The government on Monday tabled the Advance Passenger Information (API) and Passenger Name Record (PNR) Bill 2025 in the National Assembly, seeking to regulate the collection, transmission, sharing, storage, and protection of passenger data for individuals travelling to, from, and through Guyana.
The bill also aims to operationalize the Caricom Advance Passenger and Crew Information System while ensuring compliance with national and international data protection standards. It also proposes the establishment of a Passenger Information Unit (PIU) responsible for processing, analyzing, and storing data transmitted by aircraft and vessels.
Under the bill, a Competent Authority will be set up to verify API and PNR data and ensure compliance with the law. The authority will oversee the operations of the PIU, which will be staffed by an immigration officer as head, along with a police officer, a Customs and Excise officer, a data protection officer, and other personnel as deemed necessary by the minister.
The PIU will be responsible for receiving, storing, processing, analyzing, and managing all API and PNR data transmitted by aircraft and vessels. The bill also outlines strict data protection measures, prohibiting government ministries, departments, and agencies from having direct access to API and PNR data unless granted through a written request to the Competent Authority.
Additionally, the bill allows for the appointment of a data protection officer, who will oversee the processing of passenger data, conduct training programmes on data protection principles, and ensure compliance with the Data Protection Act 2023.
The bill mandates that “captains, masters, or agents” of aircraft and vessels must provide API and PNR data to the Competent Authority and the Caricom Electronic Manifest Single Window. Failure to comply could result in penalties, including fines of up to $4 million or imprisonment for six months.
API and PNR data will be cross-checked against national and international watch lists, including those from Interpol, to assess potential security risks. The bill also provides guidelines for processing data in a way that does not reveal sensitive personal information, such as race, political opinions, or religious beliefs.
The bill includes provisions for sharing API and PNR data with law enforcement agencies within Guyana and internationally, provided it aligns with the Data Protection Act 2023. The Competent Authority will be responsible for determining when such transfers are necessary to prevent, detect, investigate, or prosecute terrorism and other serious crimes.
Additionally, foreign authorities may request PNR data from Guyana’s Competent Authority if reasonable grounds exist for such a request. The PIU will facilitate these exchanges while ensuring adherence to national and international data protection standards.
The legislation imposes strict penalties for non-compliance, including fines and imprisonment for individuals or entities that fail to provide accurate passenger data. It also establishes clear guidelines for retaining and deleting API and PNR data, with most data being stored for up to seven years unless linked to a criminal investigation.
The bill includes six schedules detailing data submission requirements, timeframes for transmission, and procedures for handling sensitive information.
