As part of its initiative to encourage LPG users to pay market price and not avail the LPG subsidy provided by the government, Bharatgas has put up a list of customers who have opted out on a ‘Scroll of Honour’ on its website. However, what Bharatgas hasn’t paid much attention to is consumer privacy.
One can simply select a State and a district and get a list of Bharatgas customers that opted out of the subsidy scheme, including their addresses. The consumer privacy implications of this is can be severe. Firstly, there’s the chance of telemarketing companies, banks and credit card agents among others collecting your addresses and storing them on their database. But more worryingly, this information could be used for far worse activities. How difficult would it be to create a fake ID based on the address and name?
The Modak Analytics case
If you think these are extreme scenarios, then let me tell you that this has happened earlier. Last year, a Hyderabad-based web analytics company Modak Analytics claimed that it had created a “big data based Electoral data repository” after scraping information of 81.4 crore voters from Election Commission website. The company planned to analyze this data to help parties or candidates “raise funds, design a tailored communication to target a select few voters, rework advertisements and create detailed models for voter engagement in battleground states as well as in gender and voter clusters to increase the power of micro-targeted strategy,” the company had said in a statement to the Economic Times. Just like Modak Analytics, any individual or company sourcing contact information from the Bharatgas site can claim that this information is in public domain.
Who’s to blame here?
Another issue that needs to be addressed is whether Bharatgas should be held responsible if the data taken from its site is misused or should the accountability lie only with the company misusing it? The least Bharatgas could have done was put a captcha in place or setup a backend process monitoring scraping of data. Yes, we can blame the company, like Modak, but the impression one gets from Bharatgas’s site is that the data is actually open source. This is a very lackadaisical attitude, more than incompetence and malice.
Need for a privacy law
This further highlights why the government of India needs to implement a privacy law. The earlier government had drafted a Bill on the Right to Privacy in the hope of curbing the trend of unbridled surveillance and to ensure that there are legal mechanisms for safeguarding individual privacy, to balance the concerns of both individual privacy and state security. Read more about it here.
TRAI email ID fiasco: TRAI’s masterstroke of releasing the email ids of EVERYONE who replied to its consultation paper on net neutrality, is another glaring example of how lightly online privacy is treated in the country. If the regulatory authority can make such a stupid (no actually reckless) move, then what better can we expect from other organisations?