such as name, surname, ID, email, and phone number. Fines for non-compliance range from €100 to €30,000, depending on the case.
The Ministry of the Interior has already announced that it will soon issue a public consultation on Royal Decree 933/2021, a process open for two weeks that will allow companies to propose improvements, such as regarding data automation systems.
Alongside potential changes after the public consultation process, as of 2nd December 2024, all tourist accommodations, travel agencies, digital platforms, and vehicle rental companies must provide user data via the Ses.Hospedajes platform.
"Big Brother" tourism rules and controversy
On 20th November, the Senate plenary approved a motion presented by the PP urging the government to indefinitely suspend the implementation of Royal Decree 933/2021, which the main opposition party has dubbed the "Big Brother of Tourism."
The vote resulted in 153 in favour, 6 abstentions, and 103 against. However, the government has not changed the planned schedule, unlike in early autumn.
The original entry into force was set for 1st October, but it was postponed for technical reasons to facilitate data sharing and interconnection between establishments in autonomous communities with regional police forces, as the Interior Ministry explained at the time.
The Ministry, led by Fernando Grande-Marlaska, defends the change, claiming it will strengthen public security. It says that since its introduction in 2022, the system has helped locate 18,584 people listed in national or international databases.
Currently, more than 61,000 hotel establishments, nearly 2,000 travel agencies, 220 digital platforms, and 1,720 vehicle rental companies are registered on the platform. Together, they have recorded 4.77 million linked user data entries. Now, the registration will be mandatory for the entire sector.
Hotels and travel agencies consider legal action
The tourism sector claims the government has ignored its concerns and warns that the practical implementation of the regulation is unfeasible. Additionally, they believe it will create a competitive disadvantage in the national and European markets and that the increased costs for businesses will result in higher prices for travellers.
The Spanish Confederation of Hotels and Tourist Accommodation (Cehat) has issued a statement condemning the government's "lack of communication and transparency" regarding the concerns of the sector and travellers' rights under Royal Decree 933/2021.
On one hand, the employers' association has criticised that, despite "repeated" requests for dialogue and letters sent by both the association and European tourism groups, the government has not responded. They also argue that a "thorough" review of the Royal Decree's content is necessary.
Cehat also expressed regret that the registration system is coming into force before the public consultation process for the ministerial order is completed, creating more confusion among hoteliers and travellers. They argued that its implementation entails an "unreasonable" bureaucratic burden, given that 95% of the sector consists of SMEs.
"This Royal Decree infringes upon fundamental privacy rights and is contrary to several EU directives, which is why Cehat asserts that compliance is impossible due to the risk it poses to establishments being subject to lawsuits from travellers," say the hoteliers, who are prepared to take legal action.
The same complaints and actions are being raised by travel agencies.
During the first Forum on Tourism Law, held last week in Barcelona and Madrid, Catiana Tur, Manager of the Corporate Association of Specialised Travel Agencies (ACAVE), criticised the "legal uncertainty" posed by Royal Decree 933/2021 and the fact that "the sector has not been consulted" on the ministerial order regarding the new traveller registration system.
In her view, "the regulation is impossible to apply, as it demands data that European data protection agencies prohibit collecting, such as credit card details." She also lamented the "silence" from the Spanish Data Protection Agency, as they have been requesting a response for months.
Meanwhile, César Gutiérrez, President of the Business Federation of Territorial Associations of Spanish Travel Agencies (FETAVE), admitted, "We didn't believe the Royal Decree would actually go ahead, because all reports—those from the Data Protection Agency, the European Commission, and the State Council—pointed to many incompatibilities with existing laws."
On the other hand, legal advisor to the Union of Travel Agencies (UNAV), Maria Dolores Serrano, explained that the Ministry justifies requesting the data on the grounds of public security, specifying that, as travel agencies, "we do not question the purpose, but the form and scope of it."
The three trade associations have announced they are considering legal action against the new traveller registration, as they believe it "violates European data protection regulations due to the amount of sensitive and personal data it requires companies to collect."
In a joint statement, FERAVE, UNAV, and ACAVE stress that "it is important to raise awareness among the public and travellers about the seriousness of this regulation, as they will be the main victims once the measure is implemented, as they will have to provide over 40 pieces of data for accommodation bookings and more than 60 for vehicle rental."
They also reminded that the European Commission and the Spanish Data Protection Agency had already issued reports during the Royal Decree's processing, warning that many aspects did not comply with existing regulations, urging the Ministry to make changes.
Despite all the criticism, the Secretary of State for Tourism, Rosario Sánchez, has stated that "there is no need to make a mountain out of the process of adapting the regulation, which is similar to many others we have experienced in our country," and which "have always had brilliant results."
How to get a TIE card in Spain: step-by-step guide for 2025
If you’re planning to live in Spain for more than 90 days, you will need a TIE card (Tarjeta de Identidad de Extranjero), which is your foreigner identity card. This small plastic card is essential for residents, proving your legal status in Spain and including your NIE number, photo, and fingerprint.
The 7 essential official changes you must make when moving house in Spain
Moving house in Spain can be a stressful and time-consuming process. From packing and transporting your belongings to cleaning and settling in, the practicalities of relocating are often just the start. On top of this, there are important official steps to complete to ensure your documentation and registrations are updated correctly.
Empadronamiento in Spain: what is it and how do I get it?
When you move to Spain, there’s an important checklist of steps to become a fully legal resident. One essential task is obtaining your empadronamiento, often simply called the padrón.
Spain's tourist tax: Barcelona hike & new city levies for 2025
Tourist taxes, often referred to as sustainable tourism levies or city taxes in Spain, are an increasingly common measure for destinations managing high visitor numbers. This small, per-night fee is typically added to accommodation costs and is designed to help mitigate the impacts of tourism on local areas. Revenue generated from these charges is reinvested into the community, funding the maintenance of public services and infrastructure, as well as projects that protect cultural heritage and t
Spain approves new parental leave scheme: 17 weeks paid and more support for families
As of 31 July 2025, Spain has officially expanded its parental leave policies, offering more generous support to working families. The changes, approved in the Council of Ministers and announced by Prime Minister Pedro Sánchez, include an increase in paid birth leave and new provisions for flexible, partially paid parental care leave.
Your guide to Spain’s Digital Nomad Visa (updated for 2025!)
Spain continues to sit at the top of the list for digital nomads looking to work abroad. There’s just something about the Mediterranean lifestyle and culture that draws so many to the area (plus, the weather is excellent!)
How to get a NIE number in Spain in 2025: Step-by-step guide for expats
When moving to Spain, obtaining your NIE number (Número de Identificación de Extranjero) is one of the first and most important steps you will take. Whether you want to work, study, open a bank account, buy property, or pay taxes in Spain, you will need this foreign tax identification number.