Here's what India needs to consider before regulating data access by apps

Before India regulates customers' private data usage by app makers, here's what should be taken into account

13 April 2018, 17:54 IST

The issue of data leak has got the western world worried. The Europe Union is all set to launch General Data Protection Regulation (GDPR) from May this year, while the United States is grilling Facebook founder Mark Zuckerberg on charges of influencing elections in several countries by providing private data of its users to political parties.

The Indian government has so far refused to acknowledge that there is something called privacy (read NDA government's submissions to the Supreme Court on Aadhar card). The government though is finally thinking along the lines of coming up with some laws to at least protect people's privacy from private mobile apps.

According to the Economic Times, "Telecom Regulatory Authority of India (TRAI) is likely to seek more powers to regulate the flow of data from users to app makers, while defining what comprises personal information, as it finalises recommendations on data ownership, privacy and security that are likely to be released this month."

If TRAI is actually interested in safeguarding people's privacy and is seeking powers to curb app makers' penchant to sneak into customer's everyday lives, the efforts are commendable.

Over the past few years, the smartphone apps have become a necessary evil in the lives of people using telecommunication services. Everyone who downloads an app gives permission to the app maker to access all sensitive details that are stored in the phone of the former, on the pretext of getting better user experience.

Below are some examples of the unnecessary details that the app makers take from customers:

Access to the photo gallery: While it makes sense for apps like Instagram, Snapseed or Camera+ to have access to our photo gallery, a taxi aggregator asking for access to your photo and media files, is a major reason to worry.

Saving credit/debit card details: Most mobile apps including Paytm, Amazon, Flipkart, Uber, OLA and others automatically save the customers' debit/credit card information used for the transaction. While the customers have the option to delete it, in the majority of cases, people do not remember to delete it.

Imagine any of these shopping or payment gateways ever losing data to a third party. The bank account details of all their customers would be at an extremely high risk. All bank frauds happen due to data breaches that provides a victim's bank account details to a party indulging in fraud.

All the companies claim that there data security system is top class, but in the world of internet frauds, the fraudsters are always trying to breach the most secured of the systems.

Therefore, it is important for the government to come up with rules that force these companies not to save bank account details of customers, even if it leads to the inconvenience of putting in the bank account details afresh for every new transaction.

Location trackers: It is important for Ola and Uber to track your location when you are aboard their taxi. But when a chat app seeks the permission to track your location in their agreement policy, it is dangerous. There are travel booking apps, that are sending your movements to others. For example, if someone is travelling to Mumbai tonight, everyone in his contact list using the same app will be informed about the customer's flight. Such information can put anybody's life at risk, by making stalking someone easy.

There are apps, that are doing it in the country and the government must ensure that such practices are stopped.

A chat app can ask for access to pictures or media files so you are able to share those with your contacts. But you should be wary if it asks to know your location. A gaming app will want to know when you get a phone call so it can pause. But a gaming app requesting access to your text messages or location should raise a red flag.

The app makers can always give the option to people to opt out of certain options.- Most apps don't give any option today. But it is important for the government to understand that many people may consider giving out certain types of information to app makers harmless only until they are victimized at some point in future.

Therefore, the government needs to come up with holistic rules, that analyze and define the limits of information that a particular app may require, going beyond which should be prohibited, even with an option of allowing customers to opt of it.