Websites Are Openly Selling Personal Data of CUET and NEET Candidates, Raising Fresh Privacy Concerns

Websites Are Openly Selling Personal Data of CUET and NEET Candidates, Raising Fresh Privacy Concerns

Millions of students trusted the system with their personal information. That trust now faces serious questions as candidate data is reportedly being sold online.

Several websites are reportedly selling databases containing the personal details of students who appeared for national entrance examinations this year, raising fresh concerns over how candidate data is handled in India's education ecosystem. The practice is taking place openly even as the country's Digital Personal Data Protection (DPDP) framework is being implemented in phases.

Student Databases Sold Online for Marketing

Websites such as studentdatahub.com, studentsdatabase.net, bulkstudentdata.com, and similar portals are advertising student databases to admission consultants, coaching institutes, universities, and marketing agencies seeking prospective student leads.

The databases are reportedly priced between ₹1,000 and ₹10,000, depending on the number of records and filters selected, including state, gender, caste category, and other demographic details.

One listing titled "CUET 2026 Exam Database" claims to contain records of more than 1.5 million candidates. According to the listing, the database includes information such as:

  • Candidate names
  • Mobile numbers
  • Email addresses
  • Parents' names
  • Date of birth
  • Gender
  • Reservation category

To attract buyers, the seller has reportedly shared a free sample containing the personal details of 500 CUET-UG 2026 candidates who appeared for the examination conducted between May 13 and June 3, 2026, with results declared on July 4.

Potential Conflict With India's Data Protection Law

The alleged sale of candidate information appears to conflict with the principles of the Digital Personal Data Protection Act, 2023, which states that personal data collected for one specific purpose, such as conducting an examination, cannot be processed or shared for another purpose without the individual's consent.

The law provides for penalties of up to ₹250 crore for serious violations. However, several compliance obligations for organisations handling personal data are scheduled to become fully enforceable only by 2027, creating a transition period that some observers believe may be allowing such practices to continue.

Students Report Unsolicited Calls

The impact of the alleged data trade is already being felt by students.

Several candidates whose information reportedly appeared in these databases said they began receiving unsolicited calls from coaching institutes, admission consultants, and educational service providers soon after examination results were announced.

For students aged 17 or 18, who have just completed one of the most stressful academic phases of their lives, such unwanted contact can add unnecessary pressure during a period that should be focused on admissions and future planning.

Data Providers Defend Their Business

Operators of some of these websites have defended their activities.

A Delhi-based data provider reportedly stated that the company supplies student databases to university marketing teams and argued that using such information for admission-related outreach is not illegal.

However, privacy experts point out that consent granted for examination registration does not automatically permit the commercial use or distribution of personal information for unrelated marketing purposes.

NTA Responds

The National Testing Agency (NTA) has stated that protecting candidate privacy remains a priority.

According to the agency, examination data is shared only through secure, consent-based application programming interfaces (APIs) developed for universities using government platforms such as DigiLocker, the National Academic Depository (NAD), and API Setu.

Officials from the Ministry of Electronics and Information Technology (MeitY) have also indicated that the matter will be examined once it is formally brought to the ministry's attention.

Privacy Laws Need Effective Enforcement

The episode highlights an important reality. Passing a data protection law is only the first step. Effective enforcement is equally essential.

Every year, lakhs of students provide sensitive personal information while registering for board examinations and national entrance tests, trusting that their data will be used solely for examination-related purposes.

If such information is being circulated through publicly accessible commercial databases without the knowledge or consent of students, it raises serious questions about accountability, data governance, and privacy safeguards.

As India moves towards full implementation of its data protection framework, this incident serves as a reminder that enforcement mechanisms must keep pace with legislation. Protecting students' personal information requires not only robust laws but also timely oversight, investigation, and action against any misuse of sensitive data.

 

Stay Updated with InsightfulTake

Get insightful stories, politics, culture and analysis directly in your inbox.

Subscribe Now →

Leave a Comment