New passenger information regulations announced earlier this week are meant to improve the ability of Customs authorities to stop smuggling of contraband such as narcotics and materials that could pose a threat to national security, the government said in a statement on Wednesday, after the new rules triggered concerns of privacy intrusions.
Late on Monday, the government notified the Passenger Name Record Information Regulations, 2022, making it mandatory for air service operators to share details of international travellers with a Customs agency, including that of when a traveller was due to fly, their destination, how many bags they are carrying, their seat numbers as well as co-passenger data.
“Although some data elements included in the regulations are available from other sources, the objective of these regulations is to obtain this data in advance of departure or arrival of the passengers for analytics by the Customs Risk Management System,” the statement said.
According to officials who asked not to be named, the new rule was framed by evoking Section 157 of the Customs Act that gives government the “general power” to make regulations.
The particular clause of the Section 157 in the Act, which was inserted by the Finance Act, 2017, empowers the government to collect particulars related to passengers and crew along with the penalty for delay in delivering such information, they said.
The tracking of passengers will be done by the National Customs Targeting Centre-Passenger (NCTC-P), under the Central Board of Indirect Taxes and Customs (CBIC), which will receive information from airline operators, one of these people said. The information thus collected could be used by national or international agencies for risk analysis and appropriate action, this person added.
“Agencies will have information 24 hours before the departure of passengers and they have adequate response time to act in case of any risk detected,” a second person said. With the use of data analytics and artificial intelligence, patterns of unscrupulous elements could be tracked easily as the new rules provide for storage of collected data for at least five years,” this person said.
According to the notification, the data collection will need to adhere to privacy protections as per law in force. But much would depend on its implementation, the first person said.
India, however, does not have a data protection law. In the monsoon session that concluded this week, the government pulled back the personal data protection bill, which was four years in the making, for a new version that it will now draw up.
“Processing of passenger name record information revealing a person’s race or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, health, sexual life or sexual orientation, shall not be permitted,” the notification said, adding that the records will be “received, stored, processed and disseminated” within a “secure system” accessible only to duly authorised officers.
“The information would be handy for national and international agencies to check crime and nab criminals,” the first person said. According to the notification, the data thus collected could be shared with law enforcement agencies or foreign government agencies.
The new law has strict penal provisions for aircraft operators on non-compliance. A minimum penalty of ₹25,000 and maximum ₹50,000 is stipulated for each act of non-compliance under the new law. The Penalty would be levied on an aircraft operator or its authorised agents, the notification said.
Saurabh Agarwal, Tax partner at consultancy firm EY said: “The customer information sought from the airlines is too detailed and personal in nature. While the strict privacy and protection guidelines have been provided for in the Regulation itself, it will be very important for the Government to strictly adhere to such privacy guidelines.”
Similar rules are in place in other countries and regions, but many, such as the European Union and the UK, also make it mandatory for the PNR processing system to have an oversight of data protection authorities and independent regulators.
Sign on to read the HT ePaper epaper.hindustantimes.com