wordpress blog stats
Connect with us

Hi, what are you looking for?

On the Narendra Modi app and the Clevertap controversy

Security researcher Robert Baptiste, who goes by the pseudonym Elliot Alderson on Twitter, has alleged that that PM Narendra Modi’s application, the “Narendra Modi” application, was collecting the following details about people who downloaded it: email, photo, name, gender, photo, education, device ID, date of birth, phone number, language preferences, profession, city, carrier, among other fields such as (what appear to be interests or the willingness to receive alerts about the PM), video preferences etc.

This data is being sent to Clevertap, Baptiste revealed, which is a California based company, and has servers outside of India.

1. What is CleverTap’s role in collecting information?

Clevertap is an analytics and a customer marketing platform. It collects data offered to it by the device (with user permissions), from forms filled in by the user, and on segments based on actions taken by the user within the application.

Advertisement. Scroll to continue reading.

The data collection here is being done by the Narendra Modi app, and not Clevertap:

  • Collection of demographic information is based on fields that the Narendra Modi app has defined
  • Device and network related information is what has been enabled by the Operating System and allowed by users
  • Behavioral information has been collected by the Narendra Modi app, enabled by Clevertap.

In this, technically, the Narendra Modi app is a data collector, and Clevertap is a data processor. If data processing wasn’t allowed, you wouldn’t be able to use Google Analytics, and India’s entire BPO industry would die. It’s a legitimate business, but we need a privacy law in India to govern data collection.

2. What is Clevertap’s role in behavioral targeting?

Clevertap allows behavioral targeting of messaging within the application. Clevertap’s website says:

“When a person launches the company’s app for the first time, we automatically create a CleverTap user profile for the person with our SDK. As the person navigates through product pages in the app, we log these actions as events associated with the user’s profile.” [source]

An example of the kind of behavior that apps which deploy Clevertap may track is indicated here:

  • What users do immediately AFTER an event (ex: launched app)
  • What users do immediately BEFORE an event (ex: uninstalled app)
  • And any other user journey within your app

In terms of behavioral targeting of messaging, Clevertap allows the following:

“Through CleverTap’s dashboard, the marketer can create a campaign to show an in-app notification to users who recently made a purchase above a certain price. Next time the user launches the app, they will see a personalized message thanking them for buying that specific product and a discount code for their next purchase.” [source]

Now how would the Narendra Modi app have done things differently, since it had no e-commerce play? It could have tracked usage of the app (news, specific news items, Mann ki baat, NaMo TV), and built profiles of each individual in terms of their topics of interest, and shown them updates related to what their potential areas of interest are.

While there is no indication that this feature was being misused by the application, but it does lend itself to microtargeting based on behavioral data. This is not happening at the scale at which Cambridge Analytica was targeting users, but the risk remains. We need rules and laws governing behavioral targeting because of the impact it appears to have, especially when it comes to political activity.

Advertisement. Scroll to continue reading.

2. Data being sent to a US based company: I’m not sure how it really matters whether Clevertap is an Indian company or not: Its data probably has stronger privacy protections in the US than in India, which doesn’t have a privacy law, and the Indian state apparatus has wanton disregard for privacy and argues against it. That Clevertap’s founders are Indian and it operates mostly in India doesn’t make it an Indian company, but that shouldn’t matter.

3. On data being sent to servers outside of India: Even if the servers were in India, it wouldn’t provide users with any significant protection. All that hosting within India does is enable state surveillance from the Indian state. Hosting outside will enable surveillance from outside the Indian state, but that will depend on local laws. Even if hosting in India was mandatory, data can still be sent first to Indian servers and backups can be kept outside. What helps users is hosting in countries with the strongest data protection laws.

4. Narendra Modi app and terms and conditions were changed: Someone was daft enough to put in a line in the privacy policy that said that information collected will not be shared with third parties (web archive link), and then allow a third party to be given that data for processing. The policy has since been changed, and this is the way the policy should have been written in the first place.

5. Consent isn’t working: We’ve reached a point where user consent isn’t really working out, because of bounded rationality issues: users don’t realise the implications of how much data they’re allowing someone to collect about them, and the implications of this data collection. Terms and conditions and privacy policies aren’t serving their purpose anymore. The amount of data that devices allow for collection needs to be limited, and be made necessary and proportionate. We need companies and app developers to be more responsible about what how much data they collect, how they process and use it. There’s a global market failure in data protection.

What has happened in case of Clevertap here can happen with others too: there’s a legitimate distrust of data collectors and processors, given what has happened with Facebook and Cambridge Analytica.

Information asymmetry breeds distrust, and reactions are going to be often visceral. The collateral damage, as in case of Clevertap here, will only increase with time.

Advertisement. Scroll to continue reading.

It’s up to the advertising and marketing industry to win users trust back, and be more transparent and fair.
*

P.s.: The issue of NCC cadets being nudged by the state machinery towards downloading the Narendra Modi app is a separate issue: the PMO India app is separate from the Narendra Modi app, and the state machinery shouldn’t be used to promote the usage of a private service. It’s the same issue as BHIM, which is a bank-consortium owned app, being allocated government resources for promotion, and the PM endorsing it.

Vidyut adds

While the privacy policy is now updated to disclose the sharing of data with third parties, it does not change:

  • Data collected and shared with third party so far has been collected without user consent. It may also be illegal in spite of the absence of a privacy law, given that the privacy policy had stated that the data would not be shared, while sharing it.
  • Silently updating a privacy policy is not ethical (or legal in countries with privacy laws – India currently lacks one) An update to the privacy policy, particularly one that adds something as major as sharing user data with a third party should be accompanied with a notification about the updated privacy policy for users to read and consent to.
  • Ideally, users refusing to consent to the privacy policy that includes sharing data with third parties, should have the right to have their unethically harvested data deleted from the database of the app.

Written By

Founder @ MediaNama. TED Fellow. Asia21 Fellow @ Asia Society. Co-founder SaveTheInternet.in and Internet Freedom Foundation. Advisory board @ CyberBRICS

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ