Passenger data and privacy

The Dutch government may request airlines carrying passengers to Dutch national territory to provide passenger details. The objective of such requests is to improve border checks and combat illegal immigration. Personal data is also processed if the passenger chooses to use Self-Service Passport Control.

In the case of airlines, this involves passenger data from incoming flights landing at Dutch airports. The flights must be operated from outside the EU and/or the Schengen area. On the grounds of European Council Directive 2004/82/EC airline companies are obliged to provide these passenger data.

Passenger data to be supplied

Airline companies are to supply the following passenger data to all Dutch airports:

  • The number and the type of travel document used;
  • Nationality;
  • Gender;
  • Full name;
  • Date of birth;
  • Dates of issue and expiry of the travel document;
  • The border crossing point of entry into the territory of the EU Member States;
  • Flight number;
  • The initial point of embarkation and other flight itinerary details/travel route details;
  • Departure and arrival time of the means of transport;
  • Total number of passengers carried on that transport;
  • Passenger Name Record (PNR) data file location.

Access passenger data

Passengers may file a request for access to their personal details with the relevant airline. The same is true for the data stored by the Royal Netherlands Marechaussee. The data can be requested via the Your personal data and the Marechaussee page.

Destinations requiring Advance Passenger Information

The requirement of passenger details before a flight is called Advance Passenger Information (API). The Royal Netherlands Marechausee’s API Centre at Schiphol Airport processes these passenger details for flights to destinations in non-EU and non-Schengen countries.

Netherlands Passenger Information Unit (Pi-NL)

On the grounds of EU Directive 2016/681, airlines are obliged to provide passenger name record (PNR) data to the Dutch government. The Netherlands Passenger Information Unit (Passagiersinformatie-eenheid Nederland, Pi-NL) processes this data. Pi-NL is an independent organisation which works under the authority of the Royal Netherlands Marechaussee. The objective of the organisation is to combat terrorist offences and serious crime.

Self-Service Passport Control

The Royal Netherlands Marechaussee uses self-service passport control (SSPC) at Schiphol Airport. This allows passengers the choice of crossing the border by automatic face recognition. The SSPC system takes a live facial image and compares it to the photo in the passport. The biometric personal data (facial image) and the personal data from the passport are processed in the system in accordance with the General Data Protection Regulation (GDPR). Personal data are kept for a maximum of 24 hours after crossing the border. In the event of a criminal investigation or other police involvement, the Marechaussee may keep the data for more than 24 hours under the Police Data Act (Wpg).

On behalf of the Minister of Defence, the Commander of the Royal Netherlands Marechaussee is responsible for processing personal data in accordance with the GDPR and the Wpg (in Dutch).