Data protection at the border and while travelling
If you enjoy travelling or travel a lot for work, you may be subject to border checks or the collection of your data in the course of your journey. We would like to provide you with an overview indicating in which situations which bodies collect and process information about you, the legal basis for this, and, in particular, your rights as a data subject.
Together with the agreement on the abolition of the internal borders of the EU, the establishment of a common information system was decided in 1990 in the city of Schengen in Luxembourg. The Schengen Information System (SIS) is intended to support the police in their searches for persons and objects. In addition, entry bans imposed by police or foreigners authorities are stored in the database. In addition, your data may be cross-checked with the SIS and national systems during border checks at the external border of the Schengen area (including airports where flights to and from third countries are handled).
At the border, it may also be checked whether you have a valid visa. In our article on the topic, you can learn more about the data storage in the Visa Information System (VIS).
In order to better protect the EU's external borders, the EU is planning to introduce further systems (EES and ETIAS), on which you can also find certain information an article specialised on the topic.
Electronic registration before departure
In visa-free travel, various countries require travellers to register electronically in advance via the Internet. For example, the USA collects traveller data in the “Electronic System for Travel Authorization” (ESTA). In addition to your personal data and passport data, you must also provide your destination address in the United States via an internet form. The data is compared with certain databases. A fee will be charged for the application. It can only be paid by credit card. If your ESTA application has been rejected, you can have that rejection reviewed by the U.S. Department of Homeland Security. Further information on the procedure can be found on the website of the DHS Traveler Redress Inquiry Program (TRIP).
Similar procedures are applicable if you travel, for example, to Canada or England. Please gather the necessary information before departure.
Passenger data
The information collected by the airline or travel agency when you book your trip, such as the duration and destination of the trip, credit card numbers, contact details, and possibly special dietary requirements or information about aids for a disability, is stored by the airlines in their reservation systems as so-called PNR (Passenger Name Record) data. The EU has concluded agreements with the USA and other countries that provide for the transfer of passenger data from booking and reservation systems. Since June 2018, EU Member States have also been using PNR data for identity checks on cross-border flights, both within the EU and across external borders.
The PNR data are compared with national and international search databases and so-called patterns. These patterns are intended to help identify potentially dangerous individuals. They are stored for five years in EU countries and for up to 15 years in the USA. In Germany, according to the Passenger Name Record Act (FlugDaG), all passengers whose flights depart from Germany to another country or land in Germany from another country are recorded and checked. The so-called Passenger Information Unit (PIU) at the Federal Criminal Police Office (BKA) is responsible for this process.
At the airport
In order to ensure air traffic safety, the Federal Police is vested with special powers. Members of the Federal Police or persons authorised by the Federal Police can inspect you and your baggage. In doing so, the Federal Police may collect, process, and use personal data. Furthermore, the Federal Police may briefly stop you at an airport, question you, and demand that any identity documents carried with you be handed over for examination. The Federal Police may search checked baggage for items. The airport operator may be obliged to open the locks on checked baggage for inspection, even in the absence of the passenger.
In addition, the Federal Police may also temporarily store passenger data: Airlines that transport passengers across the Schengen external borders into Germany are required, for certain routes, to transfer data from passengers' passports and identity cards to the Federal Police. Those data are transferred immediately after your check-in and deleted after 24 hours. The legal basis for this procedure is regulated in the Federal Police Act (Bundespolizeigesetz (BPolG)).
Customs checks
Upon entry, customs may inspect your luggage. For this purpose, customs conduct random checks. When entering or leaving the EU's external borders, cash with a total value of €10,000 or more must be declared (Article 3 of Regulation (EC) No. 1889/2005). In Germany, this declaration is made to the customs authorities.
Since 1998, customs, the Federal Police, and the state police forces of Bavaria, Bremen, and Hamburg have also been conducting random cash checks at the borders between EU Member States. Such checks can also be conducted domestically if there are indications of money laundering or terrorist financing. The checks cover cash and equivalent means of payment, such as securities (e.g., checks and bills of exchange), precious metals, and precious stones.
At the train station
At train stations or on trains, the Federal Police is responsible for controlling cross-border traffic, averting dangers, and preventing crime. The Federal Police may, for example, verify the identity of individuals and stop them for this purpose, question them about their personal details, and demand that they hand over identification documents for inspection. If identification cannot be established in this way or is only possible with considerable difficulty, the person concerned can be detained and taken to the police station. Measures for identification purposes or the search of items carried by the data subject may also be considered.
Video surveillance
Video cameras are installed at airports and many train stations to ensure security and prevent crime. In these cases, the airport operator or the Deutsche Bahn AG cooperates with the Federal Police. The latter is authorized to store the data for up to 30 days. Video surveillance in public spaces must be marked with appropriate signs.
Further information
Website of Federal Police [German]
Website of German Customs [German]
Information from the Federal Criminal Police Office on passenger data [German]