IRCTC to sell traveller data for monetisation amid data concerns

Activists in India have often voiced concerns with regard to such monetisation, as it raises the question of protecting data of private individuals.

The Indian Railway Catering and Tourism Corporation (IRCTC), a public sector undertaking that provides ticketing, catering, and tourism services for the Indian Railways, is going to monetize train travellers’ data to raise funds.

This means that the information we provide to book our tickets will essentially be sold to interested parties. Activists in India have often voiced concerns with regard to such monetisation, as it raises the question of protecting data of private individuals.

The IRCTC recently uploaded a tender for appointment of a consultant for ‘digital data monetization’. The objective stated by the Railways is to generate revenue of Rs. 1000 crores. For this purpose, the consultant will study consumer data from the Indian Railways’ application.

MS Education Academy

Consumer data that will be allowed to study will include name, age, mobile number, gender, address, email id, class of journey, payment mode, etc. Behavioral data of the consumer will also be analyzed. Activists fear that the profit goal through data monetization is likely to violate the data minimization principle of people.

Independent privacy researcher Srinivas Kodali told Siasat.com that the data that the IRCTC collects will be primarily used by private entities in the tourism business.

“A hotel or a tourism company can analyze flight data and gauge how busy the season will be. For example, they might hike prices when they see a lot of people flying into their town or announce new offers when the number of tourists reduces.”

Previous experience from the misuse of the Vahan database may only increase fear among people with what the IRCTC is doing. The Vahan database was a public repository of all vehicles registered in the country.

During the Delhi riots, reports surfaced about the possibility of right-wing vigilantes using the portal to determine the religion of a vehicle owner. If it was found that the owner was Muslim, the vehicle would be torched, said activists then.

All these developments in the absence of data protection law heighten the threat posed to the user data.

Apart from the lack of control over personal data reaching private entities, there is also a looming threat of the data falling into the wrong hands. “The IRCTC will claim that the data will only be shared with safe, verified parties, but there is simply no way of being in control,” said Kodali.

Govt recently withdrew Data Protection Bill

Recently, the central government also decided to withdraw the Personal Data Protection Bill, 2019. It sought to bring a strong and robust data protection framework for India and to set up an authority for protecting personal data and empowering the citizens’ with rights relating to their personal data ensuring their fundamental right to “privacy and protection of personal data.

The Bill also sought to create a policy framework for data usage, including by tech giants such as Meta and Google.

Explaining the reason behind withdrawing the Bill, Union Electronics and Information Technology Minister Ashwini Vaishnav then said that the aim is to bring new compressive legislation at par with the technology landscape which is changing rapidly.

Back to top button