23 hours Ago By Sakshi Sadashiv K
Explainer Briefly Slides A public interest litigation (PIL) filed in Delhi High Court (HC) alleges that mobile apps available on Google Play Store, leak sensitive information such as owner’s name, address, and other vehicle-related data by simply entering its registration number. The plea filed by lawyer Gopal Bansal, raises concerns about the easy accessibility of confidential data regarding insurance and finances of vehicles. Anyone can easily access the information by entering vehicle’s registration number and/or paying a nominal fee.
The petition states that confidential information is exempt from disclosure under Section 8(1)(a),(e) & (g) of the Right to Information Act, 2005 . The plea added that this information was sold to third party entities by the Ministry of Road Transport and Highways under the Bulk Data Sharing Policy (BDS Policy), which was subsequently scrapped, after concerns over privacy breaches. However, the plea alleges that even under the new policy, the sensitive data is being sold.
According to the petition, this information has been accessed from the key national databases, such as the National Register of Driving Licenses and the National Register of Registered Certificates, both of which fall under the ambit of the Ministry of Road Transport and Highways. Centre assures ‘thorough review’ The high court has sought a response from the Central government and in response it has assured a ‘thorough review’. The Ministry of Road Transport and Highways maintains the Centralised National Registry through the National Informatics Centre (NIC), and it has approximately 25 crore vehicle registration records and 15 crore driving license records.
The counsel for the Central government and NIC stated that the agency did not authorise any of the mobile apps to question to access the leaked information. However, they acknowledged that the situation and sought more time to file a detailed response. The court granted the government eight weeks to respond, with the next hearing scheduled for February, 2025.
Meanwhile, advocate Bansal sought legal intervention to regulate or restrict the dissemination of personal information through these apps calling for more stringent enforcement of data protection laws and privacy safeguards. What is the BDS Policy? The Ministry of Road Transport and Highways (MoRTH) released a Bulk Data Sharing Policy and Procedure which stated who will be eligible to buy bulk vehicle data from Registration Certificates (RCs) and Driving Licenses (DLs) in 2019. The ministry scrapped the policy in 2020 due to safety concerns and privacy breaches.
The Ministry did not hold any public consultations before releasing the policy, neither it discussed the specific details for the need for it, or how it would ensure the privacy of individuals. The policy outlined how much the data would cost and what could be done with it. MoRTH had said that it will be sharing data with enforcement, automobile industries, banks, finance companies etc at specified rates for each data set.
On the need for the policy, MoRTH had stated that “..There has been growing demand to share the data for wider benefits.
” However, it failed to mention the specificities of ‘wider benefits’. The consequences for misuse of data entailed that the person, agency or company “shall be liable for any action permissible under the IT Act/ any other applicable law besides debarring such agency from access to this data for a period of three years.” However, the ministry stated that it cannot guarantee the integrity of the data provided on an “as-is-where-is” basis due to disparities in digital and analog data.
BDS Policy collected Rs 65 crore in Revenue In 2019 , Husain Dalwai, a Congress MP in Rajya Sabha, had asked “if the government has intended to sell Vahan and Sarathi database in bulk, (and) if so, the estimated revenue for such a sale”. In reply, the Centra had revealed that it provided 87 private and 32 government entities access to the Vahan and Sarathi database, and it had collected Rs 65 crore in revenue by providing the access. Moreover, the government had also linked Vahan and Sarathi with stolen vehicle data from the National Crime Records Bureau, reported India Today.
Dig deeper; Car Makers sharing Drivers’ Data Moreover, in Mozilla’s Privacy Not Included guide, India’s most popular car brands; Hyundai, Kia, Honda, and Toyota received a “super creepy” rating for their privacy practices. Although all 25 car brands assessed fell short in privacy protection, these four companies were notable for collecting sensitive data, including information on sexual activity, genetic data, and geolocation, which they may share with marketing firms or law enforcement agencies. Also Read:.
