A study by NITI Aayog has highlighted significant privacy concerns regarding the Digi Yatra policy, a digital platform for verifying air travelers using biometric data. The study emphasizes the need for the policy to clearly define rules for deleting passenger information from the database once travel is complete.
Privacy Concerns and Data Deletion
Privacy concerns have been raised about the data collected by Digi Yatra. The platform, which utilizes Facial Recognition Technology (FRT) to facilitate contactless and seamless passenger movement at airports, currently deletes facial biometrics from local airport databases 24 hours after a passenger’s flight departs. However, the study suggests that the policy should also specify rules for deleting other collected passenger information and any facial biometrics stored in other registries.
Enhancing Airport Operations
Digi Yatra aims to create an identity management ecosystem for Indian airports, enhancing civil aviation infrastructure, digitizing manual processes, improving security standards, and reducing airport operational costs. The policy states that participation in Digi Yatra is voluntary. However, if it becomes mandatory, it must comply with the principles laid out in the K.S. Puttaswamy v. Union of India case, which pertains to the constitutional right to privacy.
Recommendations for Improved Security and Transparency
The study recommends frequent cybersecurity audits and vulnerability testing of the Digi Yatra platform to ensure reliability, usability, and information security. It also calls for algorithmic audits by independent and accredited auditors before system deployment and at regular intervals. Additionally, the study suggests that the Digi Yatra Standard Operating Procedures (SOPs) specify timelines and purposes for retaining different types of data within the Digi Yatra Central Ecosystem, with personal data being deleted beyond these timelines.
Ethical Oversight and Consent Mechanisms
The study emphasizes the need for ongoing monitoring of the system’s performance and suggests that the use of facial recognition data for value-added services should only be activated through an opt-in method of consent, allowing users to revoke consent at any time. It also proposes the establishment of ethical committees to assess the ethical implications and oversee mitigation measures for deploying AI systems, particularly FRT.
Legal and Policy Reforms
The study advocates for policy and legal reforms to regulate the use of facial recognition technology in India. It suggests imposing liability for any harms or damages caused by the use of FRT systems and calls for a holistic governance framework to address the multifaceted challenges posed by these systems.
Ministry’s Response
The Digi Yatra Foundation, the nodal agency for the app, has stated that the Digi Yatra Central Ecosystem (DYCE) does not store any ID credential data with Personally Identifiable Information (PII) in any central repository. The Ministry of Civil Aviation has initiated the Digi Yatra program to improve travel experiences, using FRT and facial verification technology at various process points in airports.
As Digi Yatra continues to innovate and streamline airport operations, addressing privacy concerns remains crucial. The study’s recommendations aim to ensure that the platform not only enhances passenger experiences but also protects user data, maintaining the delicate balance between technological advancement and privacy rights.