#PrivacyOfThePeople: Gig and app-based workers

In the latest post in our #PrivacyOfThePeople series, we look at the impact of the Personal Data Protection Bill, 2019 on gig workers. We examine the minimal data rights provided to these workers by work agreements, how the PDPB would affect these conditions, and how these issues can be remedied.

30 September, 2021
5 min read


In the latest post in our #PrivacyOfThePeople series, we look at the impact of the Personal Data Protection Bill, 2019 on gig and app-based workers. We examine the minimal data rights provided to these workers by work agreements, how the Bill would affect these conditions, and how these issues can be remedied.


Through our #PrivacyOfThePeople series, we aim to explore the ways in which the Personal Data Protection Bill, 2019 affects the lives of various segments of society. To date, we have explored the effects of the Bill on ASHA and Anganwadi workers, farmers, social media users, medical patients, students, and dating app users.

This week, we look at an issue that has been the focus of much public debate in recent weeks: the condition of India’s gig and app-based workers. Over the last couple of weeks, India’s gig workers, especially those working as delivery riders, have increasingly taken to social media to complain about their plight. Many of these workers face long hours and low incomes, while their status as ‘independent contractors’ denies them many of the benefits and welfare nets afforded to employees. In this blogpost, we look at the data rights afforded to these workers by the platforms and how these would be affected by the Personal Data Protection Bill, 2019.

The issue

Gig workers Partner agreements in the gig-work industry significantly disadvantage workers. For example, delivery workers have complained of constant surveillance by platform apps, low net pay even after long working hours, unsafe working conditions due to the high velocity demands placed by platform apps, and a hostile working atmosphere that penalises workers for the most minor infractions. Platforms are also employing indirect methods such the ‘gamifcation’ of worker ratings by displaying a weekly scoreboard of top performers as way to increase intra-worker competitiveness and encourage them to stay online for longer periods (without compensating them for the same)

A report on working conditions in Indian internet ventures by the Fairwork Project ranked Zomato, Swiggy, and Uber the lowest, scoring 1 out of 10 point scale based on pay, conditions, contracts, management, and representation. Ola did only marginally better with a score of 2. These issues are compounded by the categorization of such workers as independent contractors and not as employees (even though these companies look at themselves as ‘employers’).

Such working conditions lead to platforms having significant control over the phones of gig workers. Zomato riders have said that logging off the app leads to “phone calls and messages from their team warning them” to log back in or risk losing their payment incentives. High levels of control over data are reflected in the partner agreements as well. For example, Dunzo’s delivery partner agreement states besides monitoring and sharing a worker’s geo-location data during the provision of services (which may be understandable), Dunzo, “may monitor, track and share your geo‐location information obtained by the Platform and Delivery Partner Device... for safety, security, technical, marketing and commercial purposes”. The ambiguity here with respect to the period during which the data will be collected may lead to a situation where workers are surveilled during their ‘off-duty’ time. This can be seen in instances where delivery workers have complained of receiving ‘nudges’ and notifications during their off-duty time that urged them to be in the vicinity of a package pickoff point (thus effectively soliciting unpaid work from these workers). Similarly, Zomato’s delivery partner agreement states that Zomato can “store, process, access, and use delivery partner information for certain purposes” as Zomato may deem fit (subject to the applicable law). Given that the Personal Data Protection Bill, 2019 is yet to be passed, this clause gives Zomato effective control of riders’ data.

Additionally, delivery partner agreements also sometimes contain clauses that suppress any public debate about gig work platforms. Clause 5.c of Dunzo’s partnership agreement states that “disparagement of Dunzo or any of its affiliates'' constitutes grounds for termination. Clause 10.2.i of Zomato’s delivery partner agreement states that delivery partners can be terminated for “indulging in spreading content through digital media, social networking sites, or any other form, which could be detrimental to Zomato’s brand and its image”. Such clauses may violate the right to freedom of speech by stifling the voices of workers, and they curtail the possibility of a public discussion about working conditions in gig work.

The PDP Bill

Clause 13 of the PDP Bill 2019 allows processing of personal data (though not sensitive data) by employers without the consent of the employee for certain purposes such as verifying attendance or for assessing employee performance. For such purposes, the consent of the employee is not necessary for the processing of their data in case doing so “would involve a disproportionate effort” on the part of the employer. Such an over-broad carveout being granted to employers is a clear threat to individual privacy and the dignity of labour.

However, while the Bill does exempt employers from needing the consent of employees to process their data, other obligations relating to prior notice, purpose limitation, data minimisation, storage limitation, maintaining security and integrity of data etc. must still be complied with. Furthermore, the exemption on processing sensitive personal data, which includes financial data, health data, official identifier, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste or tribe, and religious or political belief or affiliation, may lead to several changes in existing practices.

The solutions

To remedy these issues, we suggest the following:

  1. Reduce scope of consent override: The principles of necessity and proportionality in data processing should be included under Clause 13 of the Bill. A mandatory obligation should be imposed on the employer to consult employees and seek their views prior to processing personal data. To this extent, the Data Protection Authority proposed by the Bill should be entrusted with the responsibility of issuing a Code of Practice for workplace surveillance.
  2. Gig work platforms must process data responsibly: Gig work platforms must follow established principles of data minimisation, proportionality, and transparency while processing the data of gig workers. Employment status must not be used as a stick to ride roughshod over the data rights of individuals. Greater clarity over the payment algorithm is essential for ensuring fair pay to workers

Important documents

  1. The Personal Data Protection Bill, 2019 as introduced by the Minister for Electronics and Information Technology, Mr. Ravi Shankar Prasad (link)
  2. IFF's Public Brief and Analysis of the Personal Data Protection Bill, 2019 (link)
  3. The SaveOurPrivacy Campaign (link)
  4. IFF’s Public Brief on Impact of Personal Data Protection Bill, 2019 on Worker Surveillance (link)Previous blogpost dated Feb 12, 2020, titled “Workplace Surveillance: Your employer could be watching you” (link)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!