Arogya App: What Happens to Our Data Once This is All Done?
Experts express concern over the government's latest fix
PATNA: While governments unprepared for the Covid-19 pandemic have locked away about half the world’s people, those with internet connections have still managed to keep up to some extent. Privacy concerns have mounted correspondingly.
Whether it’s the Zoom app for work meetings or online class, or playing games on Houseparty or other interaction apps, people with facilities are getting by in the brave new world. Even the union government has announced its Arogya (well-being) App to help fight the outbreak, by tracking people’s location data.
In the past few weeks reports have come in worldwide about privacy breaches by Zoom, Houseparty and other apps. But regular users don’t often consider privacy breaches a deterrent. And as Nidhi, who uses Zoom for taking classes says, “When we have to install it for our classes, there’s not much of an option.”
Saima, another student, agrees. She has installed quite a few apps during the lockdown period, and says privacy breaches are seldom a dealbreaker for her when choosing apps.
According to Sreenidhi Srinivasan, senior associate at IKIGAI, a technology focused law firm, “This is a challenging time and users are consuming a lot of information online. This definitely leaves them open to a range of risks: malware, misinformation, privacy breaches etc.”
Srinivasan observes that many users have been drawn to apps such as Houseparty and Zoom. “Some of these apps have questionable data use policies – making users susceptible to privacy risks.”
There may be many more apps meddling with user privacy and personal data accessible through users’ smartphones. Shivangi Nadkarni, CEO of cyber security consultancy Arrka Consulting, believes that without effective privacy legislation, there’s not much we can do about it.
Nadkarni is hopeful that the Personal Data Protection Bill will help safeguard user privacy: “The bill in its present form addresses the situation of pandemics and other emergencies while overall protecting the rights of users.”
But as The Citizen reported earlier, experts have questioned the draft bill’s commitment to actually protecting people’s privacy, given the commoditization of users’ personal data and the political interests of surveillance security regimes.
With the new Arogya App, the question becomes how a government app that explicitly tracks people’s location would work in such a scenario. Breaches of public data were widely reported with the prime minister’s NAMO App previously, with Aadhar earlier, and with recent instances of Covid-19 patients’ personal data being leaked on WhatsApp.
“Technology for tracking is advanced and within easy reach of anyone who wants to do so. Hence the government tracking people via their apps would be very effective,” says Nadkarni.
Srinivasan agrees that during a health crisis, privacy does take a backseat. But she stresses that this should not become the new normal. “The worry is that a lot of what we do now could become the new norm in a post Covid-19 world. This happened in the US after 9/11 when surveillance measures intended to counter terrorism were normalised.”
Location tracking, for instance, is quite common. Many iOS, Android and other apps are known to surreptitiously share your location and other personal data with developers, or even third parties, often without encryption.
In the wake of the pandemic, many jurisdictions such as South Korea and Hong Kong have insisted on specific people, such as incoming international travellers, downloading tracking apps.
Nadkarni echoes this, saying apps like Arogya will be effective “provided the use of such apps is strictly restricted to only tracking specific individuals – and not anyone and everyone – and provided this tracking is stopped once the crisis is over.”
While contact tracing is important for the government to contain the virus, Srinivasan says, it is equally important for such apps to have appropriate safeguards.
And some questions still need addressing. “Some safeguards are still needed. For instance, how does one ensure that the data is not used for any other purpose? What happens to this data once this is all done?” she asked.