The Dutch Data Protection Authority wants the government to immediately stop the large-scale processing of air passenger data. According to the regulator, much more data is collected than is strictly necessary and that is not allowed.
The travel details of everyone who flies to or from the Netherlands will now be stored in a database for another five years. This concerns the so-called Passenger Name Records (PNR), such as a person’s destination, contact details and baggage information. The purpose of the measure is to detect and prevent terrorism and serious crime.
But the processing of the PNR data as it is currently being done misses the target, says the regulator. A large amount of personal data is now being systematically collected from very many people who do not belong to the group for which the database is actually intended.
Moreover, the government keeps the data for far too long. A ruling by the Court of Justice for the European Union last summer shows that the data of people who have no indications that they are involved in crime or terrorism may not be stored for five years.
Threatens with prohibition
The Dutch Data Protection Authority has given the Ministry of Justice and Security two weeks to tell it what measures it will take. The regulator also threatens that it can impose a processing ban “if necessary”.
The ministry says in a first response that it will study the recommendations of the regulator.
- Air passenger data in database for five years
