Short Reads

Belgian Act on Passenger Name Records published

Belgian Act on Passenger Name Records published

Belgian Act on Passenger Name Records published

24.02.2017 BE law

On 25 January 2017, the Belgian Act on the processing of passenger name records (“PNR Act”) was published in the Belgian Official Gazette. The PNR Act implements three EU directives in the Belgian legal order: Directive 2016/681 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, Directive 2010/65 on reporting formalities for ships arriving in and/or departing from ports of the Member States, and Directive 2004/82 on the obligation of carriers to communicate passenger data.

The PNR Act obliges carriers and travel operators in the different transport sectors to transmit their passenger data to a central database called the “Passenger Database”, so that these data can be analyzed in the framework of terrorism, violent radicalization, and other forms of serious crime. This will allow law enforcement agencies to determine new trends and phenomena and to assess which passengers could be a danger to the public order. Transport companies and travel operators risk fines of up to €600 000 if they do not comply with this obligation.

However, before the PNR Act can enter into force, some implementing measures have yet to be taken. For instance, a new service called the “Passengers Information Unit” has yet to be established within the Federal Public Service Internal Affairs. This Unit will be in charge of the Passenger Database and cooperate with the Passenger Information Units of other member states, with Europol, and with third countries.

The PNR Act takes into account the privacy of the passengers by, amongst other things, (i) imposing the obligation to appoint a data protection officer within the Passenger Information Unit; (ii) strictly determining which categories of data may and may not be processed (i.e., no data relating to racial or ethnic origin, political opinion, religion, health, or sex life), (iii) imposing a maximum data retention period of five years, and (iv) imposing the obligation to de-personalize the data after six months from the registration thereof.  

The date of entry into force of the PNR Act will later be determined in its implementing decisions. In any event, the lawmaker will evaluate this three years after the PNR Act enters into force.

Team

Related news

20.09.2022 EU law
Launch of Metaverse blog series

Articles - Stibbe launches a new blog series focusing on the legal challenges of the Metaverse. In our upcoming blog posts, we will discuss the legal challenges of NFTs, crypto-assets, Metaverse platforms, crypto exchanges, DAO, and many more.

Read more

28.07.2022 NL law
Zuiver commercieel belang ook gerechtvaardigd belang: Raad van State laat zich er niet over uit

Short Reads - Op 27 juli 2022 heeft de Raad van State bevestigd dat de Autoriteit Persoonsgegevens onterecht een boete van € 575.000 aan VoetbalTV heeft opgelegd. De hoop bestond dat de Afdeling antwoord zou geven op de vraag of de AP terecht of onterecht meent dat een zuiver commercieel belang géén gerechtvaardigd belang kan zijn in de zin van de Algemene Verordening Gegevensbescherming. Het antwoord op deze vraag blijft echter uit.  

Read more

28.07.2022 NL law
Purely commercial interest also a legitimate interest? Council of State leaves the question unanswered.

Short Reads - On 27 July 2022, the Council of State confirmed that the Dutch Data Protection Authority wrongly imposed a €575,000 fine on VoetbalTV. But the Council did not answer the question whether the AP rightly or wrongly believes that a purely commercial interest cannot be a legitimate interest within the meaning of the General Data Protection Regulation.

Read more