The Spanish Confederation of Travel Agencies (CEAV) has reiterated its demand that travel agencies be excluded from the scope of Royal Decree 933/2021, which regulates the collection of traveler data, after the European Commission has initiated infringement proceedings against Spain for possible violations of EU data protection legislation.
The employers' association interprets that Brussels' action supports the concerns that the tourism sector has been expressing for years about a system based on the massive collection and transmission of personal information, and has asked the Executive to study "rigorously" the objections raised by the European Commission.
CEAV has emphasized the willingness of travel agencies to cooperate with the authorities in the fight against terrorism and crime, but maintains its reservations about the adequacy of some of the obligations included in the regulation to the European principles of necessity, proportionality, and data minimization.
The organization has also questioned the volume of data required by the system and the obligation to retain it for three years, especially for operators who act as intermediaries in the contracting of tourist services. The employers' association maintains that this configuration implies a bureaucratic burden of little practical use.
Similarly, it has warned of the "duplication of information" that, in its opinion, the current scheme causes. In CEAV's view, extending the number of subjects obliged to send and keep the same data does not guarantee greater security, but it does increase administrative obligations, compliance costs, and the risks arising from the handling of personal data.
Although the proceedings initiated by the European Commission focus on data protection aspects, the confederation emphasizes that legal doubts also arise regarding the inclusion of travel agencies and tour operators within the scope of the royal decree.
In this regard, CEAV recalls that the Organic Law on the Protection of Citizen Security does not include travel agencies or tour operators among the subjects obliged to keep documentary records and communicate data, so it understands that the extension of these obligations through a regulatory norm raises doubts from the perspective of legal certainty and the principle of normative hierarchy.
For this reason, the employers' association insists that travel agencies be excluded from the regulation and hopes that the Government will use the procedure initiated by Brussels to correct the shortcomings detected and rethink the current model.
CEAV defends that the safeguarding of public security and data protection can be made compatible, but stresses that any restriction of rights must be duly motivated, be essential, and comply with the limits set by European Union Law.