DigiYatra Addresses Concerns Around Data Privacy And Security Of Users
The foundation said that the DigiYatra app is intended to make air travel comfortable, and all concerned data is stored in a device/smartphone owned by the user.
DigiYatra Foundation, which owns and manages the DigiYatra air travel app, has said in a press release that recent misrepresentations about DigiYatra’s lack of diligence and protection of passenger data are inaccurate and misleading.
The foundation said that the DigiYatra app is intended to make air travel comfortable, and all concerned data is stored in a device/smartphone owned by the user.
DigiYatra's technology infrastructure is being scaled up to expand operations to 28 airports by the end of April this year, from 15 currently, the foundation said. In accordance with Ministry of Civil Aviation policies, mandatory audits have been conducted to meet the requirements for the DigiYatra Central Ecosystem backbone, mobile apps and airport verifiers.
According to the release, the app is built on the concept of self-sovereign identity, and DigiYatra and DYCE do not have a central repository for storing ID credentials that may contain personal identifying information. The DigiYatra blockchain has specific access to hash/key values alone, enabling the verification of the data's integrity.
According to the release, the DigiYatra Foundation or any other service provider cannot access user credentials data in the new or old app. PII is only stored on the user's mobile device and is accessible to the concerned user. As an added failsafe, the credentials data and the user's travel history are automatically deleted from the device/smartphone once the app is uninstalled.
When the user shares the ID credentials and the boarding pass with the origin airport (verifier), the airport mandatorily purges/deletes the ID and travel credentials' data from their systems within 24 hours of the flight departure time, the foundation said.
The app uses data from the boarding pass QR code/bar code, which as per International Air Transport Association’s global standard for bar-coded boarding pass (Resolution 792), only allows limited information to be stored in bar codes.
The app in its consent message calls out the details captured: PNR, name (20 characters), seq #, seat #, day of year, flight #, origin and destination. It does not capture any meal information or PII, the foundation said.
The foundation confirmed it completely owns the DigiYatra app on the App Store, Play Store and DYCE.