A study by NITI Aayog, a government think tank, has called for clearer rules on data deletion within the Digi Yatra programme. This initiative aims to streamline air travel using facial recognition technology, but privacy concerns have emerged regarding user data.
Data Deletion Concerns In India’s Digi Yatra Programme
Seamless Air Travel: Embrace the Future with Digiyatra✈️”
@digiyatradelhi @Digi_Yatra#digiyatra #yatra #airport #governmentinitiative #digiyatraapp #digiyatrafoundation pic.twitter.com/tK84MqB4Px
— Dr. Kusum Lunia (@kusum_lunia) November 2, 2023
While the policy currently mandates the deletion of facial biometrics from local airport systems within 24 hours of a passenger’s departure, the fate of other collected information remains unclear. The study urges the policy to explicitly outline deletion procedures for this additional data, including any facial biometrics stored in other registries.
Digi Yatra promises a contactless and efficient travel experience through facial recognition. However, concerns have been raised about the potential misuse of passenger data. The programme envisions an integrated identity management system for Indian airports, aiming to enhance security, digitise processes, and reduce operational costs.
Also Read: Digi Yatra’s Expansion: Mumbai And Five More Airports Embrace The Future Of Travel
Cybersecurity Audits And Vulnerability Testing
Consent of passenger is pre-requisite for taking face biometric: Jyotiraditya Scindiahttps://t.co/BvVuHuH7MC
Download Economic Times App to stay updated with Business News –
https://t.co/WphCOOBnUw pic.twitter.com/JH45uElLYK— Digi Yatra Official (@DigiYatraOffice) January 28, 2024
The study emphasises that any move towards mandatory Digi Yatra usage must comply with the “legality, necessity, and proportionality” principles established in the landmark K.S. Puttaswamy v. Union of India case, which safeguards the fundamental right to privacy. To ensure robust security and system reliability, the report recommends frequent cybersecurity audits and vulnerability testing. Additionally, it proposes establishing a mechanism for independent algorithmic audits to address evolving security threats within the Digi Yatra ecosystem.
Furthermore, the study advocates for the development of Standard Operating Procedures (SOPs) that specify data retention timelines for different categories of information within the Digi Yatra Central Ecosystem. These SOPs should also outline procedures for handling sensitive personal data. The report underscores the importance of ongoing system performance monitoring. It also recommends an “opt-in” approach for consent when using facial recognition data and other relevant information for value-added services. Passengers should have the right to revoke such consent at any time.
Digi Yatra leverages facial recognition technology to authenticate travel credentials, enabling automated checkpoints with minimal human intervention. While this technology holds promise for streamlining airport operations, user privacy concerns remain.
Also Read: Digi Yatra: Guwahati Airport Becomes The First Northeast Airport To Get This Facility
The Digi Yatra Foundation, the programme’s nodal agency, has previously assured users that the Digi Yatra Central Ecosystem (DYCE) does not store any ID credentials with Personally Identifiable Information (PII) in a central repository.
Cover Image Courtesy: @DigiYatraOffice/X (Formerly, Twitter)
For more such snackable content, interesting discoveries and the latest updates on food, travel and experiences in your city, download the Curly Tales App. Download HERE.