Airlines asked to share data of international passengers with Customs authorities

The data needs to be shared at least 24 hours before departure and incase, the airlines fail to do so, a minimum penalty of Rs 25,000, which can go up to Rs 50,000 for every act of non-compliance can be levied by the customs department.

The information that would have to be shared with the department will include the PNR number, date of travel, credit card details, locator code, date of reservation and intended travel, if the passenger is a frequent flyer or not as well as information on other benefits such as free tickets and upgrades, billing, if the travel is booked by an agency or an agent, seat number, any history of changes to PNR, among others.

The National Customs Targeting Centre for Passengers will collect the information shared by the airlines. The CBIC database will conduct risk analysis of passengers based on the data. The CBIC can also share the data with other law and enforcement agencies, government departments of India as well as any other country.

The CBIC will retain the data for five years, following which it would be disposed of by depersonalisation or anonymisation.

However, the data can be “re-personalised and unmasked when used in connection with an identifiable case, threat or risk for the specified purposes,” the CBIC said.

The law has provisions for ensuring privacy of the data too.

However, the move seems to have not been received in the right intent by lawyers and experts.

“The tracking of travel history and gathering detailed data will lead to collection of lot of personal information. This may help the customs authorities to track those travel itineraries where the person frequently travels to a particular location and gets specified goods with him while coming back to India. While this information could help in gathering information through Artificial Intelligence, there is an equal risk of data privacy”, said Abhishek A Rastogi, partner at Khaitan & Co.

“The information collected may have to cross the test of constitutionality, when such information and data are beyond the scope and objectives sought to be achieved through these regulations,” added Rastogi.

"For instance, the Board through these regulations would collect, by Artificial Intelligence and otherwise, the details of the goods which could be imported from a particular jurisdiction. However, the class of travel and the details of how many times the PNR has been changed are not relevant to be gathered for determining the import of goods in contravention of the baggage rules. Hence, it becomes imperative to examine the objectives which are sought to be achieved through these regulations and not burden the airline authorities, etc with redundant information," added Rastogi.

Saurabh Agarwal, Partner Tax and Regulatory Services, EY, reiterated that the customer information sought from the airlines is too detailed and personal in nature. "While the strict privacy & protection guidelines have been provided for in the regulation itself, it will be very important for the government to strictly adhere to such privacy guidelines.” Agarwal added.

Meanwhile, the International Air Transport Association (IATA) welcomed the CBIC's move. “IATA welcomes the notifying of the PNR regulations by the CBIC, thereby establishing a proper legal framework for the implementation of the PNR data program for India. We are encouraged by the CBIC notification specifying the transmission of PNR data to specifically designated customs system through a standard PNRGOV EDIFACT message, as well as ensuring privacy and protection of the PNR data," Amitabh Khosla, Country Director- India, IATA, said.

He said the CBIC’s framework is in line with the established standards laid out in the ICAO Doc9944 Guidelines on Passenger Name Record (PNR) Data. "We expect the notification to be followed by specific guidelines for implementation and coordination and cooperation from the CBIC for airline’s smooth implementation. Importantly, the rollout of PNRGOV in India, should now bring an end to the non-standard passenger data requests from the airlines, by multiple agencies at various airports/stations,” Khosla added.

Anita Rastogi, Partner, GST and indirect taxes, PwC, said the regulations have been passed to conduct "risk analysis of passengers" for the purpose of prevention, detection, investigation and prosecution of offences under the Customs Act, 1962. "Considering that these regulations require vast amount of data of every passenger to be shared by the airlines, the government may narrow it down to asking for information of specific passengers based on intelligence inputs rather than asking for data of all passengers thereby addressing any privacy concerns," Anita added.

"These regulations are meant to enhance detection, interdiction and investigative capabilities of Customs authorities using non-intrusive techniques for combating offences related to smuggling of contraband such as narcotics, psychotropic substances, gold, arms and ammunition, etc, that directly impact national security," the CBIC said.

Sources told CNBC-TV18 that India is not the only country to impose such rules on passenger information — some other countries/regions which have similar rules are Japan, USA, Australia, Canada and the EU.