With changing transnational contours of the app economy, where the jurisdictional functionality of service providers is questionable and operates in clouds, India needs to strengthen data laws
The Government’s directive to all public and private sector employees to install the Aarogya Setu app in their mobile phones has raised eyebrows in some quarters. But the fact is that a post-COVID world is going to be equated with a digital society. It will be the new normal, where the use of diverse and converged digital technologies will help people maintain social distancing and facilitate secured living in an age of pandemic.
The Aarogya Setu app is designed to keep the people informed about the risk of them being infected with Coronavirus. Self-assessment begins with a request for information such as gender, full name, age, countries travelled to in the last 30 days and professional details. The app, which makes the use of GPS to get the user’s location, discovers other available applications near his/her device using bluetooth. By cross-referencing the location details with that of Indian Council of Medical Research (ICMR)’s database and by collecting records of nearby users, it does a risk assessment and returns with a colour-coded message. It appears that the app continuously collects the user’s data and uploads them to a Government server along with a DiD, which is a unique digital id. Data in the server is anonymised in such a manner that personalised features are suppressed without affecting the statistical features of the data ensembles.
The fact that devices exchange information, continuously collect location data of registered users and maintain a record of the places where they may have come in contact with other people has given rise to a sense of distrust among the people. Hence, the controversy. Arguments can be drawn into two fields: One of data privacy and the other on surveillance. While debate around the Aarogya Setu app is unsubstantiated and unfounded, questions related to data privacy will very much be a talking point in a post-COVID society.
Data is now widely being treated as the new “oil”, “gold” and is a valuable resource from the perspective of society, economy, polity, privacy and human progress. For a society to make progress from an information age to a knowledgeable, digital world (data-driven society), the effective use of data and information, while qualifying with privacy parameters, will be a cornerstone of public discourse. Privacy is as old as mankind and has a close connection with human dignity, freedom and independence of an individual. Maintaining privacy will be more challenging in an age of informed society. Data privacy is a necessity so as to preserve and protect personal information that is collected by organisations. The fear of it being used by a third party is always there.
Data privacy assumes significance as people live with the app economy for the entire day, every day and every hour. Digital citizens, while accessing various apps, give in to the consent clause and in reciprocation forfeit intimate details to data companies by accepting the fine print of services that they receive through the app. Further, several devices often track our movements, preferences and any information they can mine from our digital existence. This without the consent of the user.
Let us be clear at this stage that collecting data, however private it may be, with the user’s consent, implicit or explicit, for any purpose and using it for data analytics in anonymised form is not a breach of privacy. Of course, unless the data is personalised and shared with other platforms or a third party. This seemingly is not the case with the Aarogya Setu app at present.
The nation has just seen that all efforts to curb the rapid spread of the Corona pandemic can be seriously affected due to contact tracing. This can be minimised with the help of data-driven technology that collects contact history of individuals. Undoubtedly, contact history is private but is used for a public cause. Aarogya Setu ensures just that and is a proof that India is growing to be a digitally matured State.
Post the COVID pandemic, India will witness a rise in app-driven socio-economic activities. Every aspect of the digital society — spanning from e-commerce, digital marketing and learning, digital art and culture, digital banking and transactions, social networking and social media, to digital Government interventions — will spread ominously.
Collection of data, private or otherwise, is inevitable and unavoidable in a data-intensive and algorithmically governed society. At the same time, the use of data responsibly while also preserving privacy should be the order of the day.
This brings us to an important question: Is India prepared to regulate data laws in the cyberspace? Further, are the citizens digitally educated to understand the trade-off between “comfort” and “luxury” while using digital technologies or when they share their data for a purpose? Are they aware of the privacy concerns arising thereof? These questions need to be addressed by digital communities of a post-COVID society.
India’s legal system, too, can be construed as half prepared to deal with concerns arising out of data privacy violation in the app economy and highly integrated digital age, even though the Information Technology Act (2008, amended in 2011) provides the necessary legal regime for cybersecurity and protecting privacy concerns thereof.
With changing transnational contours of the app economy, where the jurisdictional functionality of service providers is questionable and operates in clouds, India needs to consolidate and strengthen data laws on priority.
The Personal Data Protection Bill, 2019, which is still stuck in Parliament, intends to regulate the processing of personal data of individuals (data principals) by the Government and private entities (data fiduciaries). The Bill must provide legal teeth to data protection authorities to prosecute the data fiduciaries with penal actions. Such regulation, even if passed, cannot be effectively compliant in the context of lacking digital citizenship practices and etiquette.
A post-COVID society and democracy in India will be digitally driven and will be converged around data privacy and security that should not be devalued due to the current political bickering on the installation of the Aarogya Setu app. The app has only a limited purpose to contain the spread of the Corona infection. At the same time, developers of the app must take care to ensure that the data collected for the purpose is not intruded, de-anonymised or exploited by any other party.
(Writer: Arun K Pujari; Courtesy: The Pioneer)