In March 2020, Frank van der Linde entered the immigration queue for citizens of the European Union at Schiphol International Airport in Amsterdam. Linde, a Dutch citizen and human rights advocate, was returning home from outside the EU and was asked a series of questions by an immigration officer about his trip. Linde thought it was a random check; after a few minutes he was allowed to enter. But unbeknownst to Linde, his answers were recorded and shared with the Dutch public prosecutor, who was gathering information about Linde’s movements.
The officer was notified of Linde’s arrival that day through a seemingly innocuous act that occurs whenever you board a flight to the United States, most of Europe, and increasingly anywhere in the world – the exchange of detailed personal information about each passenger between airlines and the government . Data stored about you for years is increasingly valuable to tech companies experimenting with using algorithms that could decide who is allowed to cross international borders.
Linde, who is outspoken about homeless rights, anti-racism and pacifism, was first secretly flagged by Dutch police in 2017 as a person of interest as part of the Amsterdam municipality’s counter-terrorism program. In July 2018, Linde had a “strange feeling” that someone was watching him; he would eventually sue the government over 250 times under freedom of information laws to reveal the extent of the surveillance. Although Linde was removed from the city’s watch list in 2019 and later received a personal apology from the mayor of Amsterdam, the surveillance continued. When Linde found out that the police had put his name on the list travel warninghe wondered if they were also using his travel data to track him.
In October 2022, Linde requested his flight records from the government. The data, called the Passenger Name Record (PNR), is a digital trail of information related to the purchase of an airline ticket. Most commercial airlines send PNR records to the destination country some 48 to 72 hours before departure. Although PNR records may seem harmless, they contain highly sensitive personal information, including the passenger’s address, mobile phone number, date of flight reservation, where the ticket was purchased, credit card and other payment information, billing address, baggage information, about frequent travelers, general notes related to the passenger, date of intended trip, complete travel itinerary, names of accompanying passengers, information about the travel agency, historical changes on the map and more.
In December 2022, more than two years after Linde passed through Schiphol, the Dutch PNR office, called the Passenger Information Unit, handed over 17 travel records to Linde. They stated that they did not share his information with others, but Linde was suspicious. He quickly appealed. In March 2023, the Dutch government admitted that it had actually shared Linde’s PNR data with border police three times, including in the run-up to the March 2020 flight, when an immigration officer was instructed to secretly extract the information. (They also shared an additional seven flight records that they claimed they discovered only after a second search.)
As Linde reviewed his PNR records, he was surprised to find that some of the travel information the government had on him was incorrect – some flights were missing, and in four cases the government had records of flights he had never taken. For example, one PNR record from 2021 states that Linde traveled to Belfast, Northern Ireland; Linde says he booked a ticket but changed his plans and never got on the plane. “What do companies do with data?” Linde asked as he flipped through copies of the PNR records on his laptop. “If commercial companies help analyze data that is incorrect, you could draw all kinds of conclusions.”