Holiday letting company fined 75,000 euros for requesting 'unnecessary' personal data
The Spanish authorities have fined a company in Catalonia that does holiday lets to tourists, a figure of 75,000 euros for requesting "unnecessary personal data” and not disclosing what it would be used for.
Following a complaint to the Spanish data protection agency (AEPD), they found that during the booking process, guests were being forced to check in online and were then asked to fill in a form with their postal address, telephone number, email address, ID (photographed on both sides) and even a “selfie” photograph.
Guests were then encouraged to send an email, in case they did not wish to receive advertising offers, but were not given any option to refuse to send the requested data.
When the guest complained to the company about its excessive requests, they replied that it only had the data that had been provided to Airbnb, the platform through which they had made the booking. They said that the rest of the data had been requested because, in Catalonia, they have to transfer travellers' data to the police.
According to the ruling by the Spanish authorities, personal data must be "adequate, relevant, and limited to the need for which it is collected”. Data protection officials ruled that the rental company did not provide a clear answer and did not provide the information in a transparent manner.
“Not all of the data the company requested is necessary either to provide the service of renting holiday apartments or to comply with the obligation to register people staying in accommodation establishments in Catalonia," the AEPD added.
After the complaint was filed by the client, the company did not present any evidence to refute the facts reported. For this reason, the Spanish data protection agency has imposed a fine of 25,000 euros for violating Article 5 of the GDPR terms and 50,000 for violating Article 13 of the same regulation.
Other articles that may interest you...