Transport database raises privacy concerns
Red flags: Traffic violators’ pictures and personal details such as addresses and phone numbers are available on a central open-access database on internet.Updated: Jan 27, 2020 02:59 IST
Indians violating traffic rules are not just paying heftier fines but are also at the risk of having their privacy compromised as details of the violations and their pictures are available on a central open-access database on the Internet along with their personal details such as addresses and phone numbers of the violators, Hindustan Times has learnt.
The pictures stored in the database called VAHAN include those captured by speed cameras, those taken by traffic policemen using handheld devices and those received with complaints on social media platforms.
The database, which anyone can access, also stores records such as details of every registered vehicle and driving licence holder as well as those related to notices issued for violating traffic rules.
It requires nothing more than a vehicle number to know if it has been issued a notice, and if yes, when, where and what the offence related to it was. Many of these notices come with photographic proof.
The details also include a violator’s name and residential address. Many of the notices, particularly those issued for violations of speed limits, also include exact location coordinates.
Other than being accessible on the Union road transport and highways ministry’s website, many of these challans can be accessed on the Delhi Traffic Police’s website too. Hindustan Times accessed about 60,000 challans available on the Delhi Traffic Police website.
Mayank, a financial consultant in Delhi, said traffic challans should not be accessible so easily. “…a car number is public information but those challans and the kind of… [information] that this was the time [of a violation], this was the road with the coordinates and with the photographs… that privacy aspects are what I think is not the right thing. In some pictures, I can see that it is me and whosoever is sitting with me.” He added that there needs to be some safeguards; a database that one can only access with some password.
Siddharth Singh, another Delhi resident who had a challan in his name, said, “My first reaction was that this is good; There should be more evidence…as it acts as a deterrent. But this aspect of privacy struck me a little later because I realised that all I needed to do was put in a random car number and it would show all the details.”
He added that from the perspective of the law enforcement agencies, they are doing a good job because they will be able to track down if someone does something wrong. “But the fear is that this can be misused in so many ways,” Singh said.
Data privacy advocate Prasanna S called the database “illegal” and added that providing open access to the public is a violation of the right to privacy.
“It is a violation to disclose the... personal details. Putting this out in the public domain is a violation of a person’s right to privacy...Even the collection of data itself seems dubious. The state says it will have authenticated access. If they are sharing it with a third party they will require a statute-- parliamentary legislation.”
“In a society where women can be easily stalked what is the need to provide the coordinates especially where it can be accessed by anyone,” Prassana said.
How the data is accessed
It takes just the vehicle registration number to get details such as location, date and time of the offence, and even exact location coordinates in some cases.
The traffic challans are publicly available on at least two websites – parivahan.gov.in of the Ministry of Road Transport and Highways, and delhitrafficpolice.nic.in of the Delhi Traffic Police.
To be sure, some state departments such as the Maharashtra state traffic department include an additional layer of security and require details of the vehicle number and the last four digits of the vehicle’s chassis, or engine, number for getting access to e-challans.
The challans Hindustan Times accessed on the Delhi Traffic Police website were issued for one of at least 20 different kinds of violations. For instance, many four-wheelers were fined for over-speeding and wrong parking, while two-wheelers were fined for driving without helmet and triple riding. Challans were also issued for violations such as defective number plates, dangerous driving, red light jumping, honking, yellow line or lane violations, etc. Commercial vehicles were specifically fined for overcharging, misbehaviour and refusal to carry passengers.
Where the law stands
The Union Cabinet in November cleared the Personal Data Protection Bill, which has been referred to a joint parliamentary committee for a review.
The draft bill defines personal data as “data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, whether online or offline, or any combination of such features with any other information, and shall include any inference drawn from such data for the purpose of profiling”.
It also states “personal data breach” means any “unauthorised or accidental disclosure, acquisition, sharing, use, alteration, destruction of or loss of access to, personal data that compromises the confidentiality, integrity or availability of personal data to a data principal”.
The Constitution guarantees a fundamental right to privacy. This was upheld by a nine-judge constitutional bench of the Supreme Court in August 2017.
“The SC judgment laid down norms for the right to privacy unless the state wants to restrict anyone due to security concerns... We need a law for data protection and the transport ministry needs to tell us about what parameters or purpose they have uploaded the details for public to access,” Prassana said.
The present laws allow “reasonable restrictions” to be imposed on the right to privacy in the interest of the sovereignty and integrity of India, the security of the state, friendly relations with foreign states, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence.
A report by research firm Compritech recently placed India among the world’s top three surveillance states for what it called a “systemic failure” to maintain privacy safeguards. Other than a lack of legislation on data protection and the government’s efforts to monitor web messaging applications such as WhatsApp, the report said India had vague regulations related to closed-circuit television, and privacy laws relating to it were open to interpretation.
“Even as the Personal Data Protection Bill has been tabled in Parliament, there are no clear restrains and consequences in terms of penalties faced by agencies violating privacy norms at present. Therefore, the government, which is putting this data in the public domain, will not face any effective sanctions. It is not a question of legality right now. It is a question of the consequences,” said Apar Gupta, executive director of the Internet Freedom Foundation, a non-governmental organisation that works for online freedom.
In response to queries mailed by HT, the Union road transport and highways ministry said that it has taken “adequate security measures which are periodically upgraded”.
The government has been working on creating a centralised repository of data related to registration of vehicles and driving licenses. It issued an advisory to states in August 2018, clarifying that the DigiLocker platform of the Union electronics and information technology ministry and the mParivahan mobile app of the Union road transport and highways ministry have the facility to pull a citizen’s driving licence or vehicle registration certificate or any other certificate in an electronic form.
These electronic records available on DigiLocker or mParivahan are deemed to be legally recognised at par with the original documents.
HT on December 5 reported that the government has now also proposed mandatory linking of mobile numbers of vehicle owners for any service related to their vehicles such as registration and pollution certification.
In March, Hindustan Times reported the government had also approved a bulk data sharing policy, enabling it to monetise a database of vehicle registration certificates, citing benefits to the “transport and automobile industry”, even as the issue of privacy and data protection looms large over such sharing.