Government Directive on Pre-Installed Apps Sparks Digital Rights Debate
DoT's order for pre-installation of 'Sandes' and 'Aarogya Setu' apps on new phones raises concerns over privacy and digital autonomy.
Photo by Raghavan Ng
Quick Revision
DoT issued a directive to mobile manufacturers.
Apps to be pre-installed: 'Sandes' (government instant messaging) and 'Aarogya Setu' (COVID-19 contact tracing).
The directive is for all new smartphones sold in India.
Digital rights activists express concerns over privacy, data security, and digital autonomy.
The directive was issued on November 27.
The DoT order refers to a 2019 report by a parliamentary standing committee on IT.
Key Dates
Key Numbers
Visual Insights
Digital Rights & Data Protection: A Timeline to the DoT Directive
This timeline illustrates the key milestones in the evolution of digital rights and data protection in India, providing context to the current debate sparked by the DoT's directive on pre-installed apps.
The directive on pre-installed apps is the latest development in India's journey towards digital governance, set against a backdrop of evolving privacy laws and increasing digital penetration. The debate highlights the tension between state's legitimate aims (public health, communication) and individual digital autonomy and privacy rights, as recognized by landmark judgments and recent legislation.
- 1950Indian Constitution adopted; Article 21 (Right to Life & Personal Liberty) and Article 19(1)(a) (Freedom of Speech & Expression) enshrined.
- 2000Information Technology Act enacted, providing legal framework for e-commerce and e-governance, but limited data protection.
- 2015Digital India program launched, aiming for digital empowerment and service delivery.
- 2017K.S. Puttaswamy v. Union of India: Supreme Court declares Right to Privacy a fundamental right under Article 21.
- 2018Justice B.N. Srikrishna Committee submits report, recommending a comprehensive data protection law.
- 2020Aarogya Setu app launched for COVID-19 contact tracing, raising initial privacy concerns.
- 2021Sandes app (Govt. instant messaging) launched, aiming to provide a secure communication platform.
- 2023Digital Personal Data Protection Act (DPDP Act) enacted, establishing a legal framework for personal data protection.
- 2023Telecommunications Act, 2023 enacted, replacing archaic telecom laws.
- CurrentDoT directive to mobile manufacturers for pre-installation of 'Sandes' and 'Aarogya Setu' apps, sparking digital rights debate.
Exam Angles
Constitutional Law: Right to Privacy (Article 21), reasonable restrictions, fundamental rights vs. public interest.
Governance: E-governance, digital public goods, regulatory powers of DoT, balance between state power and individual liberties.
Cybersecurity & Data Protection: Digital Personal Data Protection Act (DPDPA) 2023, IT Act 2000, consent mechanisms, data fiduciaries.
Science & Technology: Indigenous app development, open-source vs. proprietary software, digital infrastructure.
Ethics: Surveillance, digital autonomy, informed consent in a digital age.
View Detailed Summary
Summary
The Department of Telecommunications (DoT) has issued a directive asking mobile phone manufacturers to pre-install certain government applications, specifically 'Sandes' and 'Aarogya Setu', on all new smartphones sold in India. This move has sparked a significant debate among digital rights activists and experts, who are raising concerns about user privacy, data security, and the potential for surveillance.
They argue that mandating pre-installation could infringe on a user's digital autonomy and might not align with principles of data protection. The government, however, views these apps as essential for communication and public health initiatives.
Background
Latest Developments
Practice Questions (MCQs)
1. With reference to the recent directive on pre-installed government applications, consider the following statements: 1. The Department of Telecommunications (DoT) has mandated the pre-installation of 'Sandes' and 'Aarogya Setu' on all new smartphones. 2. 'Sandes' is an open-source instant messaging platform developed by the National Informatics Centre (NIC). 3. The directive has been criticized for potentially violating the 'Right to be Forgotten' under the Digital Personal Data Protection Act, 2023. Which of the statements given above is/are correct?
- A.1 only
- B.1 and 2 only
- C.2 and 3 only
- D.1, 2 and 3
Show Answer
Answer: B
Statement 1 is correct as per the news. The DoT has indeed issued this directive. Statement 2 is correct; Sandes is a government instant messaging app developed by NIC, often referred to as an indigenous alternative to WhatsApp. Statement 3 is incorrect. The primary concerns raised by activists are related to user privacy, data security, and digital autonomy, potentially infringing on the Right to Privacy and principles of consent, rather than specifically the 'Right to be Forgotten'. The 'Right to be Forgotten' generally pertains to the right to have personal data erased or delisted from public view under certain conditions, which is a different aspect of data protection than mandatory pre-installation and potential surveillance.
2. In the context of digital rights and data protection in India, which of the following statements is/are correct regarding the K.S. Puttaswamy judgment (2017)? 1. It declared the Right to Privacy as a fundamental right under Article 21 of the Constitution of India. 2. The judgment established a 'three-fold test' for any invasion of privacy by the state: legality, necessity, and proportionality. 3. It explicitly stated that biometric data collected under the Aadhaar scheme is exempt from privacy concerns due to its public welfare objective. Select the correct answer using the code given below:
- A.1 only
- B.1 and 2 only
- C.2 and 3 only
- D.1, 2 and 3
Show Answer
Answer: B
Statement 1 is correct. The K.S. Puttaswamy judgment (2017) unequivocally declared the Right to Privacy as an intrinsic part of the Right to Life and Personal Liberty under Article 21 of the Constitution. Statement 2 is correct. The judgment laid down a three-fold test for any state action infringing on privacy: (i) legality (must be backed by law), (ii) necessity (must be for a legitimate state aim), and (iii) proportionality (must be proportionate to the aim and have procedural safeguards). Statement 3 is incorrect. While the judgment did address Aadhaar, it did not exempt biometric data from privacy concerns. Instead, it emphasized the need for a robust data protection law and upheld the constitutional validity of Aadhaar with certain caveats and restrictions, particularly regarding its use by private entities, and stressed the importance of privacy safeguards for such data.
3. Consider the following statements regarding the Digital Personal Data Protection Act (DPDPA), 2023: 1. It applies to the processing of digital personal data outside India if it involves offering goods or services to data principals in India. 2. The Act mandates that consent for processing personal data must be free, specific, informed, and unambiguous. 3. It establishes the Data Protection Board of India as an independent body to adjudicate disputes and impose penalties. How many of the statements given above are correct?
- A.Only one
- B.Only two
- C.All three
- D.None
Show Answer
Answer: C
Statement 1 is correct. The DPDPA 2023 has extra-territorial applicability, covering processing of digital personal data outside India if it relates to offering goods or services to data principals (individuals) within India. Statement 2 is correct. The Act defines 'consent' as free, specific, informed, unconditional, and unambiguous, clearly indicating the data principal's agreement to the processing of their personal data. Statement 3 is correct. The DPDPA 2023 provides for the establishment of the Data Protection Board of India (DPBI) to enforce the provisions of the Act, inquire into breaches, and impose penalties, acting as an independent adjudicatory body.