War on apps: Need for a dedicated legal framework to govern mobile applications
India has begun to see a war on apps. This entire episode has brought forward to the collective attention of the nation, the significance of regulating mobile applications.
When one looks at the existing law, one finds that India does not have a dedicated legal framework to govern mobile applications. It is correct that mobiles are brought under the ambit of the term ‘communication device’ under the Information Technology Act, 2000. However the entire aspect pertaining to regulating the affairs of mobile application service providers have not been defined or adequately dealt with under the Indian cyber laws. It is correct that mobile app service providers are intermediaries under the Information Technology Act, 2000 and consequently, all intermediaries are mandated to exercise due diligence while they discharge their obligations under the law. However, the specific parameters of due diligence for mobile apps service providers have not been specifically defined under the Indian Information Technology Act, 2000.
There are no adequate legal provisions to regulate activities of mobiles application service providers. This entire episode needs to be a wake-up call for India to protect the consumers of mobile application service providers, given the fact that India does not have a dedicated law on privacy in this regard.
Typically, any and every mobile application is going to access the data that is on a user’s device. This could include either the media, audio, or any other information available on one’s phone. It really depends from app to app as to what is the specific focus on the data that they want to achieve and what are the reasons for which they are seeking specific permissions from users.
Today’s world is a data economy world. Today, every service provider is interested in a user not as a person but, as a data entity who is constantly generating, broadcasting and transmitting data. Service providers consequently use data generated from users for various purposes like targeting them with specific messages or advertising, etc. Data has a multifold purpose not just for profiling users, but also for the purposes of bombarding users with various kinds of services, perspectives, opinions, content, text which could help them make decision to pertaining to their existing day-to-day affairs.
India as a nation needs to protect its data users and their personal and data privacy. The nation needs to revisit its existing stand on intermediary liability and make service providers liable for unauthorised access to and use of third party data. The nation needs to ensure that the data of Indians is not first sent to locations outside India and then misused. Data localisation is one approach that needs to be well examined in this regard, not only to protect Indian data users but also to protect Indian cyber sovereignty as also India’s sovereign interest in cyberspace. All eyes are on the government to provide effective remedy to affected persons, who are prejudicially affected by unauthorised data breaches.
(The author is a Supreme Court advocate and is an expert on cyber and cyber security laws)