Passenger data

The Dutch government may request airlines carrying passengers to Dutch national territory to provide passenger details. The objective of such requests is to improve border checks and combat illegal immigration. In the case of airlines, this involves passenger data from incoming flights landing at Dutch airports. The flights must be operated from outside the EU and/or the Schengen area. Under EU Directive 2004/82/EC, airlines are required to provide passenger data. The Minister of Defence is responsible for the processing of this data by the Royal Netherlands Marechaussee.

Destinations requiring Advance Passenger Information

The submission of passenger data prior to landing is referred to as Advance Passenger Information (API). The Targeting Centre Borders (TCB) of the Royal Netherlands Marechaussee processes the submitted passenger data. This applies to flights from non-EU and non-Schengen countries.

Passenger data to be supplied

Airline companies are to supply the following passenger data to all Dutch airports:

  • The number and the type of travel document used;
  • Nationality;
  • Gender;
  • Full name;
  • Date of birth;
  • Dates of issue and expiry of the travel document;
  • The border crossing point of entry into the territory of the EU Member States;
  • Flight number;
  • The initial point of embarkation and other flight itinerary details/travel route details;
  • Departure and arrival time of the means of transport;
  • Total number of passengers carried on that transport;
  • Passenger Name Record (PNR) data file location.

Security measures and data retention period

The Royal Netherlands Marechaussee has implemented appropriate organisational measures to protect personal data. An integrated security system is employed, encompassing physical, informational, and personnel security measures. The comprehensive set of security measures is outlined in the Defence Security Policy.

Received passenger data is stored for a maximum of 96 hours, after which it will be deleted.

Personal data will only be retained beyond this 96-hour period when necessary for conducting criminal investigations or other police tasks. In such cases, the Police Data Act applies, instead of the General Data Protection Regulation (GDPR).

Algorithm

The TCB employs an algorithm to automatically screen submitted passenger data against watchlists and trends.

Watchlists contain specific individuals sought for suspicion or conviction of a serious criminal offence. Trends are a set of specific risk characteristics that, upon reaching a certain threshold, justify further border control of an individual. These risk characteristics explicitly exclude special personal data such as ethnicity or biometrics.

In the event of a match with a trend or watchlist, the match is always manually verified by a staff member. The algorithm never autonomously makes a decision. A correct match is also subject to the 'four-eyes' principle, involving a secondary check by another staff member. Only then is the match forwarded to the border guards, who will always conduct their own inspection at the border.

Accessing personal data

As a passenger, you can request to view your personal data from the airline. This can also be done for data processed by the Royal Netherlands Marechaussee. Information on how to request this data is available on the page Your personal data and the Marechaussee.

Should you wish to lodge a complaint about the processing of your personal data, or believe that the Royal Netherlands Marechaussee has not properly handled a request regarding your data, you may contact the Data Protection Officer of Defence or the Dutch Data Protection Authority.

Data Protection Officer of Defence
Ministry of Defence Data Protection Officer
PO Box 20701
2500 ES The Hague

Email: functionaris.gegevensbescherming@mindef.nl

Dutch Data Protection Authority
PO Box 93374
2509 AJ The Hague

Website: www.autoriteitpersoonsgegevens.nl
Email: info@autoriteitpersoonsgegevens.nl

Passenger Information Unit (Pi-NL)

Under EU Directive 2016/681, airlines are also obliged to provide Passenger Name Record (PNR) data to the Dutch government. The Passenger Information Unit Netherlands (Pi-NL) processes this data. Pi-NL is an independent organisation which works under the authority of the Royal Netherlands Marechaussee. Its aim is to combat terrorism and serious crimes. This is separate from the API process and thus falls outside the scope of this statement. For further information, please visit the website of the Dutch government.

This statement was last updated on 08-11-2023.