IRCTC’s move to sell traveller data has generated furore, and many have raised the question over the monetisation initiative and sought protection of data of private individuals.
The Railways has tried to douse the fire by maintaining that the data monetisation move would be reviewed.
Amid the concerns over monetisation of passenger data, Indian Railways Catering and Tourism Corporation, a Railways PSU, has floated a tender for appointment of a consultant for digital data monetisation.
However, the first of its kind move to sell traveller data by IRCTC, has generated furore and many have raised the question over the monetisation initiative and sought protection of data of private individuals.
After the furore, the Railways has tried to douse the fire by maintaining that the data monetisation move would be reviewed.
On the other hand, IRCTC, the ticketing arm of the Railways, said the move is only to appoint a consultant who would suggest how to go about it without compromising the privacy of individuals and the whole exercise would be under the purview of various data protection laws.
According to the tender, IRCTC envisages a revenue generation of Rs 1000 crore through monetisation of its digital assets. For this purpose, the consultant will study consumer data from the Indian Railways’ application.
Consumer data that will be allowed to study will include name, age, mobile number, gender, address, email id, class of journey, payment mode, etc.
Behavioral data of the consumer will also be analysed. Activists fear that the profit goal through data monetisation is likely to violate the data minimisation principle of people.
The tender floated by the organisation has two parts. In the first part IRCTC says it wants to “monetise the data in customer/vendor applications and internal applications of Indian Railways.”
It adds that this can be done by conducting various businesses with both government and private sectors like tours and travels, hotel, financing, insurance, health, manufacturing, shipping, aviation, port developers, container operation, mining, energy, for generating revenues and also to enhance facilitation and further improve the services.
For this, the IRCTC will provide basic data of individual passengers of freight, parcel and other public facing application such as name, age, mobile number, gender, address, e-mail ID, number of passenger, class of journey, payment mode, and login and password among other things to the company studying the data.
The company will then be expected to generate behavioural data such as class of journey, frequency of journey, travel time, booking time, age group and gender, payment mode, number of destinations, and booking modes among other things.
The second part of the tender focuses on the organisation driving strong growth in revenues by improving customer experience, expanding the portfolio of products being offered to the customers and developing new business-lines and partnerships.
Incidentally, the central government had withdrawn the Personal Data Protection Bill, 2019 recently.
It sought to bring a strong and robust data protection framework for India and to set up an authority for protecting personal data and empowering citizens with rights relating to their data, ensuring their fundamental right to “privacy and protection of personal data.”