Specific requirements for the storage and processing of passenger name record (PNR) data

A PNR Unit is established in the National Police responsible for collecting, storing, processing and transmitting PNR data.

The aim of the Act is to create a comprehensive legal framework for collecting the PNR data held by air carriers in respect of their passengers, thereby providing police authorities with fast and systematic access to PNR data for the purposes of fighting serious crime.

Both the Security and Intelligence Service (PET), the Defence Intelligence Service (FE) and the Customs Agency retain their access to PNR data. Furthermore, as is the case with the police in the other EU Member States, the general police are given access to the use of PNR, to fight serious crime.

Principle 5 on safe data processing

There is, in Chapter 2 of the Act, the necessary legal basis to collect data for which the obligations of air carriers are listed.

Furthermore, there is a particular protection of personal data in Sections 6 and 9, where it is clear that data are deleted if they are not covered by the Act.

Section 5 of the Act contains a retention period of 5 years for the PNR data, which ensures that the data are not kept for an unfixed period of time.

Section 7 states that PNR data will be masked after 6 months and the criteria to justify unmasking.

Principle 7 on the prevention of fraud and errors

The Data Protection Officer of the Danish National Police shall carry out an ex-post verification of whether the conditions for the unmasking have been fulfilled under Section 7 (3).

Conclusion

The law has thoroughly considered the storage and processing of PNR data and has resulted in precise requirements for the storage and processing of PNR data.