During its 30 November 2018 meeting, the Council of Ministers approved preliminary draft legislation amending the Passenger Data Processing Act following a proposal from the minister of security and internal affairs.

PNR legislation

The Passenger Data Processing Act of 25 December 2016 (the PNR Act) implements the EU Passenger Name Record Directive (2016/681/EC) concerning the use of passenger data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. The act requires carriers in various sectors of international transport (ie, air, rail, road and sea) as well as travel operators to transfer passenger data to a database managed by the Federal Public Service Internal Affairs.

Two Royal Decrees were subsequently adopted to implement the PNR Act. Under the Royal Decree of 18 July 2017, air carriers must transfer all passenger data collected to a database managed by the Passenger Information Unit (PIU). The second Royal Decree, adopted on 21 December 2017, details the establishment of the PIU and the role of data protection officers.

Proposed changes

According to the report provided on the Council of Ministers' website,(1) the proposed amendments to the PNR Act include the following:

  • Legal and technical changes will be introduced to bring the PNR Act in line with the Act of 30 July 2018 on the protection of individuals with regard to the processing of personal data (the Privacy Act).
  • The obligation to conclude a memorandum of understanding between the PIU and the international bodies with which data may be exchanged will be removed.
  • A system will be created to cross-check all passenger data on a flight within 24 hours following the identification of a suspicious passenger using the relevant databases and the PIU's pre-defined criteria. The aim is, on the one hand, to check that there are no other suspicious passengers linked to the positive match on board and, on the other hand, to verify the personal data of the passenger concerned.
  • The General Counsel of the Customs and Excise Litigation Administration will be able to request access to passenger data through an ad hoc search for customs-related offences.
  • Passenger data for border control purposes and to combat illegal immigration will be transmitted to the police services within the PIU after its registration in the passenger database.

The changes aim to bring the act in line with the EU General Data Protection Regulation and its implementation in Belgian law.

The Privacy Act contains a section dedicated to the PIU's protection of personal data which sets out rules on:

  • the general conditions of data processing operations;
  • the storage of personal data;
  • the rights of data subjects;
  • the obligations of data controllers;
  • the disclosure or transmission of such data; and
  • the supervisory authority (ie, the Standing Committee I), which is responsible for reviewing the activities and functioning of state security and the General Intelligence and Security Service.

To be continued

Before being sent to the Chamber of Representatives, the preliminary draft legislation will be submitted to the Council of State, the Data Protection Authority, the regional governments, the Supervisory Body for Police Information Management and the Standing Committee I. It will therefore be at least a few months before the final draft is adopted.

For further information on this topic please contact Pierre D Frühling or Stéphanie Golinvaux at Holman Fenwick Willan LLP by telephone (+32 2 643 34 00) or email ([email protected] or [email protected]). The Holman Fenwick Willan website can be accessed at www.hfw.com.

Endnotes

(1) The text of the preliminary draft legislation is not as publicly available.

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.