The OYO storm in a teacup: questions on data sharing with government and privacy

Hospitality startup OYO found itself in the eye of the storm when its India and South East Asia CEO Aditya Ghosh announced at a CII conference in Kolkata recently that the company would digitise its guest records, and open them up to the government.

Here's what the CEO said: "At this point, we have seen acceptance from the state governments of Haryana, Rajasthan and Telangana of our proposed digitisation of guest entry and departure records. The digital arrival and departure register aims to maintain a real-time record of guest entries and update the respective governments on who's checking in and checking out, when presented with an information order for an investigation, making this a more secure, efficient and transparent process as compared to the manual version," said Aditya.

His statement had everyone in a tizzy over issues like data sharing and privacy.

“To share this data with the government is a whole different problem as it infringes on the right to privacy. We have to see what OYO really means by sharing the data with the government,” says the founder of a startup that competes with OYO.

However, as it turns out, OYO is doing nothing really drastically different from everyone else.

As per existing government regulations, all hotels, bed-and-breakfasts, homestays and guest houses have to keep a record of guests checking in and checking out of their properties in a physical register, which can be checked by local police authorities.

The only thing that OYO is doing differently is digitising these records.

In an e-mail response to the controversy, the company specified that data generated through its digital register cannot be accessed by anyone without due verification for investigation and proper information order. This is what happens with information stored in physical registers as well.

Also read: OYO has over 450,000 rooms and plans to touch a million by the end of 2019

Now here's where OYO says things are different. According to a company spokesperson,

"The govt simply provides for servers where the data of the guests will be stored securely to be accessed by law enforcement agencies only after due verification. The objective is to reduce any scope for manipulation or missing information and is therefore an improvement over the existing manual version."

“Technology is deeply embedded in our DNA. With the Digital Departure and Arrival Register, we aim to add a stronger data security net to the entire booking process by ensuring transparency, digitisation and improved efficiency of operations for the hotels,” an OYO spokesperson said in response to an email sent by YourStory.

A lawyer, on condition of anonymity, told YourStory,

“If this data is being proposed to be shared with the government, we still do not know whether it will be snooped in to. But digitising guest entries is good and helps the government to use this data to track any form of crime. However, if guest identities are snooped in to, without their permission, it is not a good practice in the digital era.”

Who knew that trying to digitise standard records could brew a storm in a teacup?