IRCTC floats tender to appoint consultants to monetize digital data, Digital Liberties Group flags risks

Data Privacy Concerns: IRCTC Withdraws Tender for Hiring Consultant to Monetise Passenger Info

Indian Railway Catering and Tourism Corporation (IRCTC) has floated a tender to monetize the digital data of Indian Railways and IRCTC. The latter wants to appoint a consultant for ‘digital data monetization’. The tender, which seeks to use data from passenger, goods and parcel trains, was seen by the Internet Freedom Foundation (IFF), a digital freedom organization, on Friday. It is worth noting that India currently does not have a data protection law to regulate the use of personal information of citizens.

as per e-tender document ,archived version) uploaded on IRCTC website titled ‘Consults for Digital Data Monetization’, the Public Sector Undertaking seeks to appoint a consulting firm for the project, so as to generate up to Rs. 1,000 crore in revenue. The deadline for tender offers is August 29, and IRCTC has set the Earnest Money Money (EMD) at Rs. 2 lakh as per the document.

IRCTC says that it is a “repository of huge amounts of digital data that opens many opportunities for monetization for IRCTC” and that it seeks to “leverage its data assets and market position to drive strong growth in revenues”. Is”. The consulting firm will be expected to study IRCTC data including data on passenger, freight, parcel, catering, tourism and other functions of railways.

The data that IRCTC has listed in the tender (page 11) includes customer data received from Indian Railways, including their name, age, mobile number, gender, address, email address, as well as their “basic data”. Class of travel, payment mode, and login information – including their username and password.

As per the IRCTC tender, the consultant will be expected to aggregate the captured data, segregate the data and “identify the market potential internationally” for the specific data set. They will also have to establish procedures and protocols for long-term monetization of digital data of Indian Railways, and “handhold” the monetization process.

To propose a business model for monetization of data, the tender stated that the consulting firm should study legislation related to information technology, including the IT Act, 2000 and its amendments, as well as general data protection laws such as data privacy laws. Regulation ( GDPR) and “India’s current Personal Data Protection Bill 2018”. However, as the IFF points out, the Personal Data Protection Bill was withdrawn by the government on 3 August.

The Digital Liberties organization has highlighted the risks of monetizing customer data, stating that a profit maximization target could result in increased data collection, which would violate the principles of data minimization and objective limitation. Meanwhile, monetization will happen in the absence of a personal data protection law. “Past experience from the abuse of [the] Vehicle database increases fear of mass surveillance and security risks,” IFF Having said in a tweet.

Gadgets 360 has reached out to Indian Railways for comment and will update this article when it receives a response.

On August 3, the government withdrew the Personal Data Protection Bill, 2021, announcing that it was working on a new comprehensive legislation. The bill proposed to regulate the transmission of data across borders, giving the government the right to receive data from companies. At that time, the Union Minister for Electronics and Information Technology Ashwini Vaishnav had said that the government expected the passage of the new law from the budget session of Parliament.


Please enter your comment!
Please enter your name here