Skip to content

Lucknow Airport users forced to accept Adani payment terms

  • by
  • 4 min read

Photo: mrinalpal / Shutterstock.com

A recent incident at Lucknow’s Chaudhary Charan Singh International Airport has sparked a conversation about the growing influence of private entities in public spaces and the potential implications for data privacy. A Reddit user reported being compelled to accept the terms and conditions of Adani Digital Payments while making a routine purchase, even though they were using a third-party payment app, PhonePe, to complete the transaction.

The Reddit user recounted an unexpected experience when buying a bottle of water at an airport establishment. Instead of a typical UPI QR code linked directly to the vendor’s account, the cashier presented the user with a QR code linked to Adani Digital Payments.

The user alleged that they were required to accept Adani’s terms and conditions before proceeding with the payment.

“The QR code shown to me was not the UPI QR code of the establishment. It was the QR code of the Adani Digital Payment interface through which the payment had to be made,” the Reddit post read. The user expressed concern that Adani might be taking a commission on every transaction processed through its platform.

While the user eventually complied with the payment terms, the incident raises broader questions about transparency in digital payment processing, especially within public-private partnerships like Lucknow Airport, which is operated by the Adani Group.

This incident highlights the key issue of mandatory terms and conditions acceptance from a third-party payment processor in what should have been a straightforward transaction between a customer and an airport vendor. This could have significant implications for consumer rights, especially concerning data privacy.

Like many platforms, Adani Digital Payments collects extensive personal data. According to its privacy policy, Adani Digital Labs acts as both a ‘controller’ and ‘processor’ of user data, granting it access to sensitive information such as phone numbers, addresses, and payment transaction details.

The data points collected by Adani Digital Labs | Source: Adani One

This raises concerns about how this data is used, stored, and shared, especially given the Adani Group’s broad reach across multiple sectors.

Moreover, the incident draws attention to whether consumers fully understand what they consent to when agreeing to these terms, especially when such agreements are embedded in routine transactions.

As MediaNama points out, this incident echoes broader concerns about the implications of agreeing to terms and conditions in different sectors. In August 2024, Disney faced a wrongful death lawsuit after a woman died from an allergic reaction at Disney Springs in Florida.

The company controversially argued that the woman’s husband had agreed to Disney’s terms and conditions years earlier when he signed up for Disney+, which also covered Disney’s parks and resorts.

Similarly, an October 1 case involving an Uber driver who caused a car accident highlighted the complexities of such agreements. Uber successfully argued that the victim had agreed to the company’s terms when signing up for Uber Eats, shielding the company from liability in court.

These cases suggest that companies are increasingly leveraging broad terms of service agreements across different aspects of their operations, even when customers may not realise the extent of what they are agreeing to.

Lucknow Airport operates as a public-private partnership with the Adani Group, raising questions about the extent of liability and consumer protections in such spaces. Should consumers be required to accept the terms of private entities like Adani when using public infrastructure, such as an airport? More importantly, what happens if those terms grant the private entity extensive control over a consumer’s data?

India’s newly implemented Digital Personal Data Protection Act (DPDP Act) grants users certain rights over their data, such as the right to know who is processing it and for what purposes. However, the DPDP Act does not specifically mention the right to file a Data Subject Access Request (DSAR) to access personal data being processed directly, something several Reddit users suggested as a recourse in this case.

In the News: UNODC urges criminalising unlicensed VASPs operators in Southeast Asia

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>