Spanish Watchdog: Accommodation Hosts Can't Make Copies of Passports and ID Documents
Hotels and other organizations offering accommodation can't make copies of customers' identity documents, such as passports, because it violates data-minimization rules and involves excessive data processing, the Spanish Data Protection Agency noted Tuesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Instead, hosts can collect data required by law face-to-face or via an online form, the agency said. To authenticate the information, a visual verification of the document is sufficient if the person is present. If verification is done online, mechanisms such as digital certificates, verification using data associated with the payment method or authentication through codes sent to a customer's phone or email, should be used, it said.
In any case, the Spanish agency added, any other procedure must be evaluated by a host's data controller to ensure it complies with data-protection regulations.