Back
Flags Passenger Data Risks in Digi Yatra, Demands Update
In a significant move for air traveler privacy, a bench led by Chief Justice Soumen Sen and Justice Syam Kumar V.M. has ordered the Central government to reveal whether the under the has been constituted. The directive came during the admission hearing of a filed by social activist C.R. Neelakandan , challenging the security of sensitive passenger data collected via platforms like Digi Yatra at Indian airports.
The Privacy Peril at Boarding Gates
Digi Yatra, a facial recognition-based system promoted for seamless airport travel, allows passengers to upload biometrics, Aadhaar details, passport info, travel history, and financial data. Overseeing more than 130 airports, the relies heavily on private vendors for these digital services, handling data for hundreds of millions of flyers annually. The petitioner argues this vast ecosystem lacks robust safeguards, with service contracts missing stringent data protection clauses despite the DPDP Act and its 2025 Rules.
Neelakandan invoked the Supreme Court's landmark ruling, emphasizing that mass data collection must pass tests of under 's . He highlighted risks of unauthorized sharing, commercial exploitation, and breaches, urging immediate compliance amid reports of lax cybersecurity in airport tenders.
Petitioner's Call for Safeguards vs. Government's Silence
The PIL seeks sweeping interim relief:
- Strict DPDP Act compliance for all passenger data handling.
- Bans on data sharing or profiteering by airport concessionaires.
- Halts to tenders engaging private firms until foolproof data clauses are embedded.
No counter-affidavits were filed yet, but the court heard from government counsel, including Deputy Solicitor General O.M. Shalina . The bench prioritized transparency on the DPDP Board's status—crucial for enforcing data rights under Section 18 —while permitting the petitioner to submit evidence of alleged confidentiality breaches.
Decoding the Court's Data Privacy Probe
The bench drew no explicit precedents beyond the petition's reference to Puttaswamy , but its focus on the DPDP Board's formation underscores enforcement gaps post the Act's enactment. Airports, as public utilities, face heightened scrutiny: private intermediaries process sensitive biometrics without audited protocols, potentially violating . Other sources note similar concerns in service agreements, amplifying the PIL's call for proportionality in data practices.
This interim scrutiny signals courts' readiness to intervene where legislation lags implementation, distinguishing routine airport ops from privacy-invasive digital pipelines.
Key Observations from the Bench
"Issue notice to the fifth respondent. In addition to service to be effected by speed post with acknowledgment due, notice may also be sent by e-mail."
"We request the learned counsel appearing for respondent Nos.1 and 3 to ascertain whether a Board has been constituted underby the adjourned date and in the event such Board has been constituted, the constitution of the said Board shall be disclosed by way of an affidavit on the adjourned date."
"The learned counsel for the petitioner has prayed for leave to file a supplementary affidavit disclosing the instances where the confidentiality has been breached. The said affidavit may be filed within the aforesaid time upon prior service on the learned counsel appearing for the parties."
Adjournment with a Deadline: What's Next for Flyers?
The matter is posted to , with notices to and affidavits due. No substantive relief was granted yet, but the orders compel accountability, potentially reshaping airport data ecosystems. For millions using Digi Yatra, this could mean fortified biometrics storage, curbed third-party access, and paused risky contracts—paving the way for DPDP-compliant travel in India's skies.
