In March 2020, Frank van der Linde entered the immigration line for European Union citizens at Amsterdam’s Schiphol international airport. Linde, a Dutch citizen and human rights advocate, was returning home from outside the EU, and the immigration officer asked him a series of questions about his trip. Linde thought it was a random check; after a few minutes, he was cleared for entry. But unbeknownst to Linde, his answers were recorded and shared with a Dutch public prosecutor, who was collecting information on Linde’s movements.
The officer had been tipped off about Linde’s arrival that day through a seemingly innocuous action that occurs whenever you board a flight to the United States, much of Europe, and increasingly anywhere in the world—the exchange of detailed personal data about each traveler between airlines and governments. The data, which is retained about you for years, is increasingly valuable for technology companies that are experimenting with using algorithms that could decide who is allowed to cross international borders.
Linde, who is publicly outspoken about homeless rights, anti-racism, and pacifism, was first secretly flagged by Dutch police in 2017 as a person of interest under an Amsterdam municipality counter-terrorism program. In July 2018, Linde had a “weird feeling” that he was being monitored; he would eventually sue the government over 250 times under freedom of information laws to uncover the extent of the surveillance. Although Linde was removed in 2019 from the city’s watchlist, later receiving a personal apology from the mayor of Amsterdam, the scrutiny continued. When Linde learned that the police had put his name on an international travel alert, he wondered if they were also using his travel data to track him.
In October 2022, Linde requested his flight records from the government. The data, called a Passenger Name Record (PNR), is a digital trail of information related to an airline ticket purchase. PNR records are sent by most commercial airlines to the destination country some 48 to 72 hours before departure. While PNR records might seem innocuous, they contain highly sensitive personal information, including the traveler’s address, cell phone number, date of flight booking, where the ticket was purchased, credit card and other payment information, billing address, baggage information, frequent flyer information, general remarks related to the passenger, date of intended travel, complete travel itinerary, names of accompanying travelers, travel agency information, historical changes to the ticket, and more.
In December 2022, over two years after Linde passed through Schiphol, the Dutch PNR office, called a Passenger Information Unit, handed over 17 travel records to Linde. They stated that they had not shared his data with others, but Linde was suspicious. He swiftly filed an appeal. In March 2023, the Dutch government admitted that in fact they had shared Linde’s PNR details three times with the border police, including ahead of the March 2020 flight, when the immigration officer was instructed to covertly extract information. (They also shared an additional seven flight records that they claimed to have only discovered on a second search.)
As Linde reviewed his PNR records, he was surprised to find that some of the travel data the government had on him was incorrect—some flights were missing, and in four cases, the government had records of flights he never took. For example, one PNR record from 2021 stated Linde traveled to Belfast, Northern Ireland; Linde says he had reserved the ticket, but changed his plans and never boarded the plane. “What do companies do with the data?” Linde asked as he scrolled through copies of the PNR records on his laptop. “If commercial companies help to analyze data that’s incorrect, you could draw all kinds of conclusions.”
