Impossible to miss and difficult to circumvent, Digi Yatra is an opt-in and completely voluntary service at Indian airports launched by the Ministry of Civil Aviation on 8 June 2017 with the aim of making air travel “seamless, contact-less, hassle-free and paperless” for passengers. Its objective is statedly simple: to help passengers board their flight faster. To this end, it enables digital processing of passengers at airports by using facial recognition technology (“FRT”) and personal credentials to authenticate them instead of traditional boarding passes. However, it does so with inadequate privacy safeguards, in a non-transparent data ecosystem, and sometimes without your consent, making it a challenge for you to navigate airports without enrolling in the service.
[ Click here to view in full ]
We have consistently voiced our concerns with Digi Yatra, originally a scheme of the Indian union government, now a privately-run service. At the heart of Digi Yatra is FRT – a deeply flawed and dangerous tool that can lead to harrowing consequences for individual privacy, dignity, free speech, movement, and life. Surveillance capabilities aside, the Digi Yatra data ecosystem presents a number of concerns with regards to personal data of users, especially their highly vulnerable and sensitive facial data. On top of this, Digi Yatra was being rolled out aggressively at Indian airports the last few months, with no regard for passenger consent or autonomy. This was covered by the media extensively (see here, here, here). A recent survey even showed that up to 30% of all Delhi airport passengers have unknowingly signed up for Digi Yatra.
For more context on the service and our rights-centric concerns, here is a resource list of our publications on Digi Yatra:
- Read our blog post deeply analysing Digi Yatra and its privacy and surveillance concerns.
- Read our opinion piece for The India Forum on all that is wrong with Digi Yatra.
- Listen to our deepdive on the Digi Yatra data ecosystem and FRT in this episode of the InFocus Podcast by The Hindu.
- Read our letters to Ministry of Civil Aviation (here), NITI Aayog (here), Airports Authority of India (here), Digi Yatra Foundation (here), regional airport authorities Delhi (here), Bengaluru (here) Cochin (here), Mumbai (here) and Hyderabad (here).
- Read our past publications on Digi Yatra.
Why should you care?
Digi Yatra collects and/or processes your personal identifiable information along with sensitive facial data to authenticate you in airport security processes. Its non-transparent methods of storing, processing and sharing this data, along with a weak privacy policy, are deeply concerning. Facial recognition technology is known for being inaccurate and if misused, can become a tool for surveillance without your knowledge or consent. How Digi Yatra uses your facial data and how secure its data ecosystem really is, remains a worrying mystery.
Digi Yatra’s privacy policy potentially allows for your data to be used by the Foundation and third parties for a variety of unrelated purposes without your explicit consent and far beyond its stated use of providing a “hassle-free” airport experience. The lack of transparency leaves unanswered questions about the effectiveness of Digi Yatra’s claims of ‘privacy by design’ since it does not periodically publish any audits or reports to prove so, which causes a much bigger hassle!
The Digi Yatra Foundation, a private company operating Digi Yatra, has a 26% shareholding from the union government, but is not covered under the Right to Information Act, 2005 and does not disclose its cyber security audits. For us passengers, there's limited transparency, accountability, and recourse in case of data breaches or security threats
Many aspects of Digi Yatra, be it the use of facial recognition or the unclear data policies, lack a strong legal basis and compromise your privacy without statutory safeguards. Future data protection laws also may not adequately address these issues, especially when it comes to sensitive data like your facial biometrics.
What can you do?
Digi Yatra is a dangerous thing – but we are not here to scare you. We are here to empower you and arm you with information, so you can make decisions for yourself. No airport staff should be able to force you into registering for Digi Yatra and putting your privacy at risk. To this end, in collaboration with Kruttika Susarla, IFF presents our Know-Your-Rights leaflet (or KYR), which doubles as a comprehensive tool to briefly understand what is wrong with Digi Yatra, and an illustrative guide to avoiding it at airports.
We also present, in collaboration with Kruttika Susarla and Sanitary Panels, a line of merchandise (tees, totes and more!) with a call to #RejectDigiYatra so you can show up for your next flight in the coolest of airport fits which make a statement without saying a word.
And per usual, you can support IFF by becoming a member and donating today!