wordpress blog stats
Connect with us

Hi, what are you looking for?

Indian govt says no central storage of Digi Yatra data, accountability for user privacy still a question

Passengers’ personal data is stored on their smartphones, the Ministry said in a press release. But the bigger questions around data privacy remain

“Under Digi Yatra, passengers’ data is stored in their own device and not in centralized storage In the Digi Yatra process, there is no central storage of passenger’s Personally Identifiable Information (PII) data. All the passengers’ data is encrypted and stored in the wallet of their smartphone,” the Ministry of Civil Aviation (MoCA) said in a press release issued on March 17, 2023.

The press release was issued after Union Minister of Civil Aviation Jyotiraditya Scindia tweeted in response to MediaNama Editor Nikhil Pahwa’s tweet pointing out that the government has “structured collection of facial data to avoid accountability”. Pahwa’s tweet was based on an RTI filed by MediaNama, to which the MoCA replied stating that Digi Yatra does not come under the purview of the RTI Act because the project is managed by the Digi Yatra Foundation, a non-profit entity of participating airports.

Here’s what Jyotiraditya Scindia replied:

The press release further stated that the data is shared only between “the passenger and the airport of travel origin, where passenger’s Digi Yatra ID needs to be validated”. “The data is purged from the airport’s system within 24 hours of departure of flight. The data is shared by passengers directly, only when they travel and only to the origin Airport,” it adds. Further, the Ministry says that the process is voluntary and since the data shared is encrypted, cannot be used by any other entity.

STAY ON TOP OF TECH POLICY: Our daily newsletter with top stories from MediaNama and around the world, delivered to your inbox before 9 AM. Click here to sign up today!

Why it matters: The MoCA is planning to expand Digi Yatra to other cities amid concerns related to the use of facial recognition technology–such as storage, sharing, and security of data and privacy of travelers–in the absence of a data protection regime. We have pointed out that it is unclear why one cannot seek information about the project under RTI, especially when the project has been circulated as a national policy since 2018. The press release issued by the Ministry does not really address this and many other questions raised by Twitter users in response to the Minister’s tweet.

MediaNama’s RTI on the Digi Yatra project:

In order to get a preliminary update on the status of the Digi Yatra facility, which will soon be extended to more airports, we filed an RTI with the MoCA inquiring about the airport-wise details of the number of individuals who have registered for and used the facility, and the number of downloads recorded by the Digi Yatra application until February 4, 2023 (the date when the RTI was filed).

Digi Yatra uses facial recognition tech to enable a “contactless” boarding process at the airport. The unaddressed technical concerns with regard to facial recognition systems—as pointed out by the Internet Freedom Foundation—calls for an assessment of these potential problems. To start with, we asked the Ministry if they had any data on the grievances and the reasons for them recorded on the app or through their website about Digi Yatra, after it was launched. Additionally, the RTI inquired if the Ministry has addressed any of the grievances. The Ministry provided no answers to any of these questions. We have filed another RTI asking for more details on the project and the data collection process. We are yet to receive a response to it.

Unanswered questions:

Pahwa’s tweet gained much attention on Twitter initiating discussion about where and how people’s biometric data is collected and stored under the Digi Yatra project. The Minister’s response stating that user data is not collected in any central repository or by the Digi Yatra Foundation raises pertinent questions: how is it possible that the facial biometric data and photos used for authentication are not read by the system? And if the data is purged from the airport’s system within 24 hours, as stated in the press release, do passengers have any mechanism to delete their biometrics from the Digi Yatra app on their phones?

Further, tech researcher Srinivas Kodali pointed out that Avinash Komireddy, founder and CEO of Dataevolve, the company that designed the DigiYatra system, said in an interview with MoneyControl that “the facial recognition authentication process takes place on the Amazon Web Services (AWS) cloud platform”. “That’s the only touch point where your data is going into AWS, because doing it (the verification) on the phone is not very practical,” Komireddy said, adding that no data is stored on AWS, or with the start-up themselves. But, this does suggest that the data doesn’t just remain between the passenger and the airport system, as stated by the Minister.

While the Ministry is reiterating that the data is not stored in any central repository, and thus there’s no information on the queries mentioned in our RTI, Pahwa pointed out the most pertinent question: “Who is Digi Yatra then accountable to for citizen privacy?” This still remains unanswered.

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Also Read:

Written By

Curious about privacy, surveillance developments and the intersection of technology with education, caste and welfare rights.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...


RBI Deputy Governor Rabi Shankar called for self-regulation in the fintech sector, but here's why we disagree with his stance.


Both the IT Minister and the IT Minister of State have chosen to avoid the actual concerns raised, and have instead defended against lesser...


The Central Board of Film Certification found power outside the Cinematograph Act and came to be known as the Censor Board. Are OTT self-regulating...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ