A proposal to deploy facial recognition cameras across six of India's busiest airports - Delhi, Mumbai, Bengaluru, Hyderabad, and Chennai - and link them to a centralised data fusion centre in Delhi has drawn sharp criticism from civil liberties advocates. Reported in June 2026 by outlets including The Hindu, The New Indian Express, and The Economic Times, the plan would integrate approximately 1.5 lakh CCTV units under CISF security cover and connect the resulting surveillance infrastructure to the National Intelligence Grid, or NATGRID. The Internet Freedom Foundation has since written formal representations to the Ministry of Home Affairs, CISF, the Airports Authority of India, and the Directorate General of Civil Aviation, calling for the proposal to be halted immediately.
A Plan With No Clear Legal Foundation
The most immediate problem with the proposal is constitutional. In its 2017 landmark ruling in K.S. Puttaswamy v. Union of India, the Supreme Court of India established the right to privacy as a fundamental right under Article 21 of the Constitution, and set out a threefold test that any state encroachment on that right must satisfy: legality, necessity, and proportionality. The airport facial recognition plan, as currently described in public reporting, fails on all three counts.
No statutory basis has been identified for the rollout. There is no named legal provision authorising the collection of biometric data from travellers at scale, and no clearly articulated state purpose that would justify such a sweeping measure. The proportionality standard poses an equally serious obstacle. Courts in India and internationally have held that mass, indiscriminate data collection cannot be justified by the general goal of crime prevention or security, because it fails to distinguish between those against whom reasonable suspicion exists and the broad population who simply happen to be passing through an airport. Targeted, specific collection is the constitutional standard. A system that passively scans every face in a crowded terminal and feeds that data into a national intelligence network does not meet it.
The proposed data fusion centre in Delhi compounds the concern. No details have been made public about how biometric data will be stored, who will have access to it, how long it will be retained, or which private technology providers will supply the facial recognition software. The absence of this information is not a bureaucratic oversight - it represents a structural accountability gap that would make meaningful oversight impossible after deployment.
The Technical Limits of Facial Recognition
Beyond the legal questions, the proposal confronts a problem that no amount of policy language can engineer away: facial recognition technology is inherently error-prone, and the errors are not random in the way that human errors tend to be. Because these systems are built on machine learning - a statistical and probabilistic discipline - their outputs are never fully deterministic. For any given input, the system produces a result based on probability, not certainty. Precision and recall rates, the standard metrics used to evaluate such systems, can be improved with more training data, but they cannot reach one hundred percent. Outside controlled laboratory conditions, accuracy rates have historically been significantly lower than their developers project.
The consequences of that gap are not symmetrical. A wrongful identification in an airport security context - a false positive linking an innocent traveller to a person of interest flagged in NATGRID - could trigger detention, interrogation, or worse. The risk is not theoretical. Researchers globally have documented cases in which facial recognition systems used in policing contexts produced false matches that led to wrongful arrests. India's demographic diversity heightens the stakes: well-documented studies have shown that many commercially available facial recognition systems perform less accurately on darker skin tones and on women, raising the prospect that the communities least likely to have caused security concerns would bear a disproportionate share of the system's errors.
There is also the question of consent. Passengers moving through an airport terminal do not actively choose to submit their biometric data to a state database. The scanning happens passively and, under this proposal, without any explicit notification or opt-out mechanism. This distinguishes the proposed deployment from voluntary identity schemes such as Digi Yatra, a distinction the IFF has specifically flagged in its Right to Information filing with the CISF.
What IFF Is Asking - and Why It Matters
The Internet Freedom Foundation has pursued two parallel tracks in response to the proposal. Its RTI application to CISF asks foundational questions that any responsible deployment of this technology would need to answer before a single camera went live:
- Whether the plan is distinct from the existing Digi Yatra scheme
- Which agency has been designated as the Data Fiduciary under applicable data protection law
- How and where biometric data from the six airports will be stored
- How long the data will be retained at the fusion centre
- Which government agencies will have access to the collected biometric data
- Copies of tender and bid documents for the project
These are not obstructive questions. They are precisely the questions that regulators, privacy auditors, and courts would need answered before such a system could be deemed lawful. The fact that none of these answers are currently in the public domain - despite the scale of what is being proposed - illustrates the opacity that critics have identified as a defining feature of India's facial recognition expansion in recent years.
The representations sent to MHA, CISF, AAI, and DGCA go further, calling for an immediate halt to the rollout at all six airports until the legal basis is established, oversight mechanisms are put in place, and independent privacy and data protection audits have been completed. The demand is straightforward: the government must demonstrate that this plan meets constitutional standards before implementation, not after. Given the irreversibility of building a biometric database linked to a national intelligence grid, the sequencing matters enormously. A system of this kind, once operational, is extraordinarily difficult to dismantle - and the data collected in the interim cannot be uncollected.