The Digi Yatra Foundation assured the public on Friday that Digi Yatra, a system facilitating contactless movement of passengers at airports using Facial Recognition Technology (FRT), prioritizes the security and privacy of user data. Contrary to concerns raised regarding data privacy, the foundation stated that Digi Yatra does not retain the personally identifiable information (PII) of passengers, thus ensuring the safety of the personal data of Indian users.
Highlighting the concept of Self-Sovereign Identity, the foundation clarified that the Digi Yatra Central Ecosystem (DYCE) does not store any ID credentials containing PII in a central repository. Instead, it utilizes blockchain technology to store only Hash/Key values for data integrity verification.
Following reports of privacy concerns linked to a former vendor, Dataevolve, the foundation's CEO, Suresh Khadakbhavi, affirmed that Dataevolve has been entirely removed from the Digi Yatra ecosystem. Additionally, it was reiterated that the personal data of 3.3 million Indian users and the Digi Yatra app remain secure, as all PII is stored solely on the user's mobile device within the app.
Further elaborating on data security measures, the foundation outlined that user data shared with airport verifiers is deleted from airport systems within 24 hours of flight departure. Additionally, the foundation possesses the mandatory CERT-In audit certificate, reaffirming compliance with civil aviation ministry policies.
The recent audit conducted in January confirmed that Digi Yatra adheres to privacy standards, as it does not retain PII. These assurances seek to address concerns and reinforce trust in the Digi Yatra system's commitment to safeguarding user privacy.