New law gathering personal information from travellers in Spain, starting Feb. 2023

[Rebekah Scott]

Like most make-work initiatives in Spain, I bet this one, too, will be abandoned and forgotten within a year or so. It's just not do-able.

 

[Canche]

Not good

Like most make-work initiatives in Spain, I bet this one, too, will be abandoned and forgotten within a year or so. It's just not do-able.

hope so

 

[Tigger]

Change usually comes with some challenge and understanding why always seems to make the change a bit more tolerable regardless how we feel about the change... So I offer this for thought...

About 20 years past, England, Scotland, and Ireland each had a different database format for criminal records. This made cross reference of data difficult at best. People often slipped thru the cracks building long criminal histories. Then the genius idea... if only they had the same database. Yes, it was painful and many people didn't see the big picture, but they decided to make the big change. So, yes, some now had more data points to add and a new structure.

Today, before any plane lands in London, all the passengers are run thru the database ahead of time and people are rejected before they board rather than known criminals landing in UK. When you get a citation, a police officer can run your prints to see if they are in the database under another name. Security has vastly improved.

Maybe we need to understand what this is before we judge and in the meantime find a way to help each other get thru it. Cooperate with sign in and out, helping with paperwork, use more cash, whatever... Like everything else, we will get thru this too, but it will be easier if we work together.

 

[WGroleau]

So currently, I don’t think we in the USA andCanada use IBAN.

Of course not. How can we exceptional Americans learn anything from people who don't understand miles, gallons, bushels, and Fahrenheit? We have ABN. And the A is for American, so you know its Grrreat.

 

[Kathor1]

Of course not. How can we exceptional Americans learn anything from people who don't understand miles, gallons, bushels, and Fahrenheit? We have ABN. And the A is for American, so you know its Grrreat.

You may be in danger of losing sight of the fact that it makes zero difference whether you pay for your room by making your international payment to a hotel or albergue in Spain by using an IBAN or an ABN with Swift/BIC code. Under the new regulation your bank account number will be stored in a national government database as well as entered into a separate database file on an individual computer or hand-written into a ledger and it will be kept for 3 years.

 

[Phil W]

Having some interest in this topic as a hospitalero who volunteers only in donativos, I decided to do some research. It appears that since there is no charge of any kind nor any expectation of renumeration or other type of benefit to the donativo albergue, that this law does not apply.

"1. Accommodation activities: those carried out, professionally or not, with the purpose of providing, in exchange for a price, consideration or compensation, room or space for overnight stays to people, with or without other complementary services. (Article 2, Definitions at https://www.boe.es/diario_boe/txt.php?id=BOE-A-2021-17461)."

Article 5 discusses documentary registration while Article 6 covers communication of the information. In both cases, I believe donativo albergues are exempt (https://www.boe.es/diario_boe/txt.php?id=BOE-A-2021-17461).

Is this a burden for other accommodations on the Camino? Yes, I believe it is. Especially for the small private albergues, hostels, etc. Some of these, I have stayed in and will again be a guest. It will be difficult and perhaps expensive to comply with. I feel for them and who knows, I may volunteer in one of them in the future.

Now I may be incorrect, but it does not change how I will welcome pilgrims to the albergue (donativo) where I am a hospitalero voluntario. Yes, it may mean some additional work if donativo albergues have to comply with this law. In that case, I will comply. My focus will be on the hospitality for the pilgrims who stay with me wherever that may be. In any case, I will follow the guidelines set by facility where I am volunteering.

Phil

 

[David Tallan]

... if one thinks back to the ‘paying by cheque’ days, we all handed over on a regular basis a document with our full bank details, a signature and a sample of our handwriting.

The sun still came up in the morning and the Queen (QEPD) stayed on the throne.

And then we stopped and where is she now?

But in those days, which I remember well, all that information travelled around with the check and didn't tend to stick around at each place it passed through in resuable format.

 

[WGroleau]

You may be in danger of losing sight of the fact that it makes zero difference whether you pay for your room by making your international payment to a hotel or albergue in Spain by using an IBAN or an ABN with Swift/BIC code. Under the new regulation your bank account number will be stored in a national government database as well as entered into a separate database file on an individual computer or hand-written into a ledger and it will be kept for 3 years.

New? Stuff like that has been happening for ages. Though outside of America I pay with card or cash. And if someone is going to store my card number, they're going to get cash instead.

 

[Sidknee]

New? Stuff like that has been happening for ages. Though outside of America I pay with card or cash. And if someone is going to store my card number, they're going to get cash instead.

Every time you use your credit or debit card your information is stored and reported on. Every time you withdraw cash from an ATM or at a shop your information is stored and reported on. This happens the world over. You just don’t have visibility to it In the normal course. Moreover the regulators aren’t about to signal how they monitor for money laundering, financial crime, tax or sanction Breaches.

The variation is that the Spanish authorities, in addition to the above, also want to be able to track peoples movement due to the criminal elements and implications of “hiding” in plain sight.

I’m not keen on providing my credit card details to be stored on a paper based record with an unknown security protocol for 3 plus years (assuming someone remembers to destroy the information securely). So for me I’ll comply by providing my personal details, but will pay in cash.

Buen Camino

 

[dick bird]

Am I being exceptionally naïve here? I have supplied my credit card details probably thousands of times. When I go to use it online, up pops a little square and as soon as I enter my CVC, up pop all my credit card details, so the fact that the Spanish government or a small Spanish hostal also have my credit card details is probably not going to make a great deal of difference to the security of those details when they are apparently already floating around in the ether. As for the government knowing my address, it is there on my driver's licence and my annual bowel cancer screening kit always arrives unfailingly on time. What I am trying to say is that the horse has well and truly bolted on this one. By that I mean that hotels etc having to record all this detail is going to mean a lot more bureaucracy and hassle but I can't help feeling zero difference to the confidentiality of my personal details.

 

[Kathor1]

New? Stuff like that has been happening for ages. Though outside of America I pay with card or cash. And if someone is going to store my card number, they're going to get cash instead.

The general principle of private data protection, at least in the EU, is not that data cannot be stored, and storage is especially allowed for example when I voluntarily agree to it, for example in my Amazon account where I can chose between entering my credit card number permanently or only each time I make a purchase.

General data protection law is about who has access to these data, who can combine my data from different independent sources, and for which purpose are they collected and stored, and that they are not used for any other purpose. This goes especially for government data collection of data about their citizens. At least that’s a common view and concern where I live. YMMV.

I happen to believe that laws are respected. It seems that the Spanish government does not have access to the data banks of Visa, Mastercard and American Express for example, because if they had they would not need this new law, right? The argument of “so what, my data get stored anyway” does not fly particularly well, IMO.

 

[Flatlander]

Am I being exceptionally naïve here?

I think you may well be.
I think also that there may be a cultural difference too.

I have supplied my credit card details probably thousands of times

A lot of us have. Do you always offer your details when asked? Have you ever withheld your Credit Card either in a physical store or online and either cancelled the transaction or paid in a different manner?
If you have, you're at least aware of the potential of misuse of your card and data.

the Spanish government or a small Spanish hostal also have my credit card details

In a nutshell this is the problem for me, A small Spanish hostel (and I mean no disrespect to them) simply does not have the security to store that data for three years. A part time receptionist making minimum wage could be easily manipulated to provide that data to criminals.
We've already seen the suggestion that establishments preprint forms that require guests to fill out the relevant information. Paper! With my name, address, Credit Card Number and Expiry date. The only data missing to max out my card is the CVC number and that won't be needed for an over the counter transaction.
Even stored on a computer this is hugely valuable data to the right people and small, stand alone businesses with lots of foreign customers are the exact "ripe" type of harvest for criminals.

Let's not forget that currently when I pay with a card (credit or bank) the business ends up with no useful information about the transaction other than a receipt of the transaction. According to this current law that receipt is not enough. The data that allows fraud to occur is to be recorded and stored.

Perhaps I frequent a hotel or business and to speed things up I can allow them to record my data for future use. That is my choice. This new law takes away that choice.

floating around in the ether.

Perhaps your details are but mine are not. Or perhaps it just seems like they are floating in the ether.
Only established, reputable businesses get my card details. I do not use my card directly online with every retailer. I can use PayPal, as an example, to pay in places where I am less confident.
Having been locked out of Paypal I can personally vouch for their security process
I understand that they can still be hacked but I take comfort from the fact that they are operating under strict laws and have a significant reputation to protect. I am assured (perhaps wrongly) that they will do the right thing at the right time.
To go back to that small hostel in Spain? I do not have the same reassurance.

As for the government knowing my address, it is there on my driver's licence

Perhaps a cultural difference but it's unusual in Europe to have an address on a driving license.
That in itself isn't such a big deal.
However, pair my address with my banking details? That's a much bigger deal!
My bank has my address and all my banking details. I trust my bank to be on top of security and European law demands such. Back to the small Spanish hostel..........

What I am trying to say is that the horse has well and truly bolted on this one.

Oh, the horse is out of the stable door alright, and they're wandering about in the yard. The problem is that beyond the yard is the whole wide world and the horse is ill equipped for it. At the very least I'd like to keep the horse in the yard.

I can see no rationale for the storage of such data and the obligation placed on the small business is monstrous.
As has been pointed out, false addresses are easy to give for some of us without an address on official ID, cash payments can be made (although unlikely for car hire where a card is normally required) and the need to present ID is not new so that anyone wishing to make as small a footprint as possible can still do so while leaving the slightly unaware at a greater risk of fraud or identity theft.

And for anyone saying "I'll just pay cash" that adds a whole, different kind of risk to travel in a strange land. It also ignores the trends (again, perhaps a cultural difference) of a definite move to a cashless society - a move Spain is well on the way to. You may be able to pay cash now. But in 5 years?

And yes, some of us can get home and apply for a new credit card. But that is a whole world of unnecessary hassle and expense and not everyone goes home straight away. And for people who travel to Spain regularly? Hardly practical.

I have every sympathy for the OP. From their perspective this is a PITA. For the average guest it is significantly more risky than that.

 

[Sidknee]

I think you may well be.
I think also that there may be a cultural difference too.

A lot of us have. Do you always offer your details when asked? Have you ever withheld your Credit Card either in a physical store or online and either cancelled the transaction or paid in a different manner?
If you have, you're at least aware of the potential of misuse of your card and data.


In a nutshell this is the problem for me, A small Spanish hostel (and I mean no disrespect to them) simply does not have the security to store that data for three years. A part time receptionist making minimum wage could be easily manipulated to provide that data to criminals.
We've already seen the suggestion that establishments preprint forms that require guests to fill out the relevant information. Paper! With my name, address, Credit Card Number and Expiry date. The only data missing to max out my card is the CVC number and that won't be needed for an over the counter transaction.
Even stored on a computer this is hugely valuable data to the right people and small, stand alone businesses with lots of foreign customers are the exact "ripe" type of harvest for criminals.

Let's not forget that currently when I pay with a card (credit or bank) the business ends up with no useful information about the transaction other than a receipt of the transaction. According to this current law that receipt is not enough. The data that allows fraud to occur is to be recorded and stored.

Perhaps I frequent a hotel or business and to speed things up I can allow them to record my data for future use. That is my choice. This new law takes away that choice.


Perhaps your details are but mine are not. Or perhaps it just seems like they are floating in the ether.
Only established, reputable businesses get my card details. I do not use my card directly online with every retailer. I can use PayPal, as an example, to pay in places where I am less confident.
Having been locked out of Paypal I can personally vouch for their security process
I understand that they can still be hacked but I take comfort from the fact that they are operating under strict laws and have a significant reputation to protect. I am assured (perhaps wrongly) that they will do the right thing at the right time.
To go back to that small hostel in Spain? I do not have the same reassurance.

Perhaps a cultural difference but it's unusual in Europe to have an address on a driving license.
That in itself isn't such a big deal.
However, pair my address with my banking details? That's a much bigger deal!
My bank has my address and all my banking details. I trust my bank to be on top of security and European law demands such. Back to the small Spanish hostel..........

Oh, the horse is out of the stable door alright, and they're wandering about in the yard. The problem is that beyond the yard is the whole wide world and the horse is ill equipped for it. At the very least I'd like to keep the horse in the yard.

I can see no rationale for the storage of such data and the obligation placed on the small business is monstrous.
As has been pointed out, false addresses are easy to give for some of us without an address on official ID, cash payments can be made (although unlikely for car hire where a card is normally required) and the need to present ID is not new so that anyone wishing to make as small a footprint as possible can still do so while leaving the slightly unaware at a greater risk of fraud or identity theft.

And for anyone saying "I'll just pay cash" that adds a whole, different kind of risk to travel in a strange land. It also ignores the trends (again, perhaps a cultural difference) of a definite move to a cashless society - a move Spain is well on the way to. You may be able to pay cash now. But in 5 years?

And yes, some of us can get home and apply for a new credit card. But that is a whole world of unnecessary hassle and expense and not everyone goes home straight away. And for people who travel to Spain regularly? Hardly practical.

I have every sympathy for the OP. From their perspective this is a PITA. For the average guest it is significantly more risky than that.

Ultimately we all need to make decisions based on the choices/options available to us. Some of those choices involve risk, some necessitate sacrifices. Some of those risks or sacrifices we may deem to be too great and it may mean we decide not to participate in an activity (our choice).

I can see plenty of rationale for saving data and making that available to law enforcement and government authorities. Sadly most of those reasons are associated with criminal and nefarious activities. Your very concerns for your personal or personal property safety would seem to form part of that rational? Maybe.

I do sympathise with the small businesses and charities who are being asked collate and store the data. In time, and it may come quickly if the small businesses work with each other, a technological/digital solution may/will be found.

Additionally, there may come a time where the cost of doing business in cash maybe too great to sustain longer term, in which case there may be a switch to electronic payments only. Who knows? That looks some way off, but is foreseeable. But it isn’t a reality for today.

So until a technological solution is found we are likely going to have to make some of those choices.

Maybe we could register for a pilgrim number (so we don’t have too divulge the information to multiple providers). That number like our passport or drivers licence could be saved to a digital wallet and used at check-in. Only the number and your full name (and maybe a separate authentication document) would be needed at check-in. Plenty of smart people out there who could brain storm this.

Given the number of recent data hacks/breaches of government departments, banks, tech companies, health insurers etc…maybe that’s not a safe option? The law doesn’t protect you once your data has been hacked.

it does amuse me that people post their life and every movement on social media, yet become hypersensitive about the collection of personal data ( but we digress).

We may not like it, the albergues/pensións/donativos may not like it, but it is a new law. What ever we decide (one of those choices we will need to make) please let’s not take our frustration or direct our concerns at the small business owners/employees/volunteers. If the urge is there drop a note to the Spanish Government, it may actually have an impact if the ground swell is strong enough.

Buen Camino

 

[Flatlander]

Ultimately we all need to make decisions based on the choices/options available to us. Some of those choices involve risk, some necessitate sacrifices. Some of those risks or sacrifices we may deem to be too great and it may mean we decide not to participate in an activity (our choice).

Serious question: is the language "risk" and "sacrifice" really appropriate to apply to the process of checking into a room for the night?
It seems very extreme to me.

I can see plenty of rationale for saving data and making that available to law enforcement and government authorities

Yes. Data. It's the extent of the data required. Name. And address. And credit card number. And expiry date.
And while it is stored by the Government (hopefully securely) it is collected by (and also stored - for three years) small, independent businesses. The collecting and storage by these businesses are where the risk lies.
If Amazon or the Spanish Government are hacked tomorrow I am confident I will hear about it pretty quickly and take action. That little casa rural in where-was-it-again a few months ago? I'm not so sure.

Your very concerns for your personal or personal property safety would seem to form part of that rational?

Yes. I am concerned about the security of my finances and identity.

In time, and it may come quickly if the small businesses work with each other, a technological/digital solution may/will be found.

In time? And in the meantime?

But it isn’t a reality for today

It really is. It is perfectly possible to travel in Spain and never deal in cash.

Maybe we could register for a pilgrim number

The individual business needs to record the data against each customer. A Pilgrim number may speed up registration but does not negate the security issue of storage (as well as adding yet another database of information to the risk side of the equation).
Nor does it address any scenario outside of the Camino. This is, as outlined, a huge brush stroke right across the Spanish tourism industry affecting just about every visitor to Spain, pilgrim or not.

it does amuse me that people post their life and every movement on social media, yet become hypersensitive about the collection of personal data

You can call it hypersensitive, I prefer the term cautious.

Many of us can post a huge amount of detail and still remain relatively anonymous. You may know where I was and where I intend to go but that's very different from figuring out my credit card details.

 

[Sidknee]

Serious question: is the language "risk" and "sacrifice" really appropriate to apply to the process of checking into a room for the night?
It seems very extreme to me.

Yes. Data. It's the extent of the data required. Name. And address. And credit card number. And expiry date.
And while it is stored by the Government (hopefully securely) it is collected by (and also stored - for three years) small, independent businesses. The collecting and storage by these businesses are where the risk lies.
If Amazon or the Spanish Government are hacked tomorrow I am confident I will hear about it pretty quickly and take action. That little casa rural in where-was-it-again a few months ago? I'm not so sure.

Yes. I am concerned about the security of my finances and identity.

In time? And in the meantime?

It really is. It is perfectly possible to travel in Spain and never deal in cash.

The individual business needs to record the data against each customer. A Pilgrim number may speed up registration but does not negate the security issue of storage (as well as adding yet another database of information to the risk side of the equation).
Nor does it address any scenario outside of the Camino. This is, as outlined, a huge brush stroke right across the Spanish tourism industry affecting just about every visitor to Spain, pilgrim or not.

You can call it hypersensitive, I prefer the term cautious.

Many of us can post a huge amount of detail and still remain relatively anonymous. You may know where I was and where I intend to go but that's very different from figuring out my credit card details.

You’ll need to make a call yourself about what information you are prepared to provide or what mechanism you want to use to make payments. You have options.

That‘s a decision you will make.

For the exchange of value (payments) there are multiple options. If you don’t want to provide your banking or credit card details, there is cash as an option. There are of course other options, but they may not be available in all locations (as for example credit cards and direct banking are not uniformly available).

if you can’t get comfortable with that, then maybe think about visiting somewhere that better aligns to what you want to disclose or comply with, or delaying a visit until technology catches up, or maybe the law will changes?

I doubt that the expanded data collection requirements will have any impact on visitor numbers to Spain or more specifically the Caminos.

As a visitor to Spain (or any country that I visit) my personal view has always been that I:
1. understand that I’m a visitor
2. understand why I’m visiting that amazing country
3. don’t expect people to speak my native language (learning some local phrases before visiting)
4. respect, enjoy and appreciate local culture and customs
5. dress respectfully
6. respect and follow that countries laws and regulations
7. am responsible for my personal safety and behaviours
8. Know who to contact in an emergency
9. treat people with respect; and
10. get up early and go to bed late to give myself time to experience As much as I can.

 

[Flatlander]

there are multiple options

No answer to my question if the use of words like "risk" and "sacrifice" are really appropriate in a discussion about getting a bed for the night?

there is cash as an option.

So of the "multiple options" only cash gets a mention?
Here's the thing. If there is a way of getting around these new laws (designed to help prevent terrorism and crime) then the "bad guys" can avail of them too, probably better than a bunch of Pilgrims. It begs the question of just what is the point?

It's (currently) entirely possible to travel and overnight in Spain without ever having to show your passport or provide any ID to anyone. For months at a time.

Not everybody shares my concerns about this topic, and that's fine. I don't stress about where I'll stay some folks have it organised long before they ever leave. We're all different.

For anyone who is concerned, my suggestion to limit the risk of exposing their Credit Card would be to use a prepaid Credit Card (depending on banking services in their home place) which can be topped up as they go along. Many already do as a matter of course.

if you can’t get comfortable with that, then maybe think about visiting somewhere that better aligns to what you want to disclose or comply with, or delaying a visit until technology catches up, or maybe the law will changes?

Perhaps I'm hypersensitive but I detect an unpleasant tone here.
You might be interested to note that I am a resident of Spain.

I doubt that the expanded data collection requirements will have any impact on visitor numbers to Spain or more specifically the Caminos.

I doubt it will, either (and I don't believe anyone said that it would, either).
However, it raises the question of how the appropriate guardians will manage with the increased workload of collecting and storing the data of the 80 million + visitors to Spain annually.

If the worst comes to the worst and there are regular small breaches of data or one big hack what will happen then?

As a visitor to Spain (or any country that I visit) my personal view has always been that I:
1. understand that I’m a visitor
2. understand why I’m visiting that amazing country
3. don’t expect people to speak my native language (learning some local phrases before visiting)
4. respect, enjoy and appreciate local culture and customs
5. dress respectfully
6. respect and follow that countries laws and regulations
7. am responsible for my personal safety and behaviours
8. Know who to contact in an emergency
9. treat people with respect; and
10. get up early and go to bed late to give myself time to experience As much as I can.

I'm struggling to see the relevance to the topic of the thread? If I may make a suggestion - I always pack my lucky underwear

 

[Sidknee]

No answer to my question if the use of words like "risk" and "sacrifice" are really appropriate in a discussion about getting a bed for the night?

So of the "multiple options" only cash gets a mention?
Here's the thing. If there is a way of getting around these new laws (designed to help prevent terrorism and crime) then the "bad guys" can avail of them too, probably better than a bunch of Pilgrims. It begs the question of just what is the point?

It's (currently) entirely possible to travel and overnight in Spain without ever having to show your passport or provide any ID to anyone. For months at a time.

Not everybody shares my concerns about this topic, and that's fine. I don't stress about where I'll stay some folks have it organised long before they ever leave. We're all different.

For anyone who is concerned, my suggestion to limit the risk of exposing their Credit Card would be to use a prepaid Credit Card (depending on banking services in their home place) which can be topped up as they go along. Many already do as a matter of course.

Perhaps I'm hypersensitive but I detect an unpleasant tone here.
You might be interested to note that I am a resident of Spain.


I doubt it will, either (and I don't believe anyone said that it would, either).
However, it raises the question of how the appropriate guardians will manage with the increased workload of collecting and storing the data of the 80 million + visitors to Spain annually.

If the worst comes to the worst and there are regular small breaches of data or one big hack what will happen then?


I'm struggling to see the relevance to the topic of the thread? If I may make a suggestion - I always pack my lucky underwear

Risk and Sacrifice relate to a range of components associated with obtaining accommodation for one or more nights.

There are a number of specific risks/sacrifces depending on the type of accommodation (camping v municipal albergues v private albegues v pensions v hotels) they can range from is there a bed or booking available, your personal safety, the type or quality of the bed, the safety of your personal property, the quality of the sleep (noise), early starter etc through to the security of your backpack if you leave it for daily transport, security of your personal data, security of your “credit card“ data.

Most criminals, beyond petty theft (typically associated with the theft of cash or electronic devices) are interested in your personal identity data (which you already are required to provide). Identity theft is possibly the number 2 digital issue. Once they have your name, address, date of birth and your passport it’s a relatively easy process to uplift your identity and to start transacting in your name.

The nature of those risks/sacrifices depend on what steps you take to mitigate/minimise the likelihood and/or the manage the impact.

This is all about the choices you make, don’t make or avoid.

I feel for the small business operators and charities who are being asked to be the collectors and repositories of an increasing volume data. It’s a thankless task.

Pre-paid debit cards are a good suggestion, they minimise your exposure.

But if you live in Spain your Bank already has significant resources invested in protecting your credit cards, with suspicious transaction notification, transaction value limiting, 2 factor verification as well as account monitoring and testing. Maybe a quick chat to your bank will allay your fears.

The risks are greater for visitors to Spain who can’t use their home phone sim and need to obtain a local phone sim, not associated to their Bank identity. The first we know about it is when our home bank locks our card…

Maybe as visitors we need to borrow your lucky underwear!

 

[Flatlander]

Risk and Sacrifice relate to a range of components associated with obtaining accommodation for one or more nights.

I still think it is bizarre to use this language to describe getting a bed for the night. Preferences, certainly, but risk and sacrifice?

Maybe a quick chat to your bank will allay your fears.

Perhaps it has slipped your mind but you engaged with me when I was replying to another poster who asked if they were possibly being naive, having shared their credit card information thousands of times.
I'm reasonably aware of the risks, and have prepared for them, thanks.

The thrust of my posts (I hope) has been to draw the attention of people who may be naive to the potential problems this new law could pose.

For clarity, I will state it again:
The proximity of Passport, Address, IBAN number and or Credit Card Details together with email and phone numbers and possible relationships with spouse or children is like a Christmas gift for the wrong people. We often share some of that data but I cannot think of any but the most secure (and rare) situations where we are expected to share all that data at the same time in the same place. Buying a house is the last time for me.
And we are being asked to share it daily, perhaps with people who are ill equipped to manage and store it correctly. (No offence intended to any Hospitaleros)

The first we know about it is when our home bank locks our card…

Yes.
An unintended consequence perhaps of saving a few $ by not using roaming.

Having prepared for such an eventuality (a dual sim phone, or leaving the sim in a cheap phone at home with a trusted contact as just two examples) the impact of fraud can be reduced significantly. This is both why I am concerned about this law and encourage people to have a think about its effects and how they can mitigate them.
Depending on country of origin, bank, personal preferences and lots of other factors these mitigations will be very different for different people.

Maybe as visitors we need to borrow your lucky underwear!

Not a hope.

 

[David Tallan]

I still think it is bizarre to use this language to describe getting a bed for the night. Preferences, certainly, but risk and sacrifice?

To be fair, while it is rare to hear "sacrifice" come into the conversation about getting a bed for the night, the concept or "risk" regularly gets mentioned in these discussions as relates to the Camino, especially when talk turns to whether or not to book ahead... as in "the risk of not finding a bed when you arrive where you plan to stop for the night".

 

[Texas Walker]

Yes, I don't know about the US but in the UK cheques are printed with your account number and sort code.

It's amazing how many people don't realize that the way the person you gave the check to collects the actual money is because the account number and bank routing number are there in (computer readable) black in for all to see.

 

[Pathfinder075]

These are particularly intrusive.

That's what burn phones and msn addresses are for. Give them the burn phone number, preferably an in country mobile number and make some random msn up for the camino. Neither would be directly traceable. When you leave the country, toss the sim and forget the email.

To be fair it's no different when we had go to the USA (at the last place I worked). The official company line was we took a (new) clean laptop with us and a new mobile phone. Once in country you would download an OS, then log into the companies vpn and work remotely. The US government was assumed to be light fingered with peoples devices and info, so we didn't keep company data on them that could be stolen.

 

[Flatlander]

That's what burn phones and msn addresses are for. Give them the burn phone number, preferably an in country mobile number and make some random msn up for the camino.

That's all well and good until an albergue/hotel wants to contact you because you left something behind.
Or maybe after a month or two to let you know that perhaps your credit card info was compromised.

A bit like that info that is needed to get an email address. Put in any old stuff and later, maybe years later, if you ever get locked out and want to get back in that info could be quite important.

 

[Kathor1]

It's amazing how many people don't realize that the way the person you gave the check to collects the actual money is because the account number and bank routing number are there in (computer readable) black in for all to see.

Did you ever see anyone pay by check in Spain? The last time I wrote a check was in 2001. That’s when my banks stopped issuing check books.

 

[Kathor1]

That's what burn phones and msn addresses are for. Give them the burn phone number, preferably an in country mobile number and make some random msn up for the camino

Truly brilliant idea. The overwhelming majority of pilgrims and other tourists in Spain are Spaniards and other Europeans. So a new phone for every trip or holiday … that’s how much in total? At least 70 million burn phones a year …

 

[Molly Cassidy]

Truly brilliant idea. The overwhelming majority of pilgrims and other tourists in Spain are Spaniards and other Europeans. So a new phone for every trip or holiday … that’s how much in total? At least 70 million burn phones a year …

I already have several redundant phone numbers I could give if I chose. Nobody is going to check if any of your details are true, apart from ID documents and payment.

 

[Kathor1]

I already have several redundant phone numbers I could give if I chose. Nobody is going to check if any of your details are true, apart from ID documents and payment.

Sure. And I know that some comments are made in jest. Yet ... all this advice to cheat, to circumvent, to lie, to resort to tricks ... maybe it is just me ... I'd rather stick to the law and if I don't like a regulation I'd look for citizen action to have them changed or challenged in court, be either getting actively involved or at least supporting it in principle and help to raise awareness.

 

[Flatlander]

I already have several redundant phone numbers I could give if I chose. Nobody is going to check if any of your details are true, apart from ID documents and payment.

I'm going to go out on a limb and presume that you're not intent on creating mayhem in Spain nor part of a global criminal network so my question is that if you, as a responsible citizen, can avoid the collection and storage of your data so easily* will criminal gangs and terrorists not just do the same?

So what is the point?

It seems to me that a lot of people are going to be exposing themselves to an increased risk of identity theft and fraud for no good reason.

It's also clear that a lot of people don't really understand this risk.

* Of course, supplying false contact information can have negative impacts outside the law should you leave something behind.

I'd look for citizen action to have them changed or challenged in court.

I'm quite shocked that there isn't more of this being made by trade organisations. Representatives of the hospitality industry large and small and especially the banking sector. The fact that accommodation providers have to store banking data for three years is exposing banks to massive risk.

 

[Molly Cassidy]

I'm going to go out on a limb and presume that you're not intent on creating mayhem in Spain nor part of a global criminal network so my question is that if you, as a responsible citizen, can avoid the collection and storage of your data so easily* will criminal gangs and terrorists not just do the same?

Yes, of course they will. I expect it's more about the government being seen to be doing something about it than anything else.

 

[WGroleau]

The proximity of Passport, Address, IBAN number and or Credit Card Details together with email and phone numbers and possible relationships with spouse or children is like a Christmas gift for the wrong people. We often share some of that data but I cannot think of any but the most secure (and rare) situations where we are expected to share all that data at the same time in the same place. Buying a house is the last time for me.
And we are being asked to share it daily, perhaps with people who are ill equipped to manage and store it correctly. (No offence intended to any Hospitaleros)

Facebook begged for my phone number for years. Then they bought WhatsApp and got it without asking me. Most users just gave it to them. FB also (possibly) gets user's credit card numbers with their "fundraising" feature. And many users frequently announce their location to Facebook. Trust FB, the outfit that for quite a while encouraged children to not only announce their location to the world, but to name who of their friends is with them?

And then there's Google—NSA's biggest competitor?

If a criminal is after my data specifically, they can get it easily. But by limiting its spread as much as is within my power, they are more likely to go after the millions that don't know how to limit it and/or don't care.

I was a hospitalero when GDPR took effect. The database the Guardia Civil required us to use is still online, though in my opinion it is NOT compliant with GDPR. I don't know whether they have made any changes, but the data entry form is still the same. It doesn't take address, or credit card numbers, but it does hold the number, type, and country of an ID (usually passport). And does not require the pilgrim to sign consent for that data. They didn't even know that we copied our paper form into the online DB afterward.

 

[WGroleau]

That's what burn phones and msn addresses are for. Give them the burn phone number, preferably an in country mobile number and make some random msn up for the camino. Neither would be directly traceable. When you leave the country, toss the sim and forget the email.

When I got a phone in Burgos (2016), they demanded an e-mail address. I gave them a binnable one I had created that forwards to my "normal" one. Had to get the bills that way. But they also demanded an ID number—passport, DNI, or NIE. Few pilgrims have a NIE and only Spanish citizens have DNI. And of course, they insisted on a card number, to ensure they could collect next month's payment. I'd rather pay cash—shortly after I used a card at a restaurant in Texas, someone used the number in Virginia.

 

[Glenshiro]

From a UK point of view, this is massively intrusive. British law only requires that all accommodation premises must keep a record of guests over the age of 16. The record should include their full name and nationality. They must keep each guest's details for at least 12 months. (Although this legislation has been earmarked as 'obsolete' and may soon be scrapped). And that's it. No requirement to show an identity document or to give any other details. You can turn up at a hotel, give any name you feel like, paying cash, and no one will be any the wiser. Although a register must be kept, it is not routinely shared with the police.

However, many continental jurisdictions, including Spain, require everyone to carry some ID with them at all times, so a different atmosphere perhaps prevails.

 

[Molly Cassidy]

However, many continental jurisdictions, including Spain, require everyone to carry some ID with them at all times, so a different atmosphere perhaps prevails.

Yes, very true. In Croatia I had to show my passport to leave my bag in the left luggage and to buy train tickets I think.

 

[Pathfinder075]

That's all well and good until an albergue/hotel wants to contact you because you left something behind.
Or maybe after a month or two to let you know that perhaps your credit card info was compromised.

It's fine, I don't forget things, nor use a credit card. It's a cash all the way journey for me. I might use a card to pull cash out every couple of weeks at a bank, but that's the limit of it's use. The card is one of the prepay ones you get before hand, that can be loaded up with cash and offers good exchange rates.

A bit like that info that is needed to get an email address. Put in any old stuff and later, maybe years later, if you ever get locked out and want to get back in that info could be quite important.

I have my own mail servers littered around the globe. I simply set an address up, use it for my camino (or actually any holiday I go on) and delete it afterwards.

Obviously if you don't have that level of tech knowledge, then you would use msn, gmail or one of the other throwaway email providers to achieve the same effect. But if you have a clean android phone and number, setting up a gmail account is pretty easy since it is bound to your phone number. The safeguards are far less than if you go to the website and create one.

As far as passport, name, address, I'm not really bothered. I'm pretty sure even back in 2017 I had to give that data at some albergues.

 

[henrythedog]

It's fine, I don't forget things, nor use a credit card. It's a cash all the way journey for me. I might use a card to pull cash out every couple of weeks at a bank, but that's the limit of it's use. The card is one of the prepay ones you get before hand, that can be loaded up with cash and offers good exchange rates.

I have my own mail servers littered around the globe. I simply set an address up, use it for my camino (or actually any holiday I go on) and delete it afterwards.

Obviously if you don't have that level of tech knowledge, then you would use msn, gmail or one of the other throwaway email providers to achieve the same effect. But if you have a clean android phone and number, setting up a gmail account is pretty easy since it is bound to your phone number. The safeguards are far less than if you go to the website and create one.

As far as passport, name, address, I'm not really bothered. I'm pretty sure even back in 2017 I had to give that data at some albergues.

I’ve a great deal of sympathy for your approach but ‘I don’t forget things’? C’mon. Nobody forgets things deliberately.

I assume you never hire a car?

I use a credit card with a deliberately low credit limit which is paid in full weekly by direct debit, I use a VPN 100% of the time when not on my home network, a ‘disposable’ email address for all but fully trusted transactions and have an unregistered phone with text forwarding for anyone who requires a number.

They’re all simple enough things to do (or get a teenager to do for you). Much more than that seems overkill IMHO.

 

[Molly Cassidy]

If you forget something, you can phone the establishment yourself. And if you haven't noticed you've forgotten it, it's probably something you don't need anyway.

 

[dick bird]

The simplest solution to this problem is a pre-loaded travel card. You can throw it away when you get home or just leave it empty until your next trip. The details are thus useless to scammers. A Spanish SIM is good because people will answer it - foreign numbers are assumed to be spam. You can throw that away too. WhatsApp will still work. Don’t expect hotel owners or hospis to run around after your lost property - if you forgot it, you’ll have to go back and get it.

 

[Pathfinder075]

As henrythedog mentioned, having a VPN is useful, especially when you are on open wifi. If you find they are blocking OpenVPN (some places do), L2TP will usually work instead. It will stop people snooping on you when you are on wifi.

But yeah the best way to deal with lost property, is not to lose it in the first place. Have a pack order and get into the habit of doing the pack the same way, every day. After a couple of times you will notice if you are missing something when you do the pack. I also tend to check my bunk, under the bunk (ie on the floor), under the mattress, etc. Just the same as you would check your camping area after you have packed your tent away.

 

[Flatlander]

Facebook begged for my phone number for years. Then they bought WhatsApp and got it without asking me. Most users just gave it to them. FB also (possibly) gets user's credit card numbers with their "fundraising" feature. And many users frequently announce their location to Facebook. Trust FB, the outfit that for quite a while encouraged children to not only announce their location to the world, but to name who of their friends is with them?

And then there's Google—NSA's biggest competitor?

Maybe I'm a bit thick this morning but I'm struggling to see the relevance of what Facebook or Google do. FYI, I have accounts on both and neither has my credit card details. In fact, it was the very fact that a Google subscription was paid for by an external source that provided proof to Google that it was my account they had locked me out of.
If the suggestion is that "Everyone is out to harvest my details and there's nothing I can do about it" I find that dangerous in the extreme.
Perhaps I've misunderstood.

If a criminal is after my data specifically, they can get it easily. But by limiting its spread as much as is within my power, they are more likely to go after the millions that don't know how to limit it and/or don't care.

If a criminal is after your data specifically there is little you can do about it. They'll just steal whatever they need. If they want someone's data and yours is harder to get, then chances are they'll move on to the easier target.
However, the situation here is generally. As well as a huge Government database somewhere there will be lots and lots of small ones whose security is of a dubious quality.

They didn't even know that we copied our paper form into the online DB afterward.

I'm far from an expert but from what I do understand this new law is in violation of EU GDPR. I am bemused at the lack of response.

When I got a phone in Burgos (2016), they demanded an e-mail address

Anyone who wants a phone or simcard in different countries will be aware that each country is different in terms of what ID is necessary. Some will allow it with no ID but after a set period of time ID must be furnished or the number is recycled.

And then things go downhill.......

It's fine, I don't forget things

I have my own mail servers littered around the globe

If you forget something, you can phone the establishment yourself.

As well as instructions on how to pack up in the morning.

I'm surprised at the "I'm alright, Jack" attitude of some posters. It seems at odds with the general theme of a Camino. I have a mental image of a shattered Pilgrim, gasping for water on the side of the trail in the Meseta while another bounces along congratulating themselves on their own preparation.

If you're the kind of person who hands over your credit card details willy nilly to anyone in the real world and online without any concerns then I hope this thread might open your eyes a little bit.

There is a very big difference between spotting an illicit use of your card while you are at home and have access to all your contacts in your own language and discovering one day that your credit card or bank card no longer works while you are in a foreign country. Sure, banking laws and insurance might see to it that you're not out of pocket in the long run but the actual process is pretty miserable.

Preventing the blocking of a card and mitigating the harm from it requires some deep thought, some discipline and some understanding of how banking systems operate, some in places far from home as well as how credit card fraud can work.

And for every choice made ( a makeyuppy phone number. email etc.) there can be a cost that only becomes clear in its own good time.

 

[dick bird]

Maybe I'm a bit thick this morning but I'm struggling to see the relevance of what Facebook or Google do. FYI, I have accounts on both and neither has my credit card details. In fact, it was the very fact that a Google subscription was paid for by an external source that provided proof to Google that it was my account they had locked me out of.
If the suggestion is that "Everyone is out to harvest my details and there's nothing I can do about it" I find that dangerous in the extreme.
Perhaps I've misunderstood.


If a criminal is after your data specifically there is little you can do about it. They'll just steal whatever they need. If they want someone's data and yours is harder to get, then chances are they'll move on to the easier target.
However, the situation here is generally. As well as a huge Government database somewhere there will be lots and lots of small ones whose security is of a dubious quality.


I'm far from an expert but from what I do understand this new law is in violation of EU GDPR. I am bemused at the lack of response.

Anyone who wants a phone or simcard in different countries will be aware that each country is different in terms of what ID is necessary. Some will allow it with no ID but after a set period of time ID must be furnished or the number is recycled.

And then things go downhill.......







As well as instructions on how to pack up in the morning.

I'm surprised at the "I'm alright, Jack" attitude of some posters. It seems at odds with the general theme of a Camino. I have a mental image of a shattered Pilgrim, gasping for water on the side of the trail in the Meseta while another bounces along congratulating themselves on their own preparation.

If you're the kind of person who hands over your credit card details willy nilly to anyone in the real world and online without any concerns then I hope this thread might open your eyes a little bit.

There is a very big difference between spotting an illicit use of your card while you are at home and have access to all your contacts in your own language and discovering one day that your credit card or bank card no longer works while you are in a foreign country. Sure, banking laws and insurance might see to it that you're not out of pocket in the long run but the actual process is pretty miserable.

Preventing the blocking of a card and mitigating the harm from it requires some deep thought, some discipline and some understanding of how banking systems operate, some in places far from home as well as how credit card fraud can work.

And for every choice made ( a makeyuppy phone number. email etc.) there can be a cost that only becomes clear in its own good time.

So don't use a credit card. The alternatives are either cash, and that brings its own problems, or a pre-paid, load it up travel card. Once you have spent all the money on it, you throw it away. It is useless to a thief. This solves all the problems. If you also get a Spanish SIM, which is not at all a bad idea, you can also provide personal contact details to the hotel or albergue or whatever, then as soon as you get home, remove the Spanish SIM and chuck it in the bin. You have thus complied 100% with Spanish law and avoided providing any details that can be compromised, scammed or phished.

 

[Flatlander]

So don't use a credit card. The alternatives are either cash, and that brings its own problems, or a pre-paid, load it up travel card.

Yes. I offered such advice earlier in the thread.
Other things that can be done to increase security is for couples to only use one card (so the other is separate in the event of things going wrong) or use a bank that has a useful app for keeping track of activity.

Phone numbers, email addresses and physical addresses are red herrings, pretty much, for me. They only come into play when paired with far more sensitive bank details.

It's comments like this

This solves all the problems.

that concern me.

I believe that nothing solves all the problems.
(And some steps to solve one problem can create others)

It's not unusual, for instance, to have a credit card associated with an online reservation system such as Booking. If that is not set up to use the disposable card (because I don't plan on using it on Spain) an exhausted or stressed out decision to use Booking that one time could end up with my usual credit card data in that one place. Admittedly, the chances of suffering are slim but it's an example that vigilance is required. Consistently.
Even if it's just a matter of keeping the two cards physically separate so that the wrong one is not used by accident.

I'm not wanting to frighten people and paint a picture of doom and disaster but I'd encourage anyone to have a good think about how these things operate. Especially if acquiring new sims, new email addresses, new cards etc.
And not to think that all their problems are solved.

Watching a documentary once on plane crashes, an air crash investigator said that a plane crash is rarely caused by one catastrophic failure, but rather a series of small, seemingly insignificant (and non fatal) events that in a specific sequence can be fatal. I think it's a useful approach to take to a lot of things.

 

[Kanga]

I am waiting, @Flatlander, for you to offer some solutions.

As an aside, when at home I tend to use ApplePay on my phone to pay for things. Face ID, Touch ID or a passcode are required for purchases and my card number and identity aren't shared with merchants, and my actual card numbers aren't stored on my device or on Apple servers. I assume there is a similar system for google and android users.

 

[dick bird]

It's not unusual, for instance, to have a credit card associated with an online reservation system such as Booking. If that is not set up to use the disposable card (because I don't plan on using it on Spain) an exhausted or stressed out decision to use Booking that one time could end up with my usual credit card data in that one place.

I believe this thread is about the dangers associated with having to supply credit card and other details to an accommodation provider in Spain. It has nothing to do with using a credit card to pay for purchases outside of Spain. Of course, if you use Booking.com they have your details and use them to make the booking, but you can still use the pre-paid card to actually pay at the reception desk. One may, of course, make a mistake due to stress or inattention and actually use your credit card, but as you usefully point out, one has to be vigilant.

I am not sure if this thread is going anywhere. The information has been provided, the views have been expressed, the opinions have been aired and the warnings have been given. Unless people have something new to say rather than reiterating points already made, we will probably close it.

 

[Flatlander]

I am waiting, @Flatlander, for you to offer some solutions.

As an aside, when at home I tend to use ApplePay on my phone to pay for things. Face ID, Touch ID or a passcode are required for purchases and my card number and identity aren't shared with merchants, and my actual card numbers aren't stored on my device or on Apple servers. I assume there is a similar system for google and android users.

I have already offered solutions

I can mitigate the most harmful effects of this expanded law by simply paying cash for accommodation.

For anyone who is concerned, my suggestion to limit the risk of exposing their Credit Card would be to use a prepaid Credit Card (depending on banking services in their home place) which can be topped up as they go along. Many already do as a matter of course.

Having prepared for such an eventuality (a dual sim phone, or leaving the sim in a cheap phone at home with a trusted contact as just two examples) the impact of fraud can be reduced significantly.

Depending on country of origin, bank, personal preferences and lots of other factors these mitigations will be very different for different people.

I also offered some suggestions to the OP as to how they could better explain the situation so as to get a better response.

As for your Apple Pay it's not clear to me how this will work in reality. There is a credit card (or bank account) attached to that Apple Pay account and the new law states that this data needs to be recorded.

This is the point that I am clearly failing to make.
This new law is a significant change and we should probably have a think about how that will affect us.

 

[Flatlander]

I believe this thread is about the dangers associated with having to supply credit card and other details to an accommodation provider in Spain

Apologies. Maybe I wasn't clear.
I simply meant in the scenario that I use a booking app that I hadn't planned on using and therefore wasn't set up with the disposable card. In Spain, of course.

you can still use the pre-paid card to actually pay at the reception desk.

Unfortunately, not always.
I alluded to this earlier. Sometimes there is no choice to pay at the premises, the payment is done through Booking. Is my credit card data now shared with the premises?
It's these seemingly insignificant details that normally wouldn't concern us that become more significant in the current scenario.

 

[Kathor1]

As for your Apple Pay it's not clear to me how this will work in reality. There is a credit card (or bank account) attached to that Apple Pay account and the new law states that this data needs to be recorded.

Merely from the technical point of view: I've wondered about this, too, as an avid Apple Pay consumer. Mine is linked to my debit card but all you can see on the watch face are the last four digits of the bank account to which it is linked. And of course the shop owner or hotel receptionist has no way of retrieving the whole number on their computer - it just passes through their devices, woosh, and may even be encrypted. I would have to pull out my debit card from my bag to communicate the complete account number. But of course I don't even have to have the card with me when I pay with Apple Pay ... and it works in other countries, too - at least in the ones I've tried it so far, and I have no doubt that it will work in Spain. Mine is linked to the Maestro network.

 

[Molly Cassidy]

Apologies. Maybe I wasn't clear.
I simply meant in the scenario that I use a booking app that I hadn't planned on using and therefore wasn't set up with the disposable card. In Spain, of course.


Unfortunately, not always.
I alluded to this earlier. Sometimes there is no choice to pay at the premises, the payment is done through Booking. Is my credit card data now shared with the premises?
It's these seemingly insignificant details that normally wouldn't concern us that become more significant in the current scenario.

I never allow the booking agent to save my card details, so can use any card I like each time I book.

 

[Flatlander]

Merely from the technical point of view: I've wondered about this, too, as an avid Apple Pay consumer. Mine is linked to my debit card but all you can see on the watch face are the last four digits of the bank account to which it is linked. And of course the shop owner or hotel receptionist has now way of retrieving the whole number on their computer - it just passes though, woosh, and may even be encrypted. I would have to pull out my debit card from my bag. But of course I don't even have to have it with me when I pay with Apple Pay ...

As things currently stand in most parts of the world using a physical card in a terminal leaves the retailer with no usable data either unless they have modified the terminal to copy the card or indeed make a physical or mental copy of the information. In other words it is usually safe.

As the usage of smartwatches increases we can be sure that their security will come under pressure too.

To imagine a worse case scenario for a moment
Handing over a credit card to pay for a room all the receptionist has to do is remember the three digit CCV number as all the other details are to be recorded according to the law. I find that a cause for concern.

 

[Flatlander]

I never allow the booking agent to save my card details, so can use any card I like each time I book.

Good for you. Not everyone has thought about that.

And as suggested elsewhere I'd suggest using a VPN to help keep your online activity secure.

 

[Tia Valeria]

Trying to follow all this. Credit cards can be checked for fraud and payment verified. It is Debit cards which are linked direct to a bank account which would concern me. Prepaid cards are good especially if purchased or loaded using cash. I assume that if using the alternatives one would not have to supply bank details as they would not be needed to verify a genuine account. Also I would not have had those details with me if I had left my debit card at home.

 

[Pathfinder075]

Mobile phones are the bane of security. People put banking apps on them and that makes it so much easier to steal money from them. People use biometrics thinking it makes them more secure, but a fingerprint can be copied (you touch a glass you left a copy of it), a decent photograph of a persons face can often open a phone. The fact is if you steal a persons phone, it isn't massively hard to unlock them at which point you have a treasure trove of personal data which allows access to everything. If the theft occurs when a person is drunk, then it would be massively easier to unlock the phone. The best part is when you say make a massive purchase online and your bank sends you a code to confirm it's you, which goes to your mobile phone and if it's been stolen, kind of defeats the security aspect.

There is of course the point where it gets to far out there. I don't have an issue with booking.com, but I also don't use them when on Camino (or at all generally).
Like everything, have procedures for doing things and adhere to them. Learn about OpSec (which goes far beyond the things we are talking about).

 

[Kathor1]

I assume that if using the alternatives one would not have to supply bank details as they would not be needed to verify a genuine account. Also I would not have had those details with me if I had left my debit card at home.

You are right. People travelling in Spain, or rather the agent in question, have to provide only details about the form of payment or reservation that they have actually made. Numerous people think that the new request for delivering private data is disproportionate and excessive.

This thread is full of comments that have little or nothing to do with the change of law in Spain and their revamped national travellers register. @Juanma started this thread to alert us to the new situation and posted links to further information and suggested, very politely, that, if we feel like it, we can maybe sign a petition on change.org (see this link). I had a look. Only 896 people have signed it at the time of writing.

My own hope is that, as the year progresses and more people travel, an organisation will lodge a complaint with a Spanish court, or people who are aware of their rights under the GDPR, will lodge complaints with the SA in their own EU countries after their return from Spain and this will achieve change. There is not much point in taking it up with the SA in Spain, I guess, as it says something in Decreto 933/2021 about the Spanish Data Protection Agency and the GDPR which I don't quite understand but I guess it means they think that they are in compliance.

 

[WGroleau]

I'm far from an expert but from what I do understand this new law is in violation of EU GDPR. I am bemused at the lack of response.

(in reference to my description of the hospederia law). It's not a new law. It pre-existed GDPR by years. And in my (non-lawyer) opinion, the fact that it still exists (apparently unchanged) is indeed a violation of GDPR. But how many albergue staffs are going to argue that with the Guardia Civil?

 

[WGroleau]

I happen to believe that laws are respected. It seems that the Spanish government does not have access to the data banks of Visa, Mastercard and American Express for example, because if they had they would not need this new law, right? The argument of “so what, my data get stored anyway” does not fly particularly well, IMO.

Respected by who? A month after I applied for NIE, I had to show the Burgos Comisaria the law that requires them to process it within five days. Two months after that I actually got the thing.

 

[Kathor1]

Respected by who?

By everyone.

And just to be clear: My comment refers to the GDPR and the protection of private data by the various and varied government entities. Your reply to the comment doesn't. I have nothing against the free flow of thoughts and associations and sharing memories but it does make a meaningful discussion about a particular topic often tedious while no doubt being entertaining and inclusive.

 

[ivar]

I closed this thread. I think most that needed to be said, was said…

 

[peregrina2000]

I don’t want to start up this debate again, but I just heard from @Juanma that the government has postponed the effective date of this law until January 31, 2024.

Maybe that suggests there will be changes, but who knows.