India partners with private company to sell ads to commuters via railway Wi-Fi
Dangerous without a data protection law in place, says rights org
An announcement from Indian government-owned telecom company, RailTel, detailing efforts to monetize existing free railway Wi-Fi in partnership with a private company has drawn criticism that it will lead to data collection, breaches, unwanted ads and more.
The five-year agreement with a consortium led by IT company 3i Infotech covers over 6,100 railway stations across India. Those railway stations receive over 1.1 million unique users per day.
The plan is to generate revenue through targeted adverts and infotainment services. The duo plans to launch a login required superapp riders will use to access free internet, infotainment subscriptions, and logistical information - like train times and routes.
The consortium will provide edge compute and analytics and enable hyperlocalizing of contents and adverts. For its efforts, the consortium pays RailTel either almost $1.7 million per year or 40 percent of revenue, whichever is higher. 3i Infotech estimates the project will generate a minimum of $30 million in revenue over a five-year period.
“This Public-Private Partnership on Wi-Fi network monetization will truly transform the railway passengers’ digital journey, providing customers a differentiated experience,” said [PDF] Railtel managing director Sanjai Kumar, who also conceded the efforts would enhance RailTEl’s revenue stream.
- After years without data privacy rules, India floats two sets in a week
- India's ongoing outrage over Pegasus malware tells a bigger story about privacy law problems
- India's Supreme Court demands government detail internet shutdown rules
- Indian government creates body with power to order social media content takedowns
But not everyone is so happy about the endeavor.
“RailTel’s Public Wi-Fi network records more than 1.1 million unique users per day. Given the large number of users affected, we hope that such a decision is re-considered, in the broader interest of user digital rights,” tweeted India-based digital rights NGO Internet Freedom Foundation (IFF) on Thursday.
IFF referred to the endeavor as a “perverse commercial motive” that will result in incentivized data collection. The org alluded to the data’s potential to become a security risk and tool for mass surveillance.
“Additional risks include unwanted ads targeted at passengers, unauthorised access by third parties, data breaches, tracking and profiling user’s online behavior, etc,” said IFF, which cited how stolen data of 30 million railway users appeared to have been put up for sale just the week prior.
“Without data protection law, little remedy exists for digital rights violation,” said the NGO.
India has struggled to get adequate data protection laws on the books. In August of 2022, it scrapped a bill proposed in and lingering since 2019.
In November, the government proposed a less messy updated version, the Personal Data Protection Bill 2022, however that iteration has received criticism including that it offers weak protection from surveillance and too generic in defining harms. ®