Hotel and Restaurant Association of Western India Objects to Maharashtra’s New AI CCTV Mandate for Hospitality Venues

Published on November 5, 2024

The Hotel and Restaurant Association of Western India (HRAWI) has expressed strong objections to a new directive from the Maharashtra Government that mandates AI-based CCTV systems at licensed hospitality venues. This directive requires establishments to install advanced CCTV surveillance with real-time AI and machine-learning monitoring at entry points—a move HRAWI considers excessive, costly, and intrusive, with no demonstrated effectiveness in enhancing public safety.

HRAWI has submitted a formal representation to Maharashtra’s Chief Secretary, Smt. Sujata Saunik, highlighting that the order was issued without any prior consultation with the industry. The Association argues that this directive is unreasonable, arbitrary, and places an undue financial and operational burden on hotels and restaurants. HRAWI has expressed its willingness to engage with the government to explore alternative methods for addressing security concerns, aiming to prevent the implementation of this intrusive CCTV mandate.

“This is a significant privacy concern, especially for celebrity and VIP guests. Patrons come to our establishments for leisure and private business. These are unguarded moments that they spend with their family and friends. Videotapes of such moments, data storage and transmission involved present cybersecurity risks, including exposure to ransomware or hacking and exposing hotels and restaurants to data privacy and data security. The order is silent on liability issues for any breaches. The CCTV order also infringes on the privacy rights of patrons and could negatively impact hospitality businesses, as customers visit hotels and restaurants to relax in private settings. The mandated surveillance, including live feeds, real-time alerts and stored footage, could drive customers away, undermining the core of the hospitality experience,” says Mr Pradeep Shetty, Honorary Secretary, HRAWI.

“We respect the intent to boost security, but the mandate is an unprecedented financial imposition. With installation costs estimated to be in excess of Rs.5 lakhs per establishment with an additional Rs.75,000/- as yearly maintenance cost that excludes twenty-four hours high speed internet and two TB storage, this requirement is simply unaffordable for many small and medium businesses. Security being a state subject, the cost of such an expensive and complicated system should be borne by the State,” says Mr Chetan Mehta, Vice President, HRAWI.

HRAWI further emphasized the impracticality and overreach of the directive. The Association argued that most of its members already have CCTV systems in place for security purposes, which authorities can access whenever required.

“Real-time AI monitoring is unmanageable and impractical, especially given the high volume of data that would be generated across establishments. The imposition of the order suffers from unworkability in terms of utility of the live feed data from more than 5000 establishments in Mumbai alone. It would be humanly impossible to watch and analyse the data except for under circumstances that are post facto, for which a static CCTV footage stored data is sufficient. The face recognition requirement too is unrealistic for verifying underage patrons or criminals. The regulation is an excessive and impractical measure that neither enhances security nor ensures timely closure of establishments,” says Mr Nirav Gandhi, Senior Vice President, HRAWI.

HRAWI has additionally highlighted potential legal and ethical concerns with the directive, particularly regarding data security and customer privacy.

The Association advocates for non-intrusive security solutions, viewing them as more suitable, while cautioning that the current order could foster a “Big Brother” environment, ultimately harming customer trust and the sustainability of businesses.

“Privacy is a fundamental right. The mandated storage of customer data raises significant concerns, potentially breaching the Digital Personal Data Protection Act, 2023, which requires customer consent for data use and the right to be forgotten. Even assuming that the said order seeks to enhance security such extensive monitoring and data handling should only be sanctioned by legislation, not through an executive order. Under the circumstances, we request the State to consider our objections and concerns and defer the implementation of the order pending addressing all concerns of the hospitality industry,” concludes Mr Shetty.