The Dutch government will continue to collect and retain data about airline passengers. The information will be kept for a shorter period of time, reduced from five to three years, said Justice Minister Dilan Yesilgöz on Friday.
If evidence emerges during that three-year period that someone may have been involved in terrorism or serious criminal activity, the term can still be extended to five years, she confirmed.
The Dutch Data Protection Authority, the country’s privacy regulator, advised the government last month to stop its activities regarding the large-scale processing of airline passenger data, known as Passenger Name Records. “The travel details of all airline passengers are collected and kept in a database for years,” the watchdog said. “This is not permitted and must stop.”
The data is intended to track terrorists and serious criminals. However, the regulator said the government also collects information from “a very large number of people who do not belong to the group for which the database is actually intended.”
Minister Yeşilgöz argued that it is necessary to keep data for three years, “due to the fact that criminal investigations into serious crime and terrorism need data that is one-to-three years old.” If the retention period is reduced even further, there will not be enough data available “to prevent, detect, investigate and prosecute terrorist offenses and serious crime, and thus promote internal security,” she said.
The Data Protection Authority told the government last month that the processing of Passenger Name Records should be scaled down considerably, so that it is more proportionate in the fight against terrorism and serious crime. It also advised the government to do the same last year, but reaffirmed its stance when the ministry had not made substantive corrective action.
The watchdog gave the ministry two weeks to respond, saying it is “authorized to halt data processing with a ban, if necessary.”
