How does this work in hotels in which key cards and locks are offline? (I'd conjecture non-networked systems are still the most common ones.)

Also, how is it done in the EU after the introduction of the general data protection? Even if you have network integration regulation in 2018? It is most likely illegal to collect data on guests entering the room without the guest's explicit consent.