CoWIN ‘data breach’ highlights urgent need for data privacy law: Experts
Data protection bill currently undergoing revisions and not yet introduced. Citizen trust and privacy breached, say critics
Experts said the controversy involving the possible leak of CoWIN data underscores the urgent need for a data protection bill that will protect citizens from such exposure and ensure accountability of institutions.
Their comments came on a day when reports and screenshots showed an automated account on the messaging application Telegram disclosed the name, date of birth, identity document type and number, and location of last vaccination linked with a mobile phone number sent to it. The government denied any “direct breach” of the CoWIN platform.
Also read: CoWIN vaccine database in the eye of a leak storm
Founder of Cybersaathi and Supreme Court lawyer NS Nappinai said irrespective of the correctness of the news reports, the very issue raised of data protection for digital data in the hands of government agencies highlights the urgency for India’s personal data protection legislation. “More importantly, that health data and other documents that contain personal information such as Aadhaar or PAN Card or driving license should carry higher levels of reasonable security measures is also spotlighted with this data breach,” she said.
The data protection bill has undergone several changes since it was first floated in 2017. It was set to introduced in the last monsoon session of Parliament, but was scrapped and a new draft was put up in December 2022. The government has since held several rounds of consultations on the same but is yet to introduce the final bill.
{{/usCountry}}The data protection bill has undergone several changes since it was first floated in 2017. It was set to introduced in the last monsoon session of Parliament, but was scrapped and a new draft was put up in December 2022. The government has since held several rounds of consultations on the same but is yet to introduce the final bill.
{{/usCountry}}This is not the first time that data stored by the application is said to have been leaked. The government, meanwhile, denied the reports calling them “mischievous and without any basis”.
{{/usCountry}}This is not the first time that data stored by the application is said to have been leaked. The government, meanwhile, denied the reports calling them “mischievous and without any basis”.
{{/usCountry}}Public policy director at Internet Freedom Foundation, Prateek Waghre, said that the reported leak represents a massive breach of citizen trust and privacy. “It is worth noting that CoWIN was released without a privacy policy, and did not have one until directed by the Delhi High Court to do so in 2021,” he said. “It is disappointing to note that citizen data appears to not have been safeguarded potentially exposing a large number of citizens to privacy harms. Calls by civil society to follow to data minimalist approach were also not heeded.”
{{/usCountry}}Public policy director at Internet Freedom Foundation, Prateek Waghre, said that the reported leak represents a massive breach of citizen trust and privacy. “It is worth noting that CoWIN was released without a privacy policy, and did not have one until directed by the Delhi High Court to do so in 2021,” he said. “It is disappointing to note that citizen data appears to not have been safeguarded potentially exposing a large number of citizens to privacy harms. Calls by civil society to follow to data minimalist approach were also not heeded.”
{{/usCountry}}Also read: China military, Wuhan scientists made Covid? Big revelations in shocking report
Independent researcher Srinivas Kodali added that this is probably the “largest data breach with almost every adult Indian’s data being leaked”. “It (CoWIN) is clearly not secure with (reports of) the lastest breach and any past assurances Government of India mentioned were mere words with no actions,” he said. “Ideally there has to be an audit done and establish the point of this breach, security and privacy of citizens has been taken very lightly by this government.”
