Airlines and Ticket Reservation Companies Do Not Fall Under the New Personal Data Regulations
From September 1, 2015 the new Federal Law ФЗ-242 “On amendments to a number of legislative acts of the Russian Federation in connection with clarifying personal data processing procedures for information and telecommunication networks” comes into effect. The Ministry of Communications and Mass Media of the RF has made clear on its web site that Russian and foreign airlines, as well as ticket reservation and issuing agencies, do not fall within the scope of this new law:
According to the provisions of Part 2 and 3 of Article 105 of the Russian Federation Air Code, contracts for the carriage of a passenger, cargo or mail by air are considered confirmed by an air ticket and baggage ticket, an airway bill, or a postal waybill accordingly; the air ticket, baggage ticket and other documents used for providing the air transportation of passengers can be issued electronically (electronic traffic document), granted that provisions of the air transportation contracts are distributed through the automatic information system used for ticketing. Consequently, in order to comply with the law, airlines have to process the personal data of passengers used for issuing documents that confirm the contract’s execution.
According to Article 85.1 of the Russian Federation Air Code, for the purposes of aviation security airlines must ensure passengers’ personal data transfer into automatic centralized personal data databases in compliance with RF laws on transportation security and on personal data protection; international air carriers are also required to transfer such data to the authorized bodies of foreign states in compliance with RF international agreements or laws of the foreign states from which the air carrier departs, arrives at or passes through in transit, to the extent set by RF laws, unless otherwise stipulated by RF international agreements. It should be noted, that the Russian Federation is a party to a number of international air carrier conventions, namely the Chicago Convention (“Convention on International Civil Aviation”), Warsaw Convention (“Convention for the Unification of Certain Rules Relating to International Carriage by Air”), Guadalajara Convention (“Convention Supplementary to the Warsaw Convention for the Unification of Certain Rules Relating to International Carriage by Air Performed by a Person other than the Contracting Carrier”), that also form an integral part of the legal regulation of air carriers’ operations and the corresponding information processes.
Based on the above, the provisions of Part 5, Article 18 of the Federal Law “On Personal Data” do not cover Russian and foreign air carriers’ operations connected with the gathering and processing of personal data of citizens of the Russian Federation, which is used for making reservations, or issuing and granting tickets, baggage tickets and other documents, because they fall within the exception contained in Clause 2, Part 1, Article 6 of the Federal Law “On Personal Data”
Also the provisions of Part 5, Article 18 of the Federal Law “On Personal Data” do not cover operations of persons acting on behalf of an air carrier (authorized agents), covered by Clause 6 of the Common rules for air service of passengers, baggage, cargo and maintenance requirement of passengers, exporter and receiver, approved by the Ministry of Transportation Order №82 of June 28, 2007 “Approval of Federal Aviation Rules ‘Common rules for air service of passengers, baggage, cargo and maintenance requirement of passengers, exporter and receiver’”, as well as operations of other persons connected with the processing of personal data of citizens of the Russian Federation, which is used for making reservations, or issuing and granting tickets, baggage tickets and other documents, including in an electronic form, if such operations are covered by RF law or a corresponding international agreement, including for the purposes of ensuring aviation security.”