The Central Government has assured the Delhi High Court that it will conduct a comprehensive review of a Public Interest Litigation (PIL) raising concerns about mobile applications that provide personal details of vehicle owners. The Ministry of Road Transport and Highways, represented by legal counsel, informed the bench led by Chief Justice Manmohan and Justice Tushar Rai Gedela that the matter is being taken seriously, and the ministry is actively investigating the allegations mentioned in the petition.
During the hearing, the bench acknowledged the government’s submission and directed that a detailed affidavit be filed within eight weeks. Any rejoinder to this affidavit must be submitted before the next hearing, which is scheduled for February 19, 2025. The court’s directions came in response to the PIL filed by advocate Gopal Bansal, which sought to challenge the “Impugned Policy” that allows access to vehicle owners’ information from the National Register—a centralized database containing Driving Licenses (DLs) and Registration Certificates (RCs).
Key issues raised in the PIL
In his petition, Gopal Bansal urged the Ministry of Road Transport and Highways to reconsider the current policy that provides access to sensitive information from the National Register. He argued that the data, which includes vehicle registration numbers, owner details, and other private information, should be protected from misuse. He also called for the Ministry of Electronics and Information Technology to halt the operations of mobile applications that allow unauthorized access to this data.
Bansal highlighted a growing concern: several mobile applications available on platforms like the Google Play Store enable users to obtain detailed information about any vehicle simply by entering its registration number. This includes the owner’s name, address, and other sensitive details, potentially leading to significant breaches of privacy and security. He further noted that these apps allow easy access to such information without any robust verification process, which could facilitate malicious activities, harassment, or even identity theft.
Call for legislative action
The petitioner also sought directions for the Ministry of Law and Justice to establish new legislation or amend existing laws to protect data within the National Register. According to Bansal, the current regulatory framework is inadequate, exposing millions of vehicle owners to data breaches and the unlawful sale of personal information. The PIL contended that this sensitive information should be exempt from disclosure under the Right to Information (RTI) Act, 2005, specifically under Sections 8(1)(a), (e), and (g), which protect information related to national security, fiduciary relationships, and the safety of individuals.
The plea further accused the Ministry of having allowed third-party access to this data under the now-discontinued Bulk Data Sharing Policy and Procedure (“BDS Policy”). While the BDS Policy has since been scrapped, Bansal argued that personal data continues to be sold to private companies under new policies that lack sufficient safeguards. This, he claimed, violates the right to privacy, which the Supreme Court has declared a fundamental right under Article 21 of the Constitution.
Privacy concerns and potential security risks
Bansal emphasized that the unregulated dissemination of vehicle registration data through mobile apps poses significant privacy risks. He expressed concerns that the data could be exploited for various malicious purposes, from financial fraud and identity theft to targeted harassment. The petition highlighted that such misuse of personal information could have far-reaching consequences, especially for vulnerable individuals whose private details are easily accessible through these applications.
The PIL underscored the need for stronger enforcement of data protection laws and privacy safeguards to prevent further breaches. It called for the implementation of more stringent rules to regulate or restrict the sharing of sensitive information, particularly through third-party applications. Bansal urged the court to ensure that personal data is not sold or distributed without the explicit consent of the vehicle owner.
Government’s response and future actions
The Ministry of Road Transport and Highways assured the Delhi High Court that it is actively reviewing the allegations. The counsel representing the ministry stated that they are aware of the potential privacy violations and are committed to addressing the issues raised in the PIL. The ministry is expected to submit a comprehensive affidavit outlining the steps being taken to protect vehicle owners’ data and prevent further unauthorized access through mobile applications.
The Delhi High Court’s decision to list the case for hearing on February 19, 2025, provides the government with a clear timeline to formulate a response and implement potential policy changes. The court’s directives also open the possibility for further legislative action to bolster data privacy protections and ensure that the National Register’s sensitive information remains secure.
As concerns over data privacy and security continue to grow, particularly in the digital age, the outcome of this case could set an important precedent for how personal information is handled by government databases and private applications in India. The review by the Centre could lead to significant reforms in how vehicle-related data is accessed and shared, with the potential for new laws to safeguard the privacy of millions of vehicle owners across the country.