PNR data
PNR data are data that tour operators and transport companies collect when you book a trip or check in. PNR is the abbreviation for 'passenger name records'. For example: your name and contact details, when and with whom you travel, your travel preferences, special requests, data about the payment method, luggage information, and seat number. Usually, you provide these data to the tour operator or transport company yourself.
On this page
Use of PNR data
Airlines are obliged to send the PNR data of the passengers on certain flights to the passenger information units of the countries where the flight comes from and where the flight is going to. This is done through a secure connection.
It concerns PNR data of:
- all flights from countries outside the European Union (EU) that land on a Dutch airport;
- all flights departing from a Dutch airport to a destination outside the EU;
- a number of flights within the EU.
Passenger information units
The passenger information units are governmental organisations that collect data nationally and analyse them. In the Netherlands, the passenger information unit (Pi-NL) is part of the Royal Netherlands Marechaussee and falls under the Minister of Justice and Security.
The Pi-NL views the data to combat serious crime and terrorism. When doing so, the Pi-NL compares the data about travel behaviour and travel routes, for example. In this way, possible terrorists or criminal can be tracked down.
After this, the Pi-NL may share this information with the police in the Netherlands, for example. But also with the police or the Public Prosecution Service in another EU Member State, with Europol, or with a country outside the EU.
The Pi-NL is not permitted to process special categories of personal data (such as data about religion or ethnic origin) or criminal personal data.
Sharing PNR data
Without a good reason, PNR data may not be shared with other national and European governmental organisations that engage in the fight against terrorism and serious crime. Sending PNR data to a country outside the EU without a good reason is not allowed either. This is only allowed after permission from a court or another independent administrative organisation.
The EU has made agreements about sharing PNR data with countries outside the EU that want to receive PNR data. For example about:
- how long they may retain the PNR data;
- which organisations are given access to the data;
- what they are allowed to do with the data.
At this moment, PNR agreements have been made with the United States (US), Canada and Australia. The EU is negotiating with Japan.
Retention of PNR data
At this moment, the Pi-NL retains the data for a period of 3 years. Unless there are concrete indications that a traveller is involved in terrorism or serious crime. In that case, the Pi-NL is allowed to retain the data of that traveller for a period of 5 years.
In addition, arrangements have been made with other countries about how long they retain PNR data:
- US: 15 years. The US may only actively use the data during the first 7 years. After this period, the data are blocked and retained for another 8 years. The US may then use the PNR data only after permission and if there is a threat or a risk.
- Canada: 5 years.
- Australia: 5.5 years.
Viewing or removing your PNR data
Do you want to view your PNR data in the Netherlands, or have them rectified or removed? Then you can contact the Pi-NL by sending an email to FG-Pi-NL@minjenv.nl.
Do you want to know which data were shared by the airline with Dutch authorities? Then you can ask this at the Ministry of Defence.
You are flying to the US, Canada or Australia
Based on international agreements, PNR data have to be passed on to the US, Canada and Australia. Are you flying to one of these countries? Then the airline will give your PNR data to the authorities in that country.
Before you depart, you can ask your airline, or where applicable your travel agency, which data have been collected about you. And which data must be passed on to the country of destination.
After your trip, you can contact the authorities in the country to learn which data they have collected about you and are retaining, and which rules apply for this. Your airline can tell you with whom your data were shared.
Arrangements have been made with the US, Canada and Australia about the PNR data that were passed on to these countries. For more information, see:
- United States: Department of Homeland Security
- Canada: Canadian Border Services Agency
- Australia: Australian Customs and Border Protection Service.
Submitting a complaint to the Dutch DPA
Do you have a complaint about the collection, retention or sharing of your PNR data? Then you can submit a tip-off or a complaint to the Dutch Data Protection Authority (Dutch DPA).
Also read: API data
There is another type of passenger data: API data (Advance Passenger Information).