In Russia, starting this fall, airlines will be required to transfer a broad set of passenger data into a centralized database. The data will include bank card details, IP addresses, phone numbers, email addresses, and even account credentials, alongside traditional passport and ticket information. The move aims to create a comprehensive repository of traveler data within the national system that governs transportation safety and oversight.
Industry stakeholders argue that some of this information goes beyond what is routinely necessary for travel and raises concerns about privacy. Airlines warn that the transfer of sensitive data could complicate consent requirements and heighten the risk of data exposure. They emphasize that passengers should grant explicit permission for certain categories of information to be shared, and they worry about who bears liability if data leaks occur or if misuse happens in the system.
Officials say the state system is designed with robust protection and that automated monitoring will help detect suspicious activity quickly. The development timeline includes a draft directive that would formalize procedures for building an automatic database of personal data on passengers and crew, extending the scope of what must be collected and stored for all intercity and international travel.
Under the plan, not only air carriers but also operators in maritime, rail, and road transport sectors would need to feed data into the unified state transport safety information system. The region around the capital and major routes connecting metropolitan centers are cited as focal points, with certain interregional routes set to operate under different rules. The system is intended to hold a broader range of details about travelers to support safety audits, risk assessment, and rapid response to incidents in transit networks.
The database for passenger data is operated by a national information security agency within the transport ministry. Access to the consolidated data is expected to extend to several supervisory and enforcement bodies, reflecting a policy shift toward centralized information sharing across agencies. Currently the system already holds passport data, travel dates, and route information, but the draft order expands these data fields to include contact email addresses, phone numbers, and personal account information including usernames and passwords, as well as IP addresses and port numbers used during data transmission and any associated payment card details. This broader scope aims to improve verification, tracking, and incident response across all transport modes while raising questions about privacy safeguards, user consent, and the accountability framework for operators and state agencies involved in data handling.
There have been public statements from government representatives asserting that the initiative is part of a broader push to strengthen security, monitor travel patterns, and prevent crime. Critics argue that without clear opt-outs, transparent governance, and strong data minimization principles, the plan could undermine passenger trust and expose both individuals and carriers to heightened risk. The debate centers on balancing national security and public safety with individual privacy rights and the responsibilities of operators to protect sensitive information from unauthorized access. The discussion continues as stakeholders assess the operational, legal, and ethical implications of expanding the data set stored in the unified system and the safeguards required to protect both travelers and the transportation network as a whole.