Why should you care?
The Ministry of Culture launched a flagship website, harghartiranga[dot]com, allowing citizens to register using their mobile numbers or a single social sign-on such as through Google or Facebook. After logging in and permitting the website to access their location, the website allowed the users to ‘pin’ a digital flag on their location. Subsequently, a certificate of appreciation is generated for them to share and display publicly. These auto-generated certificates are a Faustian bargain in exchange for the structured and highly sensitive data with which the users have to part.
- Lack of data minimisation: The website allows users to log in using either their Google single sign-on (SSO) or a combination of their name and phone number. However, the collection of the contact information serves no purpose. The website must be re-designed to ensure the application of data minimisation principles, and it must do away with the collection of the phone numbers of visitors.
- Lack of actual protections for minors’ data: While the website mentions that it does not “knowingly collect any Personal Identifiable Information from children under the age of 18”, it allows anyone to upload an image of themselves holding a flag along with their name, including minors. This failure to proactively safeguard minors’ data can have an additional negative impact on them. It has been established, most recently in the Hon’ble Supreme Court’s judgment in Justice K.S Puttaswamy vs Union of India (2017) 10 SCC 1, that there has to be an added burden while handling and processing children’s data.
- Issue a public statement either through a disclaimer on the website or a press release stating that all data has been deleted and that it has not been shared with any third party(s) or put to any other use.