Overview
Tata Neu is a super app connecting the entire Tata Group consumer ecosystem through NeuPass loyalty points. A single NeuPass profile links: Air India flights, IHCL hotel stays, BigBasket groceries, 1mg medicines, Croma electronics, Tanishq jewellery, Tata Play entertainment, Tata Capital finances, and more. This is Indiaβs most comprehensive consumer data aggregation attempt.
DPDP Readiness: Section-by-Section Analysis
Section 6 β Consent & Notice π΄
The super app consent problem: Signing up for Tata Neu consents to data aggregation across potentially 20+ Tata companies. A single βI acceptβ covers:
| Tata Entity | Data Collected | Sensitivity |
|---|---|---|
| Air India | Travel patterns, passport data | High |
| BigBasket | Grocery purchases, health products | High |
| 1mg | Medicine purchases, prescriptions | Critical |
| IHCL Hotels | Stay patterns, lifestyle | High |
| Croma | Electronics, spending capacity | Medium |
| Tanishq | Jewellery spending, occasion data | Medium |
| Tata Capital | Financial applications, credit | Critical |
| Tata AIG | Insurance claims, health data | Critical |
Combined, this creates the most detailed consumer profile in Indian commerce β all under one consent.
Section 9 β Data Retention π΄
NeuPass loyalty data aggregates across all entities. No retention timelines defined. A customerβs 10-year Tata purchase history across flights, groceries, medicines, and hotels creates an intimate life record.
Section 11 β Rights of Data Principal π΄
- Can users participate in NeuPass but exclude specific Tata entities?
- Can users delete data from 1mg but keep BigBasket?
- No cross-entity data control mechanism
- No nomination rights
Risk Assessment
| Category | Risk Level | Potential Impact |
|---|---|---|
| Cross-entity profiling | Critical | 20+ entitiesβ data combined |
| Health data aggregation | Critical | 1mg + BigBasket + Tata AIG = health profile |
| Financial data aggregation | Critical | Tata Capital + spending = complete financial picture |
| Consent scope | Critical | One consent for entire conglomerate |
The Super App Data Monopoly Problem
Tata Neuβs data combination potential:
Medicine purchases (1mg) + Grocery purchases (BigBasket) + Insurance claims (Tata AIG)
= Complete health profile without explicit health consent
Air India flights + IHCL hotels + Tanishq purchases
= Lifestyle, income, and travel profile
Tata Capital applications + Croma spending + Tanishq
= Complete financial pictureRecommendations
- Implement per-entity consent controls β Let users choose which Tata entities share data through NeuPass
- Create data aggregation transparency β Show users what profile NeuPass has built across entities
- Establish health data firewalls β Prevent 1mg and health-related data from flowing to non-health entities
- Define cross-entity retention β Clear timelines for how long aggregate profiles are maintained
- Build entity-level deletion β Allow users to delete data from specific Tata entities independently
How Does Your Policy Compare?
π Run Your Free DPDP Audit β
Analysis conducted by DPDP Consulting, a Meridian Bridge Strategy initiative. For a comprehensive compliance roadmap, book a free consultation.