API data
Advance Passenger Information (API) data are identity and flight data of passengers on board an aircraft. Airlines collect these data for the country of destination of a flight. The border control in the country of destination can check travellers in advance using these API data.
On this page
What are API data?
API data are:
- number and type of travel document;
- full name;
- birthdate;
- nationality;
- sex.
Data that are also checked are:
- the border crossing point of entry to the EU;
- the means of transport;
- the first boarding point;
- time of departure and arrival.
Use of API data
Currently, airlines send the data directly to the national authoritites of the receiving country, through various connections. In the future, data sharing between airlines and national authorities will be improved and made easier.
Often, the law in the country of destination stipulates that the airlines must share the API data before the flight arrives.
API data are used for border control. In addition, the data may be used for combating serious crime and terrorism. The latter is only allowed after permission from a court or another independent administrative organisation.
API data for flights to the Netherlands
In the Netherlands, the airlines send the API data to the API Centre of the Royal Netherlands Marechaussee at Schiphol Airport at the time of departure of a flight. This is the case for flights from destinations outside the European Union (EU) or countries that are not signatories to the Schengen Convention.
On the website of the Royal Netherlands Marechaussee, you can find an overview of the API data that are recorded.
Retention of API data
API data may not be retained by airlines and authorities for longer than necessary. Based on the rules that currently apply, API data must be removed after 24 hours. Unless more research is needed; API data may be retained for a longer period then.
In that case, the periods of the Dutch Police Data Act (Wpol) apply. When the new API regulations take effect, this will be 48 hours, plus another 48 hours if more research is needed. For example, if a traveller did not show up at the scheduled border crossing point.
Viewing or removing your API data
Before your departure, you can ask your airline, or where applicable your travel agency, which data were collected about you. And which data have to be passed on to the country of destination.
After your trip, you can contact the authorities in the country of destination to learn which data they have collected about you and are retaining, and which rules apply for this. Your airline can tell you with whom your data were shared.
Do you want to know which data were shared by the airline with Dutch authorities? Then you can ask the Ministry of Defence.
Submitting a complaint to the Dutch DPA
Do you have a complaint about the collection, retention or sharing of your API data? Then you can submit a tip-off or a complaint to the Dutch Data Protection Authority (Dutch DPA).
Also read: PNR data
There is another type of passenger data: PNR data ('passenger name records').