New data-collection requirements for tourists in Spain that some have likened to "Big Brother" are also being called confusing by travel advisors and suppliers who say the specifics of the rules are unclear.
A new rule requires lodgings, vehicle rental firms and travel agencies to collect over 20 items of personal information from travelers and submit them to the Spanish Interior Ministry. The initiative is meant to strengthen anti-terrorism efforts.
"There is confusion here," said Tom Jenkins, CEO of the London-based European Tour Operators Association, whose 1,100 members include companies like Tauck, Collette, Abercrombie & Kent and Road Scholar.
Jenkins said that in preliminary talks with Spanish authorities in September, ETOA had been told that the regulations were aimed at domestic suppliers.
"We were assured that these would only apply to those companies based in Spain," he said.
But when the final rules were issued, that provision was absent. "There is no evidence of this exception in the registration. So we await clarification," Jenkins said.
There's no doubt, Jenkins said, that the rules would apply to any tour operators that have registered offices in Spain. The rules reference "tour operators that provide intermediation services between companies dedicated to hospitality and consumers."
Some hotel companies were equally confused, saying that the law had not been published in Spain's official bulletin as of Dec. 2, leaving its timeline and implementation uncertain.
The rules, officially termed Royal Decree 933/2021, have caused an uproar, both inside and outside of Spain.
One opponent is the European Travel Agents' and Tour Operators' Associations, which in November issued a statement saying the decree will "force travel agencies, tourist accommodations and car rental companies to collect and transmit to the Ministry of the Interior highly sensitive information, such as financial details, traveler relationships and even travel patterns for three years."
It said the collection of the data will expose travelers to cyberattacks and the potential risks of misuse of their information.
Another critic is Ramon Estalella, secretary-general of Cehat, the Spanish Confederation of Hotels and Tourist Accommodation, who called the data collection a "Big Brother" move.
Questions have also surfaced about whether the regulations violate strict EU rules regarding collection and retention of private data.
The Interior Ministry has defended its approach. In a statement, it said the decree has been reviewed and approved by both the Spanish Agency for the Protection of Data and the State Council, "ensuring its compliance with EU data-protection standards."
The Ministry framed the new regulations as a reform of rules in place since 2022.
"This new system represents a modernization of the previous manual record-keeping process, now leveraging modern electronic communication technologies for a more streamlined and efficient registry," the statement said.
That has not mollified Spanish legislators. In October, the Spanish Congress moved to reopen negotiations and postpone implementation of the rules. That was followed by a majority vote rejecting the revisions in the Spanish Senate.
It isn't clear what effect the parliamentary maneuvers will have, although they suggest that the data rules could be revisited. "Clearly they're controversial within Spain at the moment," Jenkins said.
Items to be harvested by tour companies from travelers include first and last names, sex, identity document number, document support number, type of document, nationality, date of birth, place of residence, landline phone, mobile phone, email, number of guests and the relationship of guests if any are minors.
That is in addition to property, payment and contract details to be filled in by travel suppliers, including the type, number and expiration date of any credit card used. Fines for violations range from 100 euros for "minor infractions" up to 30,000 euros for "serious infringements."
Left in limbo, some travel companies not domiciled in Spain are sticking to their existing procedures. That's the case at packager ALG Vacations, which has contracts with a large number of hotels in Spain.
"It is our understanding that the hotels need to collect and report this information, not ALG Vacations," spokeswoman Julia Gilbert said.
Others say they already do much of what is required. "While Spain travel has been impacted by this new rule, the data required today is not much different than has always been needed for international travel," said Steve Born, chief marketing officer for the Globus family of brands.
"When travelers choose a tour operator, like Globus, we assist with collecting the correct data from the start to ensure the process is as smooth as possible," Born said.
According to Turespana, which said the law was a modernization of existing protocols, more than 3.8 million Americans visited Spain in 2023, about 4.5% of the total.
Jenkins said the current muddle discourages travelers to Spain from having confidence in tour operators and travel agents.
"The thing that everyone in the industry wants is certainty," Jenkins said. "The certainty to plan. That's where we add value. And a lack of certainty, and a lack of clarity, is a burden."