Digi Yatra Foundation Assures Safety Of Users' Personal Data

Digi Yatra does not store the personally identifiable information of passengers and the personal data of the Indian users are safe and secure, the Digi Yatra Foundation said on Friday amid persisting concerns over the privacy of user data.

"Digi Yatra technology infrastructure is being scaled up with intention to expand coverage from 15 airports to 28 airports by the end of April 2024," the foundation said in a detailed statement.

Based on Facial Recognition Technology, Digi Yatra provides for contactless, seamless movement of passengers at various checkpoints at airports.

Emphasising that Digi Yatra is built on the concept of Self Sovereign Identity, the foundation said the Digi Yatra Central Ecosystem never stores any of the ID credentials data, which has Personally Identifiable Information anywhere in any central repository.

"The Digi Yatra blockchain only has Hash/Key values to check the Integrity of the data," the foundation, which is the nodal agency for the app, said.

Earlier this week, there were reports raising concerns about the privacy of data shared with Digi Yatra in connection with a former vendor Dataevolve, which has come under investigation.

The foundation's CEO Suresh Khadakbhavi said Dataevolve has been completely removed from the Digi Yatra ecosystem.

While noting that the personal data of 3.3 million Indian users and the Digi Yatra app are absolutely safe, the statement said the foundation or any service provider cannot access user data since all the PIl is only stored on the user's mobile device in the Digi Yatra app, accessible only to the user.

The old data would remain on the user's mobile device, and once the app is uninstalled or deleted, the credentials data and the travel history also get deleted by default, it added.

Explaining the process, the foundation said that when the user shares the ID credentials and the boarding pass to the origin airport (verifier) and travels through the airport, the data received by the airport is purged/ deleted from airport systems within 24 hours of flight departure.

Digi Yatra has the mandatory CERT-In audit certificate, which is required for the DYCE backbone, mobile apps, and airport verifiers as per the civil aviation ministry policies.

According to the foundation, the latest audit was conducted in January, which clearly reconfirmed that Digi Yatra does not store PIl.