DistantNews
Support us
Greece Warns Hotels Against Illegal Data Collection During Check-in
๐Ÿ‡ฌ๐Ÿ‡ท Greece /Technology

Greece Warns Hotels Against Illegal Data Collection During Check-in

From Ta Nea · () Greek

Translated from Greek, summarized and contextualized by DistantNews.

At a glance

News Sources not specified Context piece
  • Greece's data protection authority warns hotels and accommodations about potential violations of GDPR during check-in.
  • Authorities found instances of hotels photographing or photocopying IDs, passports, and even credit cards, which is illegal.
  • The authority urges tourism businesses to comply with GDPR, emphasizing data minimization and lawful processing to protect customers.

Greece's Personal Data Protection Authority has issued a stern warning to hotels and tourist accommodations regarding illegal practices during the check-in process. The authority flagged concerns that some businesses are violating the General Data Protection Regulation (GDPR) by photographing or photocopying guests' identification documents and passports. In some cases, hotels have even been found to photograph both sides of credit cards, retaining copies for future use.

Such practices contravene the core principles of GDPR, including lawfulness, transparency, and data minimization.

โ€” Personal Data Protection AuthorityExplaining the illegality of hotels photographing or photocopying guest documents.

These practices are not only illegal but also increase the risk of unauthorized access, fraud, and financial loss for customers. The authority stressed that such actions contravene the core principles of GDPR, including lawfulness, transparency, and data minimization. It also highlighted that some businesses may be failing to implement data protection by design and by default.

In response, the authority has sent recommendations to the Panhellenic Federation of Hoteliers, the Hellenic Chamber of Hotels, and the Confederation of Tourist Accommodation Enterprises of Greece. They are urged to inform their members about their GDPR compliance obligations. The directive is clear: accommodations are not permitted to copy or store identification documents like IDs and passports, as there is no legal provision mandating it. Similarly, photographing or storing copies of credit and debit cards is prohibited.

Accommodations are not permitted to copy or store identification documents like IDs and passports, as there is no legal provision mandating it.

โ€” Personal Data Protection AuthorityClarifying the legal restrictions on data collection for hotels.

Hotels must ensure that all personal data processing is based on a lawful basis, with a thorough assessment of necessity and proportionality. Guests must also receive clear and accessible information about how their data is processed. The authority calls for a review of check-in and payment procedures, along with staff training, to prevent violations that could lead to sanctions and a loss of customer trust. For travelers, handing over identification at check-in does not grant hotels the right to copy or store it; simple data recording is sufficient and legal.

For travelers, handing over identification at check-in does not grant hotels the right to copy or store it; simple data recording is sufficient and legal.

โ€” Personal Data Protection AuthorityAdvising travelers on their rights regarding personal data during check-in.
DistantNews Editorial

Originally published by Ta Nea in Greek. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.