Earlier this week, IRCTC floated a tender to hire a consultant for monetising its passenger, freight and parcel business data
The tender may be withdrawn considering the fact that the Data Protection Bill has not been finalised, the report said
The plan to monetise users’ data had raised concerns about data privacy and safety and the company’s step had received a lot of criticism
The Indian Railways Catering & Tourism Corporation Limited (IRCTC) is likely to reverse its decision and scrap its earlier plan to monetise users’ data to earn additional revenue, news agency PTI reported quoting sources.
The development comes amid criticism and data privacy concerns raised around IRCTC taking such a step.
Earlier this week, IRCTC floated a tender to hire a consultant for monetising its passenger, freight and parcel business data as it envisaged generating a potential revenue of INR 1,000 Cr.
“IRCTC wishes to engage a consulting firm to help in identification, design, and development and roll-out of data monetization opportunities,” the company noted in its tender.
Following the announcement, the company’s shares surged over 3% to INR 735.10 on Friday (August 19).
However, in the absence of a data protection law in the country, the company’s move faced a lot of criticism and raised concerns.
The Internet Freedom Foundation (IFF) raised concerns on the move on Twitter. “Hey train travellers, your data will soon be monetised by the govt. & that too, in the absence of a data protection legislation!”, the non-governmental organisation tweeted.
However, the IFF also noted that given contrasting official and unofficial statements based on news reports, it will formally write to IRCTC seeking clarity and a recall of the tender that “threatens the privacy of over 10 Cr users”.
As per the PTI report, sources told the news agency that IRCTC does not “sell its data and neither has any intention to do so”. Moreover, the consultant is being hired to advise IRCTC on improving its existing business and plan out strategies to monetise future businesses.
“While the Railways has not officially commented on the tender, highly placed sources said it will be withdrawn considering the fact that the Data Protection Bill has not been finalised,” the news agency reported.
“IRCTC will also develop new businesses on its own platform and will need assistance from market leaders. IRCTC does not store any financial data of its customers at its end, as at the time of online payment for its various services, control is passed on to the respective payment gateway or bank for the payment,” sources were quoted as saying.
Move To Augment Revenue
In the tender, IRCTC said that the bidder shall keep in mind the IRCTC envisaged revenue potential for three years while setting up the vision for data monetization, development strategy, implementation plan and execution of the plan thereupon.
Besides, the bidder will have to advise IRCTC how to monetize the available data and implement strategies while staying within the existing laws and Supreme Court judgements.
As per the tender, the customer data to be studied includes ‘basic data’ of individual passenger/customers of freight, parcel and other public facing applications like name, age, mobile number, gender, address, email id, number of passengers, class of journey, payment mode, login/password, among others. The consultant would also study digital data systems that generate behavioural data.
Replying to a clarification sought by exchanges on the matter, IRCTC said, “As a commercial entity, the company explores the business opportunities for new areas. As other business tenders, this tender has also been floated merely to appoint a consultant.”
“The consultant will guide IRCTC and lndian Railways on monetization activities and advise on monetization value of Digital Assets observing various Acts or laws including lT Act 2000 and its amendments, User data privacy laws including GDPR (General Data Protection Regulation) and current ‘Personal Data Protection Bill 2018 of lndia,” it added.
Being a government company, it is a regular practice to float tenders, IRCTC said.
Concerns Around Data Protection
The absence of a data protection law has raised concerns in the country given various data collection measures the government has taken in recent days.
From the central government mandating virtual private network (VPN) service providers to collect and hold their user data to Bangalore Metro Rail Corporation (BMRCL) enabling face recognition technology (FRT) at its metro stations to replace smart cards, the government measures have raised questions on the safety of the collected data.
Earlier, this month, the government withdrew the Personal Data Protection Bill, 2021, which was in the making for years. The Bill covered data protection, along with other areas like cybersecurity, national data governance policy, data management and safety.
While the government is planning to introduce a new Bill in the next Parliament session, experts believe that like the earlier Bill, it would have to go through a long process which would further increase the wait for a robust data protection law in the country.