Air passenger travel information
Air passenger travel information helps with baggage checks, helps the police detect and combat terrorism and other serious crimes, improves border controls and prevents illegal migration.
Passenger name record (PNR)
Airlines record information for each passenger who books or checks in for a flight, including the date the reservation was made, the passenger’s contact details and baggage information. This information is called the passenger name record (PNR). Airlines send the PNRs for all flights to and from the Netherlands, including flights within the EU, to the passenger information unit (Pi-NL), via a secure connection. Customs only receives the PNRs for flights departing from the Netherlands to destinations outside the EU and arriving in the Netherlands from outside the EU. Click on the link to see which countries belong to the EU.
How the Pi-NL uses PNRs
Prior to a flight arriving in or departing from the Netherlands, the passenger information unit (Pi-NL) assesses the passenger name records (PNRs) to check whether any passengers may have links to terrorism or other serious crimes. If necessary, the police or Public Prosecution Service then conducts further investigations. The Use of Passenger Information (Terrorist Offences and Other Serious Crimes) Act (in Dutch) governs the Pi-NL’s use of PNRs.
How Customs uses PNRs
Customs uses passenger name records (PNRs) to facilitate checks on passengers’ baggage. It analyses the PNRs of all flights to and from the Netherlands to assess which goods it should investigate more closely. This keeps inconvenience for passengers to a minimum, as it allows checks to be done more quickly. Customs processes PNRs in accordance with the Union Customs Code (UCC) and the Dutch General Customs Act (in Dutch). You can read more about how Customs uses passenger information on its website.
Advance passenger information (API)
Advance passenger information (API) consists of the passport details and flight details of passengers on board an aircraft, including their names and nationalities and flight information and routes. The Ministry of Defence website gives an overview (in Dutch) of the information that is recorded. The airline sends API data to the Royal Military and Border Police (KMar) after flight closure once the passengers have boarded the aircraft.
The KMar’s use of API data
The KMar’s API Centre at Schiphol airport processes the API data it receives for flights from non-EU countries and countries that have not signed the Schengen Treaty. The KMar processes API data in accordance with the Aliens Act 2000.
How investigative agencies use PNR and API data
The police and other investigative agencies may apply for access to passenger information, including both PNR and API data, for use in criminal investigations. They may make the request to Customs, the passenger information unit (Pi-NL) or the Royal Military and Border Police (KMar). An application by a Public Prosecutor is required.
Passenger travel information and privacy
In drafting the Use of Passenger Information (Terrorist Offences and Other Serious Crimes) Act (2019, in Dutch), the importance of combating terrorism was carefully weighed against passengers’ privacy interests.
As a result, the Act includes various safeguards:
- Data may be kept for a limited period only.
- No sensitive personal data, for example concerning religion and ethnic origin, may be processed.
- Exchanges of information with other countries are subject to strict conditions.
There are two pieces of legislation that govern privacy:
- The General Data Protection Regulation (GDPR). This Regulation imposes requirements on the way data and privacy are protected, for example when Customs and the KMar process API data.
- The Police Data Act (WPG) (in Dutch). This Act sets out how the police must deal with personal data, in a way that protects the data and keeps it private. The same rules apply to the passenger information unit (Pi-NL). A personal data protection officer ensures compliance with the legislation.
The independent Data Protection Authority is responsible for monitoring compliance with this legislation.
Retention period for passenger travel information
Customs keeps PNR data for 48 hours after a flight arrives or departs. If necessary, the data can be kept for up to 28 days, after which time it is erased.
As prevention, detection, investigation and prosecution of terrorist offences and other serious crimes can take longer, Pi-NL keeps PNR data longer: five years. After six months, however, the personal data is anonymised by masking it. Investigative agencies like the police may only access this data with permission from the Public Prosecutor.
KMar destroys API data 24 hours after a flight arrives, but may keep data longer if required.
Overview passenger information
| Pi-NL | Customs | Royal Military and Border Police (KMar) | |
|---|---|---|---|
| Passenger information |
PNR |
PNR |
API |
| Tasks |
Combating terrorism and other serious crimes |
Checks on passengers’ baggage |
Combating illegal migration |
| Flights | All flights arriving in or departing from the Netherlands (from and to countries both within and outside the European Union) |
All flights arriving in the Netherlands from a location outside the EU All flights departing from the Netherlands to a destination outside the EU |
All flights arriving in the Netherlands from a location outside the EU All flights arriving in the Netherlands from a location in Europe outside the Schengen area |
| Retention period for information |
5 years |
48 hours |
24 hours, or longer if further investigation is required; in that case, the period laid down by the Police Data Act (WPG) (in Dutch) |
| Legislation |
Use of Passenger Information (Terrorist Offences and Other Serious Crimes) Act (in Dutch) |
Union Customs Code (UCC) and the General Customs Act (in Dutch) |
Aliens Act 2000 (in Dutch) |