Why airlines have to share international passengers’ data with Customs

In a move aimed at preventing economic and other offenders from leaving the country, the Union Finance Ministry has notified new rules which require airlines to mandatorily share PNR details of passengers including credit card numbers with the Customs department 24 hours prior to departure of international flights.

With this, India joins 60 other countries that collect PNR (Passenger Name Record) details of international passengers.

On August 8, the Central Board of Indirect Taxes and Customs (CBIC), under the Union finance ministry, notified the ‘Passenger Name Record Information Regulations, 2022’, which aims at “risk analysis” of passengers.

Also read: DGCA starts 2-month special audit of airlines after spot checks

According to it, airlines have to share the information of passengers, including name, contact details, payment details (credit card number), and so on. This will be used by the Customs department for improved surveillance and risk assessment of passengers entering or leaving the country.

The notification, however, did not state any reason for seeking such information of passengers. Analysts said this was to prevent bank loan defaulters from fleeing the country to avoid prosecution.

According to information furnished by the government in Parliament, a total of 38 economic offenders, including Nirav Modi, Vijay Mallya and Mehul Choksi, fled the country in the last five years.

“The National Customs Targeting Centre-Passenger established by the Board to receive and process passenger name record information along with any other information relevant for risk analysis of passengers for the purpose of, – (a) the prevention, detection, investigation and prosecution of offences under the Act and the rules and regulations made there under, or (b) the law enforcement agencies or government departments of India or any other country…,” the notification said.

Also read: DGCA grounds Air India’s Dreamliner after Dubai-Kohli flight diverted due to cabin pressure loss

“Every aircraft operator shall transfer the passenger name record information, as per list in Annexure II to these regulations, of passengers they have already collected such information in the normal course of business operations, to the designated Customs systems… Every aircraft operator shall transfer passenger name record information not later than twenty four hours before the departure time; or at the departure time – wheels off,” it added.

The information to be shared by airlines for both inbound and outbound international flights include the name of the passenger, billing/payment information (credit card number), date of issue of ticket as well as intended travel, and names of other travellers in the same PNR, travel itinerary for the PNR, contact details like email id, mobile number, details of travel agency, baggage information and code share information (when one airline sells seats on another air carrier’s flight).

KPMG in India, Partner, Indirect Tax, Abhishek Jain said the objective of the regulations is to obtain relevant passenger data for risk analysis to proactively prevent, detect, investigate or prosecute offences under the customs law or any other domestic or international law.

Also read: Airlines’ loss globally down, may make profit by next year: IATA

“The onus of timely collecting and sharing such information has been put on the airline operators. Further, while strict privacy guidelines have been stipulated under the said regulations, the government should ensure that the same are duly enforced to prevent unauthorised usage,” Jain said.

Penalty

According to the notification, non-compliance with the regulations, will lead to the airlines being fined a minimum of ₹25,000 and a maximum of ₹50,000.

“Without prejudice to any other action that may be taken against an aircraft operator or his authorised agent under the provisions of the Act, or any other law for the time being in force, the Principal Additional Director General or Additional Director General of the National Customs Targeting Centre -Passenger, may impose a penalty which shall not be less than twenty five thousand rupees (₹25,000) but not more fifty thousand rupees (₹50,000), for each act of non-compliance, on an aircraft operator or his authorised agent who contravenes or fail to comply with any provisions of these regulations,” it said.

Privacy and protection of information

“(1) The passenger name record information received by Customs designated system shall be subject to the strict information privacy and protection in accordance with the provisions of any law for the time being in force. (2) race or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, health, sexual life or sexual orientation, shall not be permitted.

“(3) The passenger name record information shall be received, stored, processed and disseminated in a secure system accessible only to the duly authorized officers by establishing robust procedure to protect the privacy of passengers and crew members by the National Customs Targeting Centre-Passenger,” the notification said.

Also read: On Air India recruitment day, 55% IndiGo flights delayed as crew takes ‘sick leave’

Period of retention of data

The data of the passengers would be retained by the Customs authorities for a maximum period of five years.

According to the notification, “(1) The passenger name record information received in Customs designated system shall be retained for a maximum period of five years from the date of such receipt: Provided that the provisions under this sub-regulation shall not be applicable, if such information is required in the course of an investigation, prosecution, or any court proceeding.

“(2) After expiry of five years specified under sub-regulation (1), it shall be disposed of by depersonalisation or anonymisation through masking out the relevant information which can serve to identify directly the passenger to whom the passenger name record information relates: Provided that such depersonalised or anonymised information may be repersonalised or unmasked when used in connection with an identifiable case, threat or risk for the specified purposes: Provided further that the information received may be used for further analysis and study only by an authorized officer not below the rank of Principal Additional Director General or Additional Director General of the National Customs Targeting Centre-Passenger.”

Audit

“There shall be an extensive independent system audit and security audit on annual basis, to prevent any misuse of the passenger name record information by an officer of the rank of Principal Additional Director General or Additional Director General of the National Customs Targeting Centre-Passenger appointed by the Director General of Analytics and Risk Management: Provided that the said officer shall not carry out both the system audit and security audit.”

Also read: Safety concerns: SpiceJet told to operate just 50% flights for 8 weeks

Sharing of information with foreign states

“When passenger name record information relates to any offence, under any law for the time being in force, at national or international level, the National Customs Targeting Centre-Passenger, may share the relevant information on a case-to-case basis with other law enforcement agencies or government departments of India or any other country.

“Provided that sharing of such relevant passenger name record information with other law enforcement agencies or government departments of India or any other country shall be subject to maintenance of same level of information privacy and protection of information and safeguards: Provided further that such other law enforcement agencies or government departments of India or other countries shall, while seeking information, specify the purpose for which such information is being sought,” as per the notification.