Purpose of Collection and use of Passenger Name Record (PNR) data
The Department of Immigration and Border Protection is responsible for undertaking the risk assessment and clearance of all passengers arriving into and departing from Australia.
To facilitate the carrying out of these border protection functions Australian law, namely section 64AF of the Customs Act 1901 (Cth), allows the Department to request access to passenger information from all international passenger air service operators flying to and from Australia.
Passenger Name Record data records the passenger information of persons taking or proposing to take international passenger air service flights into and out of Australia.
Access to Passenger Name Record data by the Department forms an integral component of Australia’s intelligence led, risk based approach to border protection.
Analysis of PNR data and other relevant information by the Department and partner agencies plays a critical role in the identification of possible persons of interest in the context of combating terrorism, drug trafficking, identity fraud, people smuggling and other serious transnational crimes.
A Passenger Name Record may contain a number of data elements relating to a passenger’s travel including:
- passenger name (family and given);
- contact details including address and telephone numbers;
- any collected Advance Passenger Information data (including name on passport, date of birth, sex, nationality, passport number);
- ticketing information including relating to payments; and
- travel itinerary.
We use this PNR data for pre-arrival or departure risk assessment of persons and/or aircraft for the purpose of preventing, detecting, investigating and prosecuting terrorist offences or serious transnational crime. PNR data may also be processed by the Department:
- in exceptional cases where necessary for the protection of the vital interests of any individual, such as risk of death, serious injury or threat to health; and
- for the purpose of supervision and accountability of public administration and the facilitation of redress and sanctions for misuse of data,
Protection of PNR data
We ensure that the PNR data we collect, including an individual’s personal information, is collected, stored, used and disclosed in accordance with the Australian Privacy Principles in Schedule 1 of the Privacy Act 1988 (Cth) (the Privacy Act), and, where appropriate, the Australia-EU PNR Agreement.
The Agreement between the European Union and Australia on the Transfer of Passenger Name Record data (PNR) by Air Carriers to the Australian Customs and Border Protection Service came into force on 1 June 2012. This Agreement provides a legal framework for the transfer of PNR data to the Department from airlines that process their PNR data within the jurisdiction of the EU.
Disclosure of PNR data
The Department at times discloses PNR data to other government authorities in Australia and overseas, including disclosures to Australian and overseas law enforcement agencies, and does so in accordance with the Privacy Act, section 16 of the Customs Administration Act 1985 (Cth) (CA Act) and, where relevant, the data protection safeguards set out in the Australia-EU PNR Agreement.
PNR data is only disclosed to other government authorities where the Department is satisfied that the receiving authority agrees to afford the data transferred the same safeguards set out in the Privacy Act and the Australia-EU PNR Agreement.
When PNR is processed under the obligations set out in the Australia-EU PNR Agreement, PNR may be disclosed to specific Australian government authorities, which are identified in Annex 2 of the Australia-EU Agreement as follows:
- Australian Crime Commission;
- Australian Federal Police;
- Australian Security Intelligence Organisation;
- Commonwealth Director of Public Prosecutions;
- Department of Immigration and Border Protection; and
- Office of Transport Security, Department of Infrastructure and Transport.
How to request access to or correction of your PNR data
- apply to view or to receive a copy of documents relating to you, including documents containing PNR data, by completing a Freedom of Information (FOI) request; and/or
- request correction of PNR data held by us and relating to you where the data is inaccurate.
The above requests can be made to the Department of Immigration and Border Protection through the FOI Coordinator by email to email@example.com or the Privacy Contact Officer by email to firstname.lastname@example.org.
Further information on these processes is available on our Freedom of Information pages and the Office of the Australian Information Commissioner website.
Complaints by individuals concerning the handling of their PNR data by the Department may be made directly to us and then, under the Privacy Act, to the Office of the Australian Information Commissioner.
Under the Privacy Act, the Office of the Australian Information Commissioner has the power to:
- investigate complaints made by individuals, where it is alleged that an Australian government agency or a private sector organisation has breached the Privacy Act;
- investigate an agency covered by the Privacy Act;
- audit Australian government agencies to determine the extent of compliance with the Privacy Act and to promote good privacy practice (ongoing audit arrangements covering PNR data handling by the Department are currently in place; and
- make determinations in relation to a complaint.
You also have the right to lodge a complaint with the Commonwealth Ombudsman regarding your treatment by the Department. The Commonwealth Ombudsman website provides more information on this process.