Privacy prick-point: IRCTC bid to monetise passenger data

Last Updated21/08/2022

Amongst privacy concerns over the commercial use of railway passenger data, the IRCTC has chalked up plans to monetise its bank of passenger data for doing business with government and private entities.

The ticket booking arm of the Indian Railways has floated a tender to empanel a consulting firm to prepare a road map to monetise the data.
The tender may be withdrawn over privacy concerns given that a data protection Bill has not been finalised.
According to the tender, customer data that could potentially be monetised includes passengers’ name, age, mobile number, gender, email address, payment mode, “login/password”, among other things.

India currently has no data protection rules and a draft Bill was recently withdrawn by the government from Parliament.

The proposal has drawn the ire of privacy activists who have complained that IRCTC is looking to monetise passengers’ data in the absence of a privacy framework in the country.

The Indian Railways has previously explored monetising the vast amount of data it collects.
In 2016, it explored the possibility of monetising its data, software and some of the free services such as PNR enquiry.
In 2020, the Ministry of Road Transport and Highways scrapped its Bulk Data Sharing Policy, under which it used to sell vehicle registration data (Vahan) and driving licence data (Sarathi) to private and public entities.
The policy was scrapped over potential misuse of personal information and privacy issues.
Recently, the MeitY had floated a draft India Data Accessibility and Use Policy that proposed that data collected by the Centre that has “undergone value addition” can be sold in the open market for an “appropriate price”.
It was withdrawn after it faced severe criticism over its proposal to monetise government data.