Short Reads

Belgian Act on Passenger Name Records published

Belgian Act on Passenger Name Records published

Belgian Act on Passenger Name Records published

24.02.2017 BE law

On 25 January 2017, the Belgian Act on the processing of passenger name records (“PNR Act”) was published in the Belgian Official Gazette. The PNR Act implements three EU directives in the Belgian legal order: Directive 2016/681 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, Directive 2010/65 on reporting formalities for ships arriving in and/or departing from ports of the Member States, and Directive 2004/82 on the obligation of carriers to communicate passenger data.

The PNR Act obliges carriers and travel operators in the different transport sectors to transmit their passenger data to a central database called the “Passenger Database”, so that these data can be analyzed in the framework of terrorism, violent radicalization, and other forms of serious crime. This will allow law enforcement agencies to determine new trends and phenomena and to assess which passengers could be a danger to the public order. Transport companies and travel operators risk fines of up to €600 000 if they do not comply with this obligation.

However, before the PNR Act can enter into force, some implementing measures have yet to be taken. For instance, a new service called the “Passengers Information Unit” has yet to be established within the Federal Public Service Internal Affairs. This Unit will be in charge of the Passenger Database and cooperate with the Passenger Information Units of other member states, with Europol, and with third countries.

The PNR Act takes into account the privacy of the passengers by, amongst other things, (i) imposing the obligation to appoint a data protection officer within the Passenger Information Unit; (ii) strictly determining which categories of data may and may not be processed (i.e., no data relating to racial or ethnic origin, political opinion, religion, health, or sex life), (iii) imposing a maximum data retention period of five years, and (iv) imposing the obligation to de-personalize the data after six months from the registration thereof.  

The date of entry into force of the PNR Act will later be determined in its implementing decisions. In any event, the lawmaker will evaluate this three years after the PNR Act enters into force.

Team

Related news

11.10.2018 NL law
Stibbe hosts NGB Extra Seminar about product development and counsel’s role at the interface of new technology and law

Seminar - On 11 October 2018, Stibbe will host the NGB (Dutch Association of Corporate Lawyers) Extra Seminar.  IT/IP lawyers Judica Krikke, Jasper Klopper, Marc Spuijbroek and Frederiek Fernhout will discuss the practical aspects of the development of innovative new products. 

Read more

07.08.2018 NL law
General Data Protection Regulation comes into effect

Short Reads - On 25 May 2018, the European Union's General Data Protection Regulation (GDPR) came into effect. The GDPR replaces the EU's prior directive governing the processing and transfer of personal data, which was in place since 1995. As a regulation, the GDPR is directly applicable in all 28 EU member states and thus removes the need for national implementing legislation. However, the GDPR allows member states discretion in certain areas, as a result of which national legislation may still be implemented. In the Netherlands, the GDPR Implementation Act came into effect on 25 May 2018.

Read more

27.08.2018 BE law
Actualia: Het BIM-referentieprotocol: eerste stap in de (o.m. juridische) omkadering van BIM in België

Articles - “BIM” is niet louter het werken in 3D. BIM is een manier van samenwerken in de bouwsector. Met behulp van digitale technologie (o.a. bouwinformatiemodellen) wordt informatie gestructureerd beschreven, beheerd en uitgewisseld tijdens de volledige levenscyclus van een project (van programmafase tot exploitatiefase).

Read more

23.08.2018
ECJ: Facebook fan page administrator is a joint data controller

Short Reads - On 5 June 2018, the European Court of Justice ("ECJ") decided on several preliminary questions that were raised in an administrative proceeding between the German Data Protection Authority ("GDPA") and Wirtschaftsakademie Schleswig-Holstein GmbH ("Wirtschaftsakademie"), a German educational services provider that offers its services through a Facebook fan page. In its decision, the ECJ held, among other things, that Wirtschaftsakademie qualifies as a data controller ex Article 2 under d Directive 95/46/EC[1] ("Privacy Directive").

Read more

12.07.2018 NL law
Algemene verordening gegevensbescherming van toepassing

Short Reads - Vanaf 25 mei 2018 zijn de Algemene verordening gegevensbescherming (Verordening (EU) 2016/679) (AVG) en de Uitvoeringswet Algemene verordening gegevensbescherming (Uitvoeringswet) van toepassing in Nederland. De AVG en de Uitvoeringswet vervangen de richtlijn betreffende de bescherming van natuurlijke personen in verband met de verwerking van persoonsgegevens (Richtlijn 95/46/EG) en de Wet bescherming persoonsgegevens (Wbp).

Read more

Our website uses cookies: third party analytics cookies to best adapt our website to your needs & cookies to enable social media functionalities. For more information on the use of cookies, please check our Privacy and Cookie Policy. Please note that you can change your cookie opt-ins at any time via your browser settings.

Privacy – en cookieverklaring