CPPR Chairman Dr D Dhnauraj comments in a news report published in The Times of India
Authorities are taking on the COVID-19 pandemic through stringent containment measures and contact tracing through technological solutions. Among these, is the use of apps to track people with symptoms and the use of phone numbers to trace locations that one has visited, thereby tracking primary and secondary contacts. Recently, the Kerala police admitted to tracking patients and contacts through CDR (call detail records) and in Bengaluru, the district health officer had admitted to use of CDR for contact tracing as early as April. The Telangana government’s app, HITAM (Home Isolation Telemedicine and Monitoring), connects home isolated COVID-19 patients with doctors. While these are mandatory steps taken by the government and health authorities to contain the spread of Coronavirus, reports suggest that various companies have been toying with the idea of introducing employee tracking apps, that would alert the individual and the management if an employee has come in contact with an infected individual or has visited a contaminated zone. Depending on technology for safety is one side of the coin, but the other side – does such technology also fringe on a breach in privacy of employees, is what has been questioned. We take a look…
Aarogya Setu vs tracking apps for non-positive employees
The government initiated Aarogya Setu app allows an individual to self-assess one’s own health symptoms based on the information you provide along with your location. The app also provides you information on potential COVID-19 hotspots and contaminated zones that you could avoid visiting. While the Aarogya Setu app is heavily based on voluntary information, the biggest impediment here is that not everyone is forthcoming with this required information. However, even though most public places and establishments insist entry to individuals only after a cross check of the information on the application, there is currently no law that mandates the use of it.
Now, with companies welcoming back employees at the office, they must also focus on keeping the spread of Coronavirus at bay. Reports suggest that many companies, across the world, have been toying with the idea of enabling location tracking apps for their employees. From exclusive-to-the-company service apps to using something as basic as Bluetooth, tech-aided tracking could be useful in the context of the pandemic. But the use of technology in tracking employees also raises concerns over privacy. Among these companies, were the management at the Bengaluru International Airport (BIAL) that was allegedly considering such an app after a couple of their staff members tested positive. While BIAL officials categorically denied having considered such an initiative, a source, on the condition of anonymity revealed, “The idea was to ensure safety at the workplace. However, putting an app in place came with many impediments, possibly with regard to privacy.”
A statement from BIAL reads, “During this pandemic, BIAL did not have a plan to roll out an app to check on employee location – the reporting of location by employees was based on regular updates to be shared with managers/ HODs.”
Incidentally, the Airports Authority of India (AAI) has stated that its guidelines have been modified, making even downloading of the Aarogya Setu application optional for air passengers. This decision comes in after a PIL filed by Bengaluru resident, Anivar A Aravind, which states that the Aarogya Setu violates the right to privacy and other fundamental rights of citizens.
With tracking, how safe is your private data?
“An app monitoring employees’ movement will disrupt the morale of the employees and lead to a complete disruption of their commitment and dedication. And, as an HR this would not be what we can allow. Also, people are anyway scared of data misuse that comes with downloading an open app. However, for the success of any such app or tracking tool, the company should ensure that the app is firstly tailormade for or by the company or maintained by the company with no scope of data leaks,” says Dr Jude Xavier, VP and head HR of a Bengaluru-based tech firm.
Smriti Gautam, a lead HR recruiter at a Cloud computing company, shares her inhibitions around tracking employees through apps. “All corporates have CCTVs and we can use that to build smarter algorithms that track and enforce social distancing. It would be far better than using an intrusive GPS tracking app.”
D Dhanuraj, chairman of Kochi-based Centre for Public Policy Research, says that there’s no guarantee that one’s private data – such as the places one frequently visits – won’t be leaked to the public domain, where it could be misused. “There is no accountability on the safety of private information. I have the right to know who is storing and processing the data and for how long they are holding it. These are crucial questions in data privacy related discussions,” he says.
Data privacy expert Shivangi Nadkarni, however, states, “Proper controls can definitely be implemented to ensure the user’s privacy is not compromised.” Cyber security evangelist Vijay Raj feels that a ‘sunset clause’ is required, to define when the surveillance ends. “There must be a chain of custody agreement for data passed between government, industry and researchers, which includes a process to delete data. Also, we will need a commitment to corporate accountability if the data is misused, stolen or sold,” Vijay suggests.
‘With no privacy law present in India, companies tracking employees are not answerable’
“There is no law in our country that can govern tracking process and its extent. India does not have a privacy law, nor does it have a legal framework or statutory regulatory authority to deal with privacy related issues, so there’s no such place where companies need to inform if they use tracking apps. Any such act under the garb of COVID-19 is unwarranted. In fact, even the Aarogya Setu app is not mandatory to be downloaded,” says Pavan Duggal, a cyber law expert.
Advisory for authorities from Data Security Council of India (DSCI)
* Maintain transparency with the public about the usage of data
* Usage of such data should be lawful and fair
* Clearly describe the purpose of data being used and prevent it from re-use
* Delete data collected from individuals after a defined period
* Conduct a data privacy impact assessment on the data received
* Provide evidence that they have acted in accordance with the assurances given
* Establish an independent oversight board to monitor adherence to these principles
Data breach made headlines globally
* In July, the UK Test and Trace system came under scrutiny after a rights group accused it of breaching privacy
* In July, the quarantine enforcement app in Moscow came under scrutiny following some complaints of malfunctioning
* In July, reports suggested that the Pakistani contact tracing app had security flaws and could be accessed by attackers
* In June, the Peruvian app to tackle the pandemic launched by the government drew flak for not asking permissions to use GPS and Bluetooth
This article was published in The Times of India on August 21, 2020. Click here to read