It seems that there is a subsidiary regarding what information British and other visitors must provide upon arrival on vacation. It was the previous one By law, people should provide more information than beforeThe field all collected information will be transferred to the Ministry of Internal Affairs of Spain to improve the national security of the country.
However, today the Spanish data protection agency (AEPD) have reported It is not allowed to request a copy of the client’s identification card or passportIn accordance with the royal decree 933/2021 or the new register of travelers, which establishes the obligation of housing suppliers to collect Cleain data from people who use ESE services.
The agency that you justified in your statement that this practice violates the principle of minimizing data and will be composite “Excessive” processingConsidering that the full identification card contains more data than the applicable rules, such as photography, the initial date of the document, can (unique identification code) and the names of the parents.
AEPD also stated that the provision of a copy of personal documentation includes, among other things, an “unnecessary” risk of personal theft, which “should be avoided or at least effectively softened”.
In Adionion, he indicated that the identification card does not contain all the information in Appendix I of the Royal Resolution 933/2021 and, therefore, in itself is not a reliable means of compliance with the aforementioned regulation.
As for the data collection required by the royal decree 933/2021, AEPD believes that for individuals there may be a manual for the provision or filling out a form containing only the data necessary in sections A.3 and B.3 of the Appendix I Royal Resolution. It includes Passenger data, such as the name, Srename, sex, document number, date of birth and mobile phone number.
As for the authentication of data collected using the form, in cases of personal fee, AEPD believes that it can be sufficient visually check that the data provisions are documented.
In the case Collection of online dates Without personal attendance, this check can be performed using mechanisms such as digital certificates, as indicated in the press release. “It also has to make sure that the data provided and information correspond to the data related to the means of payment,” the agency says. Similarly among obsessed measures, Security codes Sent to phone numbers or email addresses necessary for identifying yourself can be used as an authentication factor.
