usatoday24
“The DNI, please.” That is the phrase with which they usually receive the receptions of hotels and lodging when we register in them. In many cases these hotels not only prove our identity, but even photocopy that document. It is something that we will see this vacation very much, but the AEPD just ratified a warning that already made months ago.
Of photocopy of the DNI, nothing. The Spanish Data Protection Agency (AEPD) has published a note in relation to the “application for copies of identity documents in lodging.” In it he explains how current laws for hotels and lodgings do impose certain obligations by registering travelers, but Your conclusion is clear: “A copy of the identity document should not be requested.”
What does the law say. He Royal Decree 933/2021of October 26, specifies the documentary registration obligations in lodging activities and motor vehicles. According to this law, those responsible for those businesses – for example, hotels’ receptionists – are obliged to collect certain data from natural persons who use their services, prior to those start of those. ” It is true that they must check the identity, but from that to ask us for the ID to photocopy it half a world.
The DNI provides too much information. In fact, according to the AEPD, “request a copy of the National Identity or Passport document violates the principle of Data minimization (…) And it is an excessive data processing. “The ID contains more data than hotels need to comply with the regulations, but there is also another danger.
Identity Supplant. That in the hotels someone makes a photocopy of our DNI “implies, among others, an unnecessary risk of impersonation of identity, which must be avoided or, at least, effectively mitigated,” they explain in the statement. It is something that can effectively generate a real threat to people who end up becoming victims of scams. That is why police itself recommends that when they ask us for a copy of the ID – for example, for online efforts – Let’s modify it before sharing it.
And a copy is not suitable. In the AEPD they explain that sending a copy of the identity document is not even adequate because that copy “lacks sufficient suitability to comply with the purpose of the norm.”
A Enough form. In the AEPD they point out that Royal Decree 933/2021 requires very specific data (indicated in sections A.3, A.4, B.3 and B.4 of Annex I), namely:
- Name, surname
- Sex
- Identity and type document number
- Nationality
- Birthdate
- Usual residence address (town, country)
- Fixed / mobile phone / email
- Number of travelers
- Kinship relationship between travelers (if there are minors)
- Date of the contract, and of the entrance and exit
- Payment data (type of payment, holder, payment date)
And all these data can be provided by completing a form, which can also be done online through the Internet or in person in the lodging.
The hotel can check the data. In the establishment where we stayed, it would no longer be necessary to make a photocopy of the ID: “It could be enough to visually verify the correspondence between the data provided and the identity document exhibited.” There are in fact other options that the AEPD indicates for that data validation:
- Through digital certificates
- Through the data associated with the means of payment used
- Sending host security codes so that they use them as authentication factors
If you share the ID, do it with a water mark. There are very easy ways to add water marks to the document if we have to share it with anyone. One of the most striking is Saferlayera tool that It can be used directly from a browser and “modifies” the ID by adding an unequivocal pattern that makes it clear that this document is a copy and that it still allows you to consult the DNI data.
There have already been fines. The AEPD has been pronouncing on the cases in which various entities request photocopy of the DNI. He did it for example in the case of Messaging companiesand it has been warning about the practice that is already common in photocopy hotels. However, there have been fines to companies for requesting these copies unnecessarily. It happened at the Marins Playa Hotel, to which he fined With 30,000 eurosand also to Orange, who received a fine of 100,000 euros for the practice of confirming the identity of customers during package deliveries and photographing the DNI on both sides.
In Xataka | I’m sorry, I’m not going to sign the box of my personal data
GIPHY App Key not set. Please check settings