Hi there!
While India continues to live in uncertainty about its data privacy legislation, this last month has seen other entities swinging into action to "make up" for the lacuna.
The star among these has been the Reserve Bank of India — India’s Central Bank and the Banking Sector Regulator.
Last month, the RBI published a regulatory framework for digital lending applications. This was much needed given there have been a host of illegal loan applications in the market. Initiating further action, the RBI announced it would prepare a list of legal apps and the Ministry of Electronics and Information Technology would coordinate with app stores to ensure only these apps get hosted.
The following excerpt from the press release highlights the harms these apps perpetrate:
“The Finance Minister expressed concern on increasing instances of illegal loan apps offering loans, microcredits, especially to vulnerable & low-income group people at exorbitantly high interest rates and processing/hidden charges, and predatory recovery practices involving blackmailing, criminal intimidation, etc. (Finance Minister) Smt. Sitharaman also noted the possibility of money laundering, tax evasions, breach/privacy of data, and misuse of unregulated payment aggregators, shell companies, defunct (non-banking financial institutions), etc., for perpetrating such actions.”
It is indeed unfortunate that it takes scenarios like the above to play out for people to realize how certain dangerous/high-risk permissions that apps take from users can result in such gross misuse of personal data and the subsequent harms people can experience. However, we have a long way to go before awareness and appreciation for data privacy in every sphere of life — including digital devices — is understood at a granular level.
Another example of this kind of blithe disregard for privacy is the escalation of surveillance and accompanying technology in India.
A tender released recently in Telangana state (the capital of which is Hyderabad) in Southern India proposed to monitor the exam-time activities of more than 2.5 million people aspiring for state government jobs. For this, the ask is more than 100,000 CCTV cameras and more than 40,000 biometric devices. Already Telangana is considered the "surveillance capital" of India in certain circles with the amount of CCTV cameras deployed and used by the police.
Unfortunately, Telangana is not an exception. Other states likes neighboring Andhra Pradesh, Meghalaya and Nagaland have reported use of facial recognition in education. Several others are doing or are planning to do so for police work.
Without a law to safeguard the rights of individual citizens, the risk of these surveillance measures being used beyond the stated purposes is very high.
Meanwhile, on the positive side, we saw some baby steps taken toward anonymization. MeitY issued a set of guidelines for anonymization measures in the end of August. Receiving some flak, these were withdrawn and fresh consultations have been initiated. While this may take a while to settle, it is heartening to see some moves in this direction.
As India moves into its busy festival season, there will be an upsurge in digital activity. In the continued absence of appropriate guardrails, let us hope the negative fallouts remain minimal.