Šajā tīmekļa vietnē tiek izmantotas sīkdatnes. Turpinot lietot šo vietni, jūs piekrītat sīkdatņu izmantošanai. Uzzināt vairāk.
Teksta versija
LEGAL ACTS OF THE REPUBLIC OF LATVIA
home
 

The Saeima1 has adopted and
the President has proclaimed the following law:

Aircraft Passenger Data Processing Law

Chapter I
General Provisions

Section 1. Terms Used in this Law

The following terms are used in this Law:

1) extra-EU flight - an international flight the origin or stop-over of which is in a state which is not a European Union Member State and the stop-over or destination of which is planned in the territory of Latvia, or the origin or stop-over of which is in the territory of Latvia and the stop-over or destination of which is in a state which is not a European Union Member State;

2) intra-EU flight- an international flight the origin or stop-over of which is in another European Union Member State and the stop-over or destination of which is planned in the territory of Latvia, or the origin or stop-over of which is in the territory of Latvia and the stop-over or destination of which is in a European Union Member State;

3) air carrier - a person with a valid operating licence or an equivalent document permitting it to carry out commercial flight of passengers by air;

4) passenger - any person, excluding members of the aircrew, carried or to be carried in an aircraft with the consent of the air carrier, which is manifested by that person's registration in the passengers list;

5) passenger data - information which is processed by reservation systems, departure control systems used to check passengers onto flights, or equivalent systems to ensure the processing and control of reservations booked by a person or on his or her behalf;

6) Passenger information unit - a structural unit assigned for the processing of passenger data by the Security Police.

Section 2. Purpose of the Law

The purpose of this Law is to ensure the processing of passenger data which are necessary to perform analysis for the prevention and detection of terrorism and serious or especially serious crimes, and also for the prevention of threats to national security.

Section 3. Controller and Keeper of the Register and Tasks Thereof

(1) Aircraft passenger data register (hereinafter - the Register) is a State information system the controller and keeper of which is the Security Police. The Information Centre of the Ministry of the Interior shall ensure the functionality of the technical resources of the Register.

(2) The Register shall ensure the possibility for the authorities to receive the passenger data included therein which are necessary for the prevention and detection of terrorism and serious or especially serious crimes, and also for the prevention of threats to national security.

Chapter II
Information to be Included in the Register, Procedure for the Inclusion Thereof and its Storage

Section 4. Information to be Included in the Register

The following information shall be included in the Register:

1) passenger name record locator;

2) date of reservation and issue of ticket;

3) date of the intended travel;

4) name, surname, sex, date of birth and citizenship of the passenger;

5) address and contact information of the passenger (telephone number, e-mail address);

6) payment information and also billing address;

7) flight number, air carrier and information on the route of the corresponding flight, time of departure and arrival of the aircraft;

8) type, number and owner of the loyalty card (frequent flyer information);

9) travel agency and travel agent;

10) status of the passenger during the travel, including, the check-in status, information on the no-show or go-show;

11) information on split/divided reservations;

12) general remarks which do not contain sensitive personal data (for example, a note that the child travels unaccompanied, the language in which he or she speaks, name and contact details of guardian on departure and relationship thereof to the minor, name and contact details of guardian on arrival and relationship thereof to the minor, departure and arrival agent);

13) ticket number, date of ticket issuance and one-way tickets, automated ticket fare quote fields;

14) seat number;

15) code share information;

16) information on the checked baggage of the passenger which is available in the departure control system - number of units and weight, identification number, code of the baggage carriers, baggage status (for example, checked in, delivered, stolen, damaged, confiscated), place of baggage delivery;

17) number, names and surnames of passengers of other aircrafts of the same passenger name record locator;

18) border crossing point of entry into the territory of the state through which the passenger shall enter Latvia;

19) type, number, country of issuance and expiry date of the travel document of a passenger;

20) all historical changes to the data laid down in this Section.

Section 5. Obligation of Air Carriers to Transfer Passenger Data for the Automated Inclusion Thereof in the Register

(1) In relation to extra-EU flight an air carrier has an obligation to transfer the passenger data referred to in Section 4 of this Law to the extent that the air carrier processes them in the context of its commercial operations in order to provide air transport services for the automated inclusion (hereinafter - the inclusion) thereof in the Register not sooner than 48 hours and not later than 24 hours before the scheduled time for flight departure and immediately after the flight closure, when the boarding and alighting of passengers is not possible anymore.

(2) In relation to intra-EU flight an air carrier has an obligation to transfer the passenger data referred to in Section 4 of this Law to the extent that the air carrier processes them in the context of its commercial operations in order to provide air transport services for the inclusion thereof in the Register not sooner than 48 hours and not later than 24 hours before the scheduled time Ffor flight departure and immediately after the flight closure, when the boarding and alighting of passengers is not possible anymore, if a request of the Passenger information unit to provide passenger data for the specific route has been received.

(3) If changes are made to the passenger data which have been transferred for the inclusion in the Register in accordance with Paragraphs one and two of this Section, the air carrier shall transfer the relevant data after the flight closure, when the boarding and alighting of passengers is not possible anymore.

(4) In urgent cases, when a request of the Passenger information unit to provide passenger data has been received, the air carrier shall transfer the requested passenger data for the inclusion thereof in the Register within the specified time period, which shall not be shorter than four hours.

(5) Where the flight is code-shared between one or more air carriers, the obligation to transfer the data of all passengers on the flight for the inclusion thereof in the Register shall be on the air carrier that operates the flight.

(6) The Cabinet shall lay down requirements regarding the transferring of passenger data and inclusion thereof in the Register.

Section 6. Right of the Passenger Information Unit to Request the Transferring of Passenger Data for the Inclusion Thereof in the Register

(1) The Passenger information unit has the right to request that an air carrier transfers passenger data on intra-EU flight for the inclusion in the Register, if the Passenger information unit or the authority referred to in Section 10 of this Law has grounds to believe that the requested passenger data may help to prevent or detect terrorism or serious or especially serious crimes, or to prevent threats to national security.

(2) When the Passenger information unit requests that air carriers transfer the passenger data on intra-EU flight for the inclusion in the Register, it shall specify the time period for their provision which shall not exceed the following six months.

(3) In cases where immediate action is required to prevent terrorist attacks or a real threat to the life or health of a person the Passenger information unit has the right to request that an air carrier provides passenger data for the inclusion in the Register within another time period which shall not be shorter than four hours.

Section 7. Depersonalisation of Passenger Data

(1) The passenger data which have been retained in the Register for six months after their inclusion therein shall be depersonalised by masking out (not by deleting, but by making invisible) the following personal identification information:

1) name, surname, date of birth;

2) type and number of the used travel document;

3) address and contact information;

4) payment information and billing address, if such information can be used to identify the person;

5) type, number and owner of the loyalty card (frequent flyer information);

6) general remarks indicated in Section 4, Paragraph 12 of this Law;

7) bag identification number.

(2) If the acquisition of passenger data included in the Register is necessary for the prevention and detection of terrorism or serious or especially serious crimes, or prevention of threats to national security, the Passenger information unit shall, after the consent of a judge to a request of an authority to issue passenger data has been received, have the right to personalise the depersonalised passenger data and to issue them in the requested amount to the competent authority.

Section 8. Passenger Data Retention Period

The passenger data shall be retained in the Register for five years from the day of their inclusion, but after the aforementioned period they shall be automatically deleted.

Chapter III
Issuance of Passenger Data

Section 9. Automated Processing of Passenger Data in the Register

(1) The data included in the Register on a person (name, surname, sex, date of birth, citizenship), travel document (type, number, country of issuance and expiry date of the document) and means of payment (type of the means of payment, number and expiry date of the payment card) are examined automatically by comparing them against the relevant data on persons, travel documents and means of payment included in the following information systems:

1) Register of Ascertaining the Location of a Person, Property or Document of the Integrated Interior Information System;

2) the sub-system "Invalid Document Register" of the Integrated Information System of the Interior;

3) Schengen Information System;

4) International Criminal Police Organisation (Interpol) database of Stolen and Lost Travel Documents (SLTD);

5) databases of the International Criminal Police Organisation (Interpol) in relation to wanted persons.

(2) The Register shall transfer to the Passenger information unit an automatic notification of a match established in an automated data processing by indicating the passenger data that are included in the Register in relation to the relevant entry.

(3) In the processing of data included in the automatic notification of the Register the Passenger information unit shall ascertain the accuracy of the automated processing in the relevant information system. When the Passenger information unit has ascertained the conformity of data, it shall act by complying with the laws and regulations governing the operation of information systems referred to in Paragraph one of this Section.

Section 10. Right to Request Passenger Data

If there are grounds to believe that the passenger data may help to prevent or detect terrorism or serious or especially serious crimes, or to prevent threats to national security, the following authorities according to their competence shall have the right to request the issuance of passenger data included in the Register after the consent of a judge has been received:

1) the Security Police;

2) the State Police;

3) the State Border Guard;

4) the Internal Security Office;

5) the Corruption Prevention and Combating Bureau;

6) the Military Police;

7) the Military Intelligence and Security Service;

8) the Constitution Protection Bureau;

9) the Financial Police and Customs Police Department of the State Revenue Service;

10) the Prosecutor's Office.

Section 11. Request of an Authority to Issue the Passenger Data

To receive the passenger data from the Register the authorities referred to in Section 10 of this Law shall turn to a district (city) court based on the location of the authority with a written request. The following shall be indicated in the request:

1) the name, surname and position of the official making the request. National security authorities for which indication of the information referred to in this Clause would constitute a disclosure of an official secret shall indicate their name in the request;

2) the time period (not longer than six months) for which the passenger data which are already included or will be included in the Register is to be received;

3) justification of the need for passenger data;

4) the objective to be achieved;

5) the reason which prevents the achievement of the objective or significantly hinders it, if the passenger data will not be issued;

6) selection criteria for the acquisition of the required information referred to in Section 4 of this Law.

Section 12. Consent of a Judge to the Issuance of Passenger Data

(1) In order to give the consent to the issuance of passenger data from the Register a judge shall become acquainted with the request referred to in Section 11 of this Law and, if necessary, other materials on the basis of which the request is justified.

(2) A judge shall draw up the consent to the issuance of passenger data and also the refusal as a separate document or resolution. The decision of a judge may not be appealed.

(3) A judge may extend the given consent for six months if the grounds indicated for the receipt of passenger data from the Register have not ceased to exist. A judge has the right to extend the time period for the receipt of passenger data unlimited times.

Section 13. Execution of a Request for the Issuance of Passenger Data

(1) The authority referred to in Section 10 of this law shall, within 10 working days after the day when the consent of a judge has been received, submit to the Passenger information unit a request to issue passenger data. If the authority has not complied with the laid down time period, the Passenger information unit shall refuse to issue the requested passenger data.

(2) The passenger information unit shall, within 30 days after the day of the receipt of the request submitted in the time period which is laid down in Paragraph one of this Section, issue the requested passenger data to the authority or include in the Register the information selection criteria indicated in the request, if passenger data which are not yet included in the Register are requested.

(3) If the grounds to request and receive passenger data have ceased to exist, the authority which requested them shall immediately inform the Passenger information unit.

(4) If the grounds to request and receive passenger data have ceased to exist, the Passenger information unit shall immediately terminate issuance thereof to the competent authority.

Section 14. Issuance of Passenger Data in Urgent Cases

(1) In cases where immediate action is required to prevent terrorist attacks or a real threat to the life or health of a person the Passenger information unit has the right to issue passenger data from the Register without the consent of a judge.

(2) To receive passenger data from the Register in accordance with Paragraph one of this Section the authorities referred to in Paragraph 10 of this Law shall turn to the Passenger information unit with a request. The following shall be indicated in the request:

1) the name, surname and position of the official making the request. National security authorities for which indication of the information referred to in this Clause would constitute a disclosure of an official secret shall indicate their name in the request;

2) the justification of the urgency for the receipt of the requested passenger data and time period for which the requested passenger data is to be received;

3) selection criteria for the acquisition of the required information referred to in Section 4 of this Law.

(3) The Passenger information unit shall refuse to issue the requested passenger data, if the information referred to in Paragraph two of this Section has not been included in the request.

(4) The authority which submitted the request shall inform a district (city) court based on the location of the authority regarding the issue of passenger data from the Register not later than within 72 hours, by indicating the justification of the urgency for the receipt of passenger data and also the information referred to in Section 11 of this Law.

(5) A judge shall evaluate the justification of a request of an authority and data issuance and draw up the decision as a separate document or resolution. The decision of a judge may not be appealed.

(6) If the judge has determined that a request of an authority and issuance of passenger data is unjustified, the competent authority shall inform the Passenger information unit thereof and immediately delete the received passenger data.

(7) The Passenger information unit shall terminate the issuance of passenger data from the Register if the consent of a judge has not been received within 72 hours.

Chapter IV
Issuance of Data to Foreign Countries

Section 15. Grounds for the Issuance of Passenger Data

The Passenger information unit may issue passenger data from the Register to a foreign state if there are grounds to believe that they may help the foreign state to prevent or detect terrorism or serious or especially serious crimes, or prevent threats to national security. Passenger data may be issued from the Register upon a request of a competent authority of a foreign state with the consent of a judge, except in the case referred to in Section 14, Paragraph one of this Law.

Section 16. Procedure for the Examination of a Request

(1) The Passenger information unit shall submit the request of a foreign country referred to in Section 15 of this Law to issue passenger data from the Register for examination to a district (city) court based on the location of the authority.

(2) A judge shall ascertain that the information referred to in Section 11 of this Law is indicated in the request, evaluate the justification provided therein and decide on giving the consent to the issuance of data.

(3) In addition a judge shall evaluate the following circumstances and will not give the consent to the issuance of the requested passenger data if:

1) it may jeopardise the national sovereignty or security of Latvia;

2) it may compromise the achievement of the objective of an operational activities procedure or criminal procedure carried out in Latvia;

3) it may endanger the life, health or other legitimate interests of a person;

4) the issuance of the requested passenger data from the Register is clearly disproportionate compared to the indicated objective or inappropriate for its achievement;

5) the institution which submitted the request is not the competent authority of a foreign state in the field of information exchange;

6) the issuance of passenger data from the Register does not comply with the requirements for personal data protection regarding the transfer of data to other states.

(4) If a judge lacks information which is necessary to decide on the issue of giving the consent, he shall request that the Passenger information unit requests additional information from the relevant foreign state.

(5) A judge shall draw up the consent to the issuance of passenger data and also the refusal as a separate document or resolution. The decision of a judge may not be appealed.

(6) When issuing the requested passenger data from the Register the Passenger information unit shall comply with the time periods laid down in Section 13 of this Law. In urgent cases the Passenger information unit shall issue the requested passenger data from the Register in compliance with the conditions of Section 14 of this Law.

(7) If a judge has determined that the issuance of passenger data from the Register as a matter of urgency is unjustified, the Passenger information unit shall immediately terminate its issuance and also inform the foreign state, which requested the assistance, by calling on it to immediately delete the received passenger data.

Section 17. Reply to a Foreign Request

Reply to a request of a competent authority of another state to issue passenger data from the Register shall be transferred in the same way as the request was received.

Section 18. Issuance of Passenger Data from the Register within the International Co-operation in the Field of Criminal Law

A request to issue passenger data from the Register made within the international co-operation in the field of criminal law shall be examined in accordance with the requirements of laws and regulations governing international co-operation in the field of criminal law by taking into account the conditions for the issuance of passenger data laid down in this Law.

Chapter V
Additional Requirements for Personal Data Protection

Section 19. Passenger Data Processing Requirements

(1) The Passenger information unit shall process passenger data in accordance with the general requirements for personal data protection.

(2) Processing of such passenger data that reveals race, ethnic or social origin, political opinions, religious or other beliefs, trade union membership, genetic peculiarities, information on the health, sex life or sexual orientation of a person, and also other sensitive personal data is prohibited.

(3) If an air carrier has transferred for the inclusion in the Register passenger data which are not referred to in Section 4 of this Law and also information containing sensitive personal data, such data shall be automatically and permanently deleted immediately after receipt thereof.

Section 20. Obligation to Inform Passengers

Air carriers shall ensure that the information on the transferring of data for the inclusion thereof in the Register shall be provided to passengers of aircrafts serviced by them in an easily accessible and understandable form.

Section 21. Recording of Passenger Data Processing

(1) Each processing of passenger data is accounted for in the Register.

(2) The Passenger information unit records requests for the issuance of passenger data and the given replies.

(3) The information on the recording of passenger data processing referred to in Paragraphs one and two of this Section shall be retained for five years.

Transitional Provision

Air carriers shall start to fulfil the obligation laid down in Section 5 of this Law to transfer passenger data for the inclusion thereof in the Register not later than on 1 September 2017.

The Law shall come into force on 3 April 2017.

The Saeima has adopted this Law on 19 January 2017.

President R. Vējonis

Rīga, 07 February 2017

 


1 The Parliament of the Republic of Latvia

Translation © 2017 Valsts valodas centrs (State Language Centre)

 
Document information
Status:
In force
in force
Issuer: Saeima Type: law Adoption: 19.01.2017.Entry into force: 03.04.2017.Theme:  Documents, recordkeeping, data protection; State security and protection; Transport and communicationPublication: Latvijas Vēstnesis, 29, 07.02.2017. OP number: 2017/29.1
Language:
Related documents
  • Amendments
  • Legal basis of
  • Annotation / draft legal act
  • Explanations
288544
{"selected":{"value":"25.05.2018","content":"<font class='s-1'>25.05.2018.-...<\/font> <font class='s-3'>Sp\u0113k\u0101 eso\u0161\u0101<\/font>"},"data":[{"value":"25.05.2018","iso_value":"2018\/05\/25","content":"<font class='s-1'>25.05.2018.-...<\/font> <font class='s-3'>Sp\u0113k\u0101 eso\u0161\u0101<\/font>"},{"value":"03.04.2017","iso_value":"2017\/04\/03","content":"<font class='s-1'>03.04.2017.-24.05.2018.<\/font> <font class='s-2'>Pamata<\/font>"}]}
25.05.2018
84
0
  • Twitter
  • Facebook
  • Draugiem.lv
 
0
Latvijas Vestnesis, the official publisher
ensures legislative acts systematization
function on this site.
All Likumi.lv content is intended for information purposes.
About Likumi.lv
News archive
Useful links
Contacts
For feedback
Terms of service
Privacy policy
Cookies
RSS logo
Latvijas Vēstnesis "Everyone has the right to know about his or her rights."
Article 90 of the Constitution of the Republic of Latvia
© Official publisher "Latvijas Vēstnesis"
ISO 9001:2008 (quality management system)
ISO 27001:2013 (information security) Kvalitātes balva