With its new Passenger Name Record Information Regulations, 2022, the Central Board of Indirect Taxes and Customs (CBIC) has asked airlines to mandatorily share PNR (passenger name record) details of all international passengers with the National Customs Targeting Centre-Passenger, 24 hours prior to departure of flights. The regulations are aimed at “risk analysis” of passengers to prevent economic and other offenders from fleeing the country, as well as check any illicit trade, such as smuggling.
What are the new regulations as per the CBIC notification?
As per the notification issued Monday, airlines will have to share 19 data points with the authorities. This includes name of the passenger; date of intended travel; all available contact details; all available payment or billing information such as credit card numbers; travel status of the passenger, including confirmation and check-in status; baggage information; seat information; and travel agency or agent from where the ticket was issued.
Every aircraft operator will have to seek registration with Customs for its implementation and will have to transfer passenger name record information not later than 24 hours before the departure time; or at the departure time – wheels off.
In case of non-compliance by an aircraft operator or its authorised agent, the National Customs Targeting Centre-Passenger can impose a penalty between Rs 25,000-50,000, for each act of non-compliance.
What is the objective of these rules for passenger details?
“The objective is to collect advance information on passengers for better risk profiling. Immigration data is available only after the arrival or departure of passengers,” a senior CBIC official told The Indian Express.
Airline officials said the move creates a standardised process of passenger data sharing with the Customs department, given that non-standard requests for passenger data could potentially lead to privacy infringements.
The move to gather traveller data comes close on the heels of the Centre junking its proposed personal data protection framework in favour of a new set of legislation, which effectively extends the time frame for establishing a rulebook for the protection of citizens’ personal data.
The consent will be “manifested” by the person’s registration in the passengers’ list of the aircraft operator, and the data will be recorded for prevention, detection, investigation and prosecution of offences under the Customs Act.
With this, India joins a list of over 60 countries, including the United States, that have regulations on sharing of advanced passenger information with Customs and border control authorities.
Earlier this year, the International Air Transport Association (IATA) – a trade body representing global airlines – had written to the Ministry of Civil Aviation flagging non-standard requests raised by law enforcement and investigative authorities for seeking passenger details.
Experts said this will provide a consolidated database on a government portal for risk analysis of passengers and help take action against economic offenders.
“The objective of said regulations is to obtain relevant passenger data for risk analysis to proactively prevent, detect, investigate or prosecute offences under the Customs law or any other domestic or international law. The onus of timely collecting and sharing such information has been put on the airline operators. Further, while strict privacy guidelines have been stipulated under the said regulations, the government should ensure that the same are duly enforced to prevent unauthorised usage,” said Abhishek Jain, Partner, Indirect Tax, KPMG in India.
According to information shared by the government in Lok Sabha in September 2020, 38 persons involved in cases registered by the Central Bureau of Investigation related to financial irregularities with banks fled the country from January 1, 2015 to December 31, 2019. Under the Prevention of Money Laundering Act, 2002, applications for Red Corner Notices were filed against 20 persons, extradition requests were sent to various countries for 14 persons, and applications under Fugitive Economic Offenders Act, 2018 were filed against 11 persons.
What are the norms for sharing the passenger details?
In addition to the Customs department, law enforcement agencies or government departments of India or any other country can also gain access to the data “on a case-to-case” basis, subject to maintenance of the same level of information protection, privacy and safeguards, provided the agencies specify the purpose of the information being sought.
The National Customs Targeting Centre-Passenger, set up by the CBIC, will process information for the prevention, detection, investigation and prosecution of offences under the Customs Act, and also for law enforcement agencies or government departments or any other country, it said.
There shall be an extensive independent system audit and security audit on annual basis, to prevent any misuse of the passenger name record information.
The information would be retained in the Customs designated system for a maximum period of five years. After expiry of five years, it shall be “disposed of by depersonalisation or anonymisation through masking out the relevant information which can serve to identify directly the passenger to whom the passenger name record information relates, provided that such depersonalised or anonymised information may be repersonalised or unmasked when used in connection with an identifiable case, threat or risk for the specified purposes”.