The ED Card and Privacy
August 22, 2025Author: Caroline Fiévez
The ED Card and Privacy
All travelers entering Sint Maarten are required to complete an Embarkation Disembarkation Card, commonly referred to as the “ED Card.” This requirement is based on the Admission Decree and the National Ordinance on Admission and Expulsion (“the Ordinance”). The purpose of these regulations is to prevent unauthorized entry into Sint Maarten, particularly for employment purposes. But does the ED Card comply with national and international privacy laws, including the Data Protection Ordinance and the GDPR?
What Personal Data Is Requested? In addition to basic identification and travel details such as name, address, arrival date, and accommodation, the ED Card also asks for:
• Whether you suffer from any of the listed communicable diseases (e.g., smallpox, malaria, tuberculosis, yellow fever, SARS)
• Your employment status: if unemployed, you must specify the reason (e.g., illness, retirement, or housewife)
• Whether you are carrying narcotics, weapons, or contraband, or have a criminal record
• The name, phone number, and email address of an emergency contact
• Mode of transport during your stay in Sint Maarten
• Whether you wish to receive future information about Sint Maarten
Privacy Concerns: It is questionable whether these inquiries have a sufficient legal basis. Under the Constitution of Sint Maarten and international treaties, everyone has the right to privacy. This right can only be restricted by law. However, there is no legal definition of the ED Card, nor is it legally specified which traveler data are specifically necessary to enforce the Ordinance and Admission Decree.
Given the ED Card’s purpose—controlling the inflow of job seekers—it seems unnecessary to ask about communicable diseases, emergency contacts, criminal record, mode of transport, or whether someone is a housewife (!) or retired. Even the privacy policy on www.entry.sx confirms that health information is only requested if required by local regulations, which implies that such requests are based on legislation other than the Ordinance and/or Admission Decree.
Sint Maarten Data Protection Act & the European GDPR The website www.entry.sx states that it complies with international privacy laws, including the GDPR. Although Sint Maarten has its own Data Protection Act (DPA), it is not mentioned on the site. It remains unclear whether these laws are adequately considered. The online ED Card states that the purpose for collecting personal data is to ensure compliance with government regulations related to entry into Sint Maarten; however, the purpose is not clear enough, e.g., it does not state to which government regulation reference is made. It is furthermore not clear who is responsible for processing the personal data. While it is plausible that the Immigration and Border Protection Service is processing the personal data of travelers, the website also displays logos of Princess Juliana Airport and the Sint Maarten Tourist Bureau as partners. If these entities have access to the ED Card data too, this should be explicitly stated, along with the purpose of their access. Furthermore, it is unclear where and for how long the personal data are stored.
The location of data storage is critical, as the DPA prohibits transferring data to countries without adequate protection. Since the ED Card is completed online, it is important to know whether the data remains in Sint Maarten or is stored abroad, for example, via a cloud service abroad. Logically, traveler data should be kept until the traveler leaves Sint Maarten. If it is necessary to keep personal data longer, such as for mailing future information about Sint Maarten, this must be clearly justified. In any case, personal data should not be kept longer than necessary for the purposes for which they were collected.
Notably, www.entry.sx does state that individuals have the right to request access to or deletion of their personal data via help@entry.sx.
No Sint Maarten Privacy Authority Sint Maarten currently lacks a Privacy Authority to enforce the DPA. This could imply that Sint Maarten is not a country with adequate protection. Although www.entry.sx states that it complies with the GDPR, the GDPR itself prohibits transfers of personal data to countries without adequate protection.
Conclusion: The current legal basis of the ED Card is questionable. It requests personal data that do not clearly serve the purposes of the Ordinance and/or the Admission Decree, and the necessity of the information is insufficiently justified. Some of the requested information even qualifies as sensitive personal data, such as health status and criminal history, which is prohibited by the DPA and GDPR unless strict conditions are met. These conditions do not appear to be fulfilled.
Most importantly, the absence of a privacy authority in Sint Maarten means that the DPA cannot be enforced. The partners listed on www.entry.sx should therefore bring the questionable legal basis of the ED Card, as well as the enforcement of the DPA, to the attention of the legislator to fully comply with (inter)national privacy laws. Until then, travelers are encouraged to exercise their right to request deletion of their personal data after leaving Sint Maarten. This can be done via help@entry.sx.
Disclaimer: This blog provides general information and is not intended as legal advice. BZSE strongly recommends seeking personalized legal counsel based on your specific circumstances before making any decisions or taking action.
Caroline Fiévez
Attorney at BZSE Attorneys at Law/Tax Lawyers
More articles →
All travelers entering Sint Maarten are required to complete an Embarkation Disembarkation Card, commonly referred to as the “ED Card.” This requirement is based on the Admission Decree and the National Ordinance on Admission and Expulsion (“the Ordinance”). The purpose of these regulations is to prevent unauthorized entry into Sint Maarten, particularly for employment purposes. But does the ED Card comply with national and international privacy laws, including the Data Protection Ordinance and the GDPR?
What Personal Data Is Requested? In addition to basic identification and travel details such as name, address, arrival date, and accommodation, the ED Card also asks for:
• Whether you suffer from any of the listed communicable diseases (e.g., smallpox, malaria, tuberculosis, yellow fever, SARS)
• Your employment status: if unemployed, you must specify the reason (e.g., illness, retirement, or housewife)
• Whether you are carrying narcotics, weapons, or contraband, or have a criminal record
• The name, phone number, and email address of an emergency contact
• Mode of transport during your stay in Sint Maarten
• Whether you wish to receive future information about Sint Maarten
Privacy Concerns: It is questionable whether these inquiries have a sufficient legal basis. Under the Constitution of Sint Maarten and international treaties, everyone has the right to privacy. This right can only be restricted by law. However, there is no legal definition of the ED Card, nor is it legally specified which traveler data are specifically necessary to enforce the Ordinance and Admission Decree.
Given the ED Card’s purpose—controlling the inflow of job seekers—it seems unnecessary to ask about communicable diseases, emergency contacts, criminal record, mode of transport, or whether someone is a housewife (!) or retired. Even the privacy policy on www.entry.sx confirms that health information is only requested if required by local regulations, which implies that such requests are based on legislation other than the Ordinance and/or Admission Decree.
Sint Maarten Data Protection Act & the European GDPR The website www.entry.sx states that it complies with international privacy laws, including the GDPR. Although Sint Maarten has its own Data Protection Act (DPA), it is not mentioned on the site. It remains unclear whether these laws are adequately considered. The online ED Card states that the purpose for collecting personal data is to ensure compliance with government regulations related to entry into Sint Maarten; however, the purpose is not clear enough, e.g., it does not state to which government regulation reference is made. It is furthermore not clear who is responsible for processing the personal data. While it is plausible that the Immigration and Border Protection Service is processing the personal data of travelers, the website also displays logos of Princess Juliana Airport and the Sint Maarten Tourist Bureau as partners. If these entities have access to the ED Card data too, this should be explicitly stated, along with the purpose of their access. Furthermore, it is unclear where and for how long the personal data are stored.
The location of data storage is critical, as the DPA prohibits transferring data to countries without adequate protection. Since the ED Card is completed online, it is important to know whether the data remains in Sint Maarten or is stored abroad, for example, via a cloud service abroad. Logically, traveler data should be kept until the traveler leaves Sint Maarten. If it is necessary to keep personal data longer, such as for mailing future information about Sint Maarten, this must be clearly justified. In any case, personal data should not be kept longer than necessary for the purposes for which they were collected.
Notably, www.entry.sx does state that individuals have the right to request access to or deletion of their personal data via help@entry.sx.
No Sint Maarten Privacy Authority Sint Maarten currently lacks a Privacy Authority to enforce the DPA. This could imply that Sint Maarten is not a country with adequate protection. Although www.entry.sx states that it complies with the GDPR, the GDPR itself prohibits transfers of personal data to countries without adequate protection.
Conclusion: The current legal basis of the ED Card is questionable. It requests personal data that do not clearly serve the purposes of the Ordinance and/or the Admission Decree, and the necessity of the information is insufficiently justified. Some of the requested information even qualifies as sensitive personal data, such as health status and criminal history, which is prohibited by the DPA and GDPR unless strict conditions are met. These conditions do not appear to be fulfilled.
Most importantly, the absence of a privacy authority in Sint Maarten means that the DPA cannot be enforced. The partners listed on www.entry.sx should therefore bring the questionable legal basis of the ED Card, as well as the enforcement of the DPA, to the attention of the legislator to fully comply with (inter)national privacy laws. Until then, travelers are encouraged to exercise their right to request deletion of their personal data after leaving Sint Maarten. This can be done via help@entry.sx.
Disclaimer: This blog provides general information and is not intended as legal advice. BZSE strongly recommends seeking personalized legal counsel based on your specific circumstances before making any decisions or taking action.
Caroline Fiévez
Attorney at BZSE Attorneys at Law/Tax Lawyers
More articles →
