• Hotels handle large amounts of personal data that need to be particularly protected.
Hotel guests fall victim to a cyber attack near Lake Turrach.

Hotels in Hungary to share visitor data with new Data Center

Monday, 11 March 2019 15:15

A recent and controversial modification of the Act on Tourism makes a buzz in Hungary, as authorities will have access to basically everyone’s movements when staying at an accommodation of the hotel industry. While the government insist the step is necessary to further clear grey economy, detractors argue that personal data will be accessed by authorities in an unwanted way.

By the end of the year, all of the actors of the Hungarian tourism sector will have to register to the recently established Hungarian Tourism Agency, and share their visitor-related data with NETAK (National Tourism Data Center). Police and tax authorities will also have direct access to the data-center.

Starting from this year, the recent amendment to the Tourism Act is being implemented, as a result of which people can be traced accurately when using accommodation services.

According to the relevant government decree, hotels must register by June 30 at the latest, whereas smaller guesthouses, campsites, holiday homes, community accommodations and "other accommodation" including private accommodations must register by December 31.

Hotels and other providers of accommodation are obliged to install a so-called accommodation management software to start providing data on their guests at the latest on the first day of the month following the registration.

The government underlined that data sent by automatic machine communication to NETAK would only be used for statistical, tax and marketing planning purposes, and the software would only transmit data that did not contain personal details. These data would be accessible to public notaries of local city councils, and to employees of local authorities in accordance with their jurisdiction.

But an amendment that came into force on September 1, 2018, extended the scope of data that would be continuously and freely be at the disposal of the police.

If the police were to ask for detailed information, they could request a data supply that the accommodation provider must perform free of charge. In addition, the police would have the option of conducting unique searches in a repository containing data uploaded by the host, without the knowledge of the host.

NETAK, which is based on foreign examples, aims to suppress the grey economy, according to the Hungarian government’s information center: "The IT system that helps to collect national statistical data is not fresh news for the tourism industry, the law establishing the system regulates its creation and had been a priori. With the introduction of online cash registers in the catering industry, the sector has been bleached significantly. The goal of suppressing the grey economy in the accommodation service is a useful tool versus the actual, hard-to-control paper-based data supply system that provides significant opportunities for tax fraud and evasion.”

Opposition parties were not convinced by the government's good intentions: on January 23, liberal opposition party DK announced that it would turn to the European Commission to consider that the amendment of the law would seriously undermine European data protection principles, aka GDPR. The party fears that the database of holiday-makers will be available to a wide range of public bodies, including the tax authority and the police, without any restrictions, and without informing the people concerned.

However, according to the Hungarian Tourism Agency, NETAK will not store and manage any personal data related to the guests, and will only be able to store data in statistical data spheres.

According to Zoltán Guller, CEO of the Tourism Agency, the collection of personal data was "irrelevant for tourism development". He added that there was no change for the tourists, as they had to sign up for the rooms before they arrived. The new system will be good for anonymous tourist metrics, and nothing else.

According to the latest information available by the European Commission, the practice of the Member States willing to share information shows the following pattern: Question 1: Do the accommodation establishments in your MS collect from third-country nationals and from EU citizens?

In case of EU citizens:
  • full name,
  • date and place of birth
  • nationality
  • ID type and number
In case of Third Country Nationals:
  • full name,
  • date and place of birth
  • nationality
  • ID type and number
  • type of accommodation and/or address of hotel or other establishment with period of stay


Question 2: Is it mandatory to ask the identification document of the visitor for registration?

Largely mandatory in most cases, the only difference being that in this case the ID stands for a travel document, usually a passport.

The Member States participating in the survey were Belgium, Estonia, Finland, France, Germany, Latvia, Lithuania, Luxembourg, Portugal, Spain, Sweden, UK and Norway.