Executive Summary
The Digi Yatra Policy, launched by the Ministry of Civil Aviation in December 2022[1] for digitising air travel processing (by utilising facial recognition technology and Aadhar-linked credentials), has faced issues regarding data privacy and processing, being cumbersome and non-transparency. Given the nature of the functioning of this policy, it is recommended that the policy be suspended until there is a balance of equities between customer ease and the right to privacy.
Background
The Digi Yatra Biometric Boarding System Policy (‘Digi Yatra’), launched by the Ministry of Civil Aviation in December 2022, is a voluntary service accessible at 13 Indian airports, including New Delhi, Varanasi, Bengaluru, Vijayawada, Pune, Hyderabad, Kolkata, Mumbai, Ahmedabad, Kochi, Lucknow, Jaipur, and Guwahati. The effort seeks to improve air travel by utilising face recognition technology and Aadhar-linked credentials for digital passenger processing at airport sites like terminal access points, security checkpoints, luggage drop-off, check-in, and boarding.[2] The Digi Yatra app is not government-owned but by a consortium called the Digi Yatra Foundation.[3]
Key Features
As of December 2023, the service had served 91 lakh people and is set to expand to 25 new airports by 2024.[4] To use Digi Yatra, passengers must first link their trip information to the app, which is accessible on Android and iOS. The verification process consists of Aadhar-based validation, self-image capture, and submission of a boarding pass copy. The Ministry of Civil Aviation ensures that all passenger data is encrypted, held on the smartphone, and momentarily shared with the origin airport for ID validation before being deleted within 24 hours of the flight.[5]
Key Issues
Despite the voluntary nature of the Digi Yatra Policy, recent reports suggest instances where CISF personnel at airport entry gates have insisted on its mandatory usage, potentially barring those who choose not to.[6] Internationally, instruments like the European Council’s ‘Guidelines on Facial Recognition’ have a statutory ecosystem to govern the processing of biometric data, like those collected utilising facial recognition technology. In the absence of
such rules framed under the Digital Personal Data Processing Act, 2023,[7] Digi Yatra’s operation raises concerns about data privacy and security for users.[8] User reviews on the Google Play store for the Digi Yatra app point to technical glitches, problems linking with DigiLocker and inconsistencies in matching credentials, causing inconvenience and potential delays for passengers.
Recommendations
The CoWin data leak[9] is a testament to the fact that data protection measures adopted by government initiatives ought to be adopted with a higher standard of security. Since the announcement of the Digi Yatra policy and application, the policy has been marred with concerns over data privacy, and usage of facial recognition technology.
The policy does not satisfy the three-pronged test (legality, necessity, and proportionality) set out by the Supreme Court in the case of Justice KS Puttaswamy vs. Union of India[10]. Given the glaring issues of lack of data protection rules that prescribe the procedure for securing the data collected by passengers, the element of non-transparency and coercion deployed by the authorities in data collection and storage. In the absence of a nexus between the object set out to be achieved and the means adopted, the Digi Yatra policy should be re-looked at and made in compliance with the privacy principles set out.
Thus, keeping in mind the legal hassles along with the overall inconvenience faced by passengers at the airports, there need to be alternative methods to improve on-ground personnel issues (especially shortages of security personnel, which results in only a fraction of security check gates being operational at a given time), queue management, and alternatives in case of tech failures and privacy issues.[11]
References
[1] “Digi Yatra Biometric Boarding System: Re-imagining air travel in India”, Ministry of Civil Aviation, 2021.
[2] “BackBack Explained: What is DigiYatra, how it will work and other questions answered”, The Mint, Aug 17, 2022.
[3] “Centre’s Digi Yatra enrolment takes off as airport security staff sign up flyers without their consent”, The Hindu, Jan 05, 2024.
[4] “Digi Yatra to be implemented at Kolkata, Pune, Vijayawada and Hyderabad Airports by March 2023”, Press Information Bureau, Feb 02. 2023.
[5] “What are the complaints about Digi Yatra? Explained”, The Hindu, Jan 14, 2024.
[6] “Airports to ensure Digi Yatra registration is voluntary and consensual: Scindia”, The Hindu, Jan 27, 2024.
[7] Due to the non-operation of the law at the moment, legislation like te Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data and Information) Rules, 2011, the policy will have to comply with the pre-existing legislation.
[8] “Part 1: The dangers of DigiYatra & facial recognition enabled paperless air travel #SaveOurPrivacy”, Internet Freedom Foundation, Jan 18, 2022.
[9] “CoWIN Data Leak Is a Sign India Needs to Rethink its Digital Public Infrastructure Strategy”, The Wire, June 25, 2023.
[10] (2017) 10 SCC 1.
[11] “Dard-e-DigiYatra: Reject Surveillance, Reject Digi Yatra”, Internet Freedom Foundation, Jan 16, 2024.
Comments