Rohini Lakshane is a Mysuru based
technologist, Wikimedian and
public policy researcher. She recently researched sixteen, Covid monitoring
mobile apps launched by the various state governments across India.
Café logged on to a zoom session she
conducted I the invitation of thuscritique on the impact being made by these
apps on informational privacy and later communicated with her on email
On whether
informational privacy was compromised in most of COVID monitoring apps, Rohini
Lakshane said that the “government released the apps for citizens to use, and
my preliminary review of these apps shows that the privacy of citizens and
their health data may be breached via these apps”
Reacting to
the ‘Quarantine Watch’ app of the Karnataka government which insisted on
home quarantined patients sending one selfie every hour for 14 hours to the
government, she said I did not find any publicly available
information about the technical process the government used to verify the
photo, GPS location and timestamp sent via every selfie submitted every hour by
every person in quarantine. I found an order pertaining to the hiring of a
private operator who could extract this metadata. There is no fool proof way of
ensuring that people do not violate the rules of quarantine. However, in my
view, a less resource-intensive and invasive process would have been to carry
out surprise checks.
She also
pointed out how state government departments like IT and revenue departments
were using their established app systems to generate information instead of the
health department. “Regardless of the department that is running the
app, there should be clarity on the privacy policy and processes of handling
and transfer of data between different entities, especially when private
contractors hired by the government are involved. The process and policy should
answer, Who would have access to information gathered for the purpose? For how
long will it be stored and where? What entity would be responsible for
safeguarding the data? When will it be deleted, if at all?
On the most
talked about and discussed AROGYA Setu app she said that the governments
claimed assurance photos and identities of people would not be shared would not
be shared and all information would remain confidential are not independently
verifiable by any process of audit or oversight yet. “In the absence of a data
protection law, there are neither safeguards nor redress mechanisms available
to the citizens in case there is abuse or misuse or breach of this data”
She also
pointed out that in India we do not have a law on informational
privacy and data protection, although the right to privacy has been
recognised as a fundamental right and alienable right enshrined in the
Constitution (Puttaswamy judgement of 2017). The efforts to draft such a law
first started almost a decade ago and there is a need for the law to see the
light of day.
