All airlines flying to or from India are now required to submit details of all passengers and cabin crew to Indian Custom authority for risk analysis. Central Board of Indirect Taxes & Custom (CBIC) has notified rules for a provision made in the Finance Act, 2017.

The new rules made effective from August 8 envisage the setting up of the “National Customs Targeting Centre – Passenger”, a body that would collect and store information regarding passengers coming in to or flying out from India for the purpose of “risk analysis”.

This information would include not just the details included in the passport but all available payment/billing information including credit card number, name of the travel agent and even special services provided to the passenger by the airlines.

The National Custom Targeting Centre – Passenger would store these details for five years for the purpose of “prevention, detection, investigation and prosecution” of offences under the Customs Act. The information is also to be shared with the law enforcement agencies, government departments or even foreign governments.

However, domestic and foreign entities will be required to specify the purpose of seeking data. 

“When passenger name record information relates to any offence, under any law for the time being in force, at national or international level, the National Customs Targeting Centre-Passenger, may share the relevant information on a case-to-case basis with other law enforcement agencies or government departments of India or any other country,” the notification said.

Airlines do not have an option to avoid giving these details.

Data retention

“Every aircraft operator shall transfer passenger name record information not later than twenty four hours before the departure time; or at the departure time — wheels off,” a notification by CBIC said. In case of non-compliance, airline will have to pay penalty between ₹25,000 and ₹50,000 for each contravention. While privacy will be maintained, data can be shared with specified government entities.

The notification also prescribed retention of data for five years only provided it is not required in the course of an investigation, prosecution, or any court proceeding. After five year period, it will be disposed of by depersonalisation or anonymisation through masking out the relevant information.

However, depersonalised or anonymised information may be re-personalised or unmasked when used in connection with an identifiable case, threat or risk for the specified purposes. The notification also has provision of annual audit to curb misuse of data.

Airlines are to provide 19 types of information related with passengers.

These include available frequent flyer and benefit information (i.e., free tickets, upgrades, etc), other names on PNR, including number of travellers on PNR, all available contact (email, telephone number, mobile number information (including originator of reservation), all available payment/billing information (e.g. credit card number), travel agency/travel agent, travel status of passenger (including confirmations and check-in status), baggage information, seat information, details of passport beside others.

Curbing crimes

Tanushree, Roy, Director (Indirect Tax) with Nangia Andersen India, hoped new regulation would be an effective tool in curbing cross-border crimes. “At the same time, the said Regulations would help keep a track record of every passenger travelling to and from India, which would further help in the prevention, detection, investigation and prosecution of offences under the Customs Act,” she said.

Abhishek Jain, Partner with KPMG in India, says the objective of said regulations is to obtain relevant passenger data for risk analysis to proactively prevent, detect, investigate or prosecute offences under the Customs law or any other domestic or international law. “While strict privacy guidelines have been stipulated under the said regulations, the Government should ensure that the same are duly enforced to prevent unauthorised usage,” he said.