Repercussions for End User for lack of transparency by GoI for data protection

One fallback of data privacy laws in India is that, when a change in sensitive personal data withheld by a data fiduciary occurs they are not even remotely liable to tell us within the current regulations. This has repercussions for third parties who one consents to share data with.

Today, without me having registered a handset change on the UTS app on any other phone or their website, I find myself being asked to register a “Handset change request” to use this app by the Indian Railways

Resultantly, I am stranded within the vicinity of a Railway station without any means of travel in an unsafe hour.

Here’s what I figured:-

So when I switch my phone from Android to iOS, it automatically informs my carrier, which in turn may have automatically informed the Indian Railways after a long distance rail booking (the kind that is not even possible on UTS). This may have made the Indian Railways process that I am using a different handset, perhaps. But I did not download this app on the iOS device, so when I switched back to Android, I was shocked to see a dialog box featuring a “Change handset IMEI request”.

This is a process related and transparency issue, and also is an architectural and legal challenge at the same time for a Digital Economy.