NITI Aayog Proposes Data Protection Norms For Facial Recognition Technology In India

NITI Aayog Proposes Data Protection Norms For Facial Recognition Technology In India

SUMMARY

The government think tank has proposed a codified data protection regime ‘at the earliest’ to govern facial recognition technology systems in India

Build Digi Yatra around principles of equality, non-inclusivity, privacy, safety, transparency, reliability and accountability: NITI Aayog

India is currently home to 125 facial recognition systems, with the government spending more than INR 1,464.18 Cr on such products so far

Government think tank NITI Aayog has called for instituting data protection laws to govern use of facial recognition technology in the country. 

“In order to ensure propriety and legality in the manner in which data processing happens to train and develop FRT systems, it is imperative to have a codified data protection regime in the country at the earliest,” said NITI Aayog. 

The think tank made the observation in a draft discussion paper ‘Responsible AI for All: Adopting the Framework – A use case approach on Facial Recognition Technology.’ It has sought comments from the general public till November 30 via email. 

The paper proposes rigorous standards for data processing, storage and retention to adequately address privacy issues associated with facial recognition technologies (FRTs). It also envisages the constitution of an ethical committee to assess the implications of FRTs and oversee their mitigation measures. 

NITI Aayog has also called on the developers and vendors of FRTs to consider the ‘realities of the Indian population in training the AI model. Essentially, it has sought an accurate and inclusive identification mechanism to train FRT systems across segments of Indian face types, genders, age, and others. 

Vendors have also been told to customise the products according to Indian use. The paper also calls on the players to embed the element of human review into the AI system for specific uses and grey areas.

The Digi Yatra Scope

Dissecting the Ministry of Civil Aviation’s ambitious Digital Yatra project, NITI Aayog highlighted a slew of issues that could potentially come to the fore of the initiative. The think tank has recommended building the project around principles of equality, non-inclusivity, privacy, safety, transparency, reliability and accountability.

It has sought more clarity on deletion of facial biometric data from the database of airports and other allied registries. Currently, Digital Yatra rules mandate that airports delete biometric facial data related to flyers on just the airport’s servers within 24 hours. 

The paper also calls for the authorities to specify any security-based exceptions regarding data usage, adding that the proposed ethics panel should clearly define standard operating procedures (SOPs) for such black swan events. 

“Any security-based exceptions should be clearly identified by the proposed ethics committee and must be set out within the SOPs. This should be a continuous process that is updated regularly as deemed necessary,” said the report. 

It has also sought implementation of a robust and state-of-the-art information security throughout the Digi Yatra Central Ecosystem. Calling for adopting peer-to-peer encrypted communication systems, NITI Aayog made reference to in-built privacy designs to ensure security of data hosted on the platform. 

Besides, it has also recommended frequent cybersecurity audits, vulnerability tests and algorithmic audits of the airport FRT platform at set intervals.

The think tank has also directed the government to identify a responsible body to publish standards for ‘representativeness’ of datasets for training FRT systems. 

Pointing to the digital divide in the country, the paper has also sought retention of manual identity verification at airports to avoid the pitfalls of Digi Yatra emerging as an exclusionary service. 

It has also warned against sharing of personal data with third party service providers, without the explicit permission of the user. 

“The Digi Yatra Policy mentions that users may also be able to provide consent for value-added services at the airport, for which purpose their data may be shared with other entities like cab operators and other commercial entities. There must be specific care taken to ensure that such consent is meaningfully provided and is not bundled by default,” said NITI Aayog. 

Critics Raise Alarm

The recommendations come close on the heels of deployment of facial recognition systems for passenger verification at Delhi and Bengaluru airports on Independence Day this year. This was part of the beta version of the DigiYatra which was unveiled for passengers at these two airports. 

FRTs allow easy passenger verification at airports using just facial biometric data. Once implemented, the project will enable airport operators to lower congestion and allow for a paperless and a contactless passenger experience. Many have also pointed out that the project could supplement human efforts through automation and reduce operational costs for both airport operators and airlines. 

While the project is expected to be launched at other locations too, critics have panned the technology citing ‘pervasive surveillance.’ Recently, many privacy experts and activists said that the project may lead to misuse of air passengers’ data and unauthorised surveillance.

Besides, there is no data governance framework to oversee collection and retention of the sensitive data. While the government has tried to assuage the public about the safety of such platforms, the recent past has seen many knocking on the doors of court to prevent the percolation of the technology. 

Last month, the Allahabad High Court sought a reply from the Uttar Pradesh government on a plea challenging the use of FRT for recording attendance of the teaching and non teaching staff at Kanpur’s Chhatrapati Shahu Ji Maharaj University.

Earlier this year, the Telangana High Court (HC) also issued notices to the state government and Hyderabad police commissioner on a petition that questioned the alleged use of face recognition technology by officials without proper sanction.

125 facial recognition systems are currently installed in the country, with the government spending more than INR 1,464.18 Cr on such systems so far.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

NITI Aayog Proposes Data Protection Norms For Facial Recognition Technology In India-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

NITI Aayog Proposes Data Protection Norms For Facial Recognition Technology In India-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

NITI Aayog Proposes Data Protection Norms For Facial Recognition Technology In India-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

NITI Aayog Proposes Data Protection Norms For Facial Recognition Technology In India-Inc42 Media
NITI Aayog Proposes Data Protection Norms For Facial Recognition Technology In India-Inc42 Media
You’re in Good company