#PrivacyofThePeople - ASHA Workers and Employee Surveillance

Tl;dr

In our new weekly series  #PrivacyofThePeople, we will look at the impact of the Personal Data Protection Bill, 2019 on different sections of society. In this post, we discuss the issue of worker surveillance through the ASHA workers’ recent fight for digital privacy. We also detail how the Bill affects workplace surveillance at large. Simply put, there cannot be a compromise on privacy in the name of “efficiency”. Mass surveillance disproportionately affects marginalized groups and only continues to foster mistrust amongst people.

Background

As has been reported earlier, the Joint Parliamentary Committee on the Personal Data Protection Bill, 2019 is likely to submit its report in the upcoming Monsoon session of Parliament. Thus, as we inch closer to the session, it is important that we assiduously scrutinize the existing Bill. It is with this in mind that we launched our previous two series on the Bill recently. The first, #StartfromScratch, was a more general series that provided some context to the bill, explained its provisions in detail, highlighted the key concerns with the Bill, and suggested potential alternative frameworks. In the second series, #DataProtectionTop10, we went into the issues in greater depth, looking at the ten main concerns we had with the Bill.

In this new series titled #PrivacyofThePeople, we wish to discuss people-centered concerns surrounding the Personal Data Protection Bill, 2019. Unlike our #DataProtectionTop10 and #StartFromScratch series, this series aims to highlight important issues related to the Bill through different lenses in society and examining how these issues will manifest in our daily lives. Here, we will discuss the direct implications the Bill may have on students, healthcare professionals, farmers, and more.

The issue

According to recent media reports, the Accredited Social Health Activist (ASHA) workers in Haryana were made to download a Mobile Device Management (MDM) application that violates their digital privacy. The application, “MDM 360 shield”, was forcefully installed on the workers’ personal phones (most do not earn enough to possess 2 separate phones) by local health department officials. In cases where they were provided with a new phone, the workers were not informed that the application had been pre-installed on the said device.

The application allows senior officials to track the locations of ASHA workers and add/delete information on the handsets provided by the department.

  1. The workers fear it will make them further vulnerable to greater scrutiny and harassment from officials.
  2. There is great concern regarding the privacy and safety of the primarily female workers as their coordinators and officials are mostly men.
  3. Such intrusive surveillance only hampers any possible unionization efforts.

In a memorandum to CMO Dr. Randeep Singh Punia, the ASHA workers requested to cease the “mandatory” installation of the app on their personal phones. Over 22,000 workers are now fighting against the intrusive app, with most deciding to hand their phones back as a sign of protest.

Yet, it is not the first time that MDM apps are being used for worker surveillance. Huffpost reported a similar tracking system in Panchkula, Haryana. The Municipal Corporation forced sanitation workers to wear GPS-enabled “Human Efficiency” trackers strapped to their wrists. The physical wearable device had a microphone and camera so supervisors could watch and hear workers as they worked. Switching off the tracker during duty hours or straying from the GPS-monitored geo-fence would alert the system resulting in possible salary cuts. This is just another example of the growing number of such surveillance systems in recent years.

As part of IFF’s continued efforts to fight against 360-degree surveillance of workers, on the 26th of April 2020, we sent a legal notice to BECIL regarding its procurement of employee tracking devices. The “Personnel Tracking GPS Solution” posed a threat to the privacy of healthcare workers. Our blogpost on the issue can be read for more information.

India has witnessed an increase in the use of biometric authentication, CCTV cameras, device monitoring, and location tracking by employers to monitor the activities of their employees. This surveillance revolution is sweeping India’s government departments, aided by private and state-owned companies who have spotted a lucrative opportunity to push largely untested and deeply invasive systems in the name of “digital innovations”.

The problem is that such intrusive surveillance systems are implemented with little oversight, no worker consent, and no public conversation. These systems undermine the fundamental right to privacy guaranteed by Articles 14, 19, and 21 of the Constitution. Turning workplaces into panopticons not only encroaches on these basic rights, but also negatively impacts free speech and unionization. Furthermore, such surveillance systems are largely being used on marginalized members of the country’s workforce.

The PDP Bill and Worker Surveillance

The Personal Data Protection Bill, 2019 (PDP) prohibits the collection of sensitive personal data by employers for any purpose without the consent of the employee. However, Clause 13 of the Bill allows the processing of personal data which is not classified as sensitive personal data by employers without the consent of the employee for the following purposes:

  • recruitment or termination of employment
  • provision of any service or benefit to the employee
  • verification of attendance
  • any other activity relating to the assessment of the performance of the employee

Furthermore, trade union affiliation has not been explicitly recognized as sensitive personal data. This can negatively impact the ability of workers to unionize which is a fundamental right guaranteed by Article 19(1)(c) of the Constitution. It is integral to protect the workers’ collective voice in any workplace as unionization can help secure worker demands.

The European Union’s General Data Protection Regulation (GDPR) clearly details employee rights and employer obligations. The GDPR explicitly states that consent to giving data must be “freely given, specific, informed and unambiguous”. With the increased involvement of technology in mass surveillance systems, India’s PDP Bill needs to do more to safeguard the privacy, dignity, and autonomy of workers.

For further analysis on the issue, we encourage you to read our public brief on the impact of the Personal Data Protection Bill 2019 on workplace surveillance.

Solution

There cannot be a compromise on data and digital privacy of employees in the name of “efficiency”. Mass surveillance disproportionately affects marginalized groups and only continues to foster mistrust. One solution is imposing a mandatory obligation on the employer to consult employees and seek their views prior to processing personal data under Clause 13, PDP Bill, 2019. The broader conversation of implementing surveillance systems must be discussed with all stakeholders including respective workers and the public at large.

  1. The principles of necessity and proportionality in data processing should be included under Clause 13, PDP Bill 2019.
  2. A mandatory obligation should be imposed on the employer to consult employees and seek their views prior to processing personal data under Clause 13, PDP Bill, 2019.
  3. The Data Protection Authority should be entrusted with the responsibility of issuing a Code of Practice for workplace surveillance under Clause 50, PDP Bill, 2019.
  4. The Code of Practice for workplace surveillance issued by the Data Protection Authority should impose a prohibition on monitoring of any unionization-related activity and prescribe penalties for the same.
  5. Trade Union affiliation should be categorized as sensitive personal data under Clause 3(36), PDP Bill, 2019.

This is the first post in our #PrivacyofThePeople series on how the Personal Data Protection Bill will impact different facets of our life. Join us next week as we look at the Bill in the context of Indian agriculture.

Important Documents

  1. The Personal Data Protection Bill, 2019 as introduced by the Minister for Electronics and Information Technology, Mr. Ravi Shankar Prasad (link)
  2. IFF’s Public Brief on Impact of Personal Data Protection Bill, 2019 on Worker Surveillance (link)
  3. Previous blogpost dated Feb 12, 2020, titled “Workplace Surveillance: Your employer could be watching you” (link)
  4. Previous blogpost dated April 26, 2020, regarding IFF’s legal notice to BECIL regarding its employee tracking devices procurement (link)
  5. The SaveOurPrivacy Campaign (link)

This post was drafted by Tanvi Roy, who is an undergraduate student majoring in Computer Science at Ashoka University and currently interning at IFF.