Search
Content type: Examples
New rules rolled out by India's app-based home services platform Urban Company require its more than 52,000 workers to maintain ratings of a minimum of 4.7 (out of 5), accept 70% of job leads, and cancel only four jobs a month. The company says the rules are intended to improve customer experience and raise standards, and may increase its requirements to 80% acceptance and three cancellations. Workers who don't meet the requirements must attend online (free) or offline (fee-bearing) training,…
Content type: Report
The methodology employed for this report consists primarily of in-depth interviews held with grassroots political workers and representatives of collectives. The researchers interviewed 14 individuals from various social justice causes such as womens’ rights, climate change, transgender rights, students’ rights and the right to universal internet access in Pakistan. The experiences they have shared with the interviewers along with the real-time developments in the country’s law and order…
Content type: Examples
The facial recognition system the Indian state of Telangana intends to adopt for taking attendance in schools will be AI-enhanced, eliminate the paper register via an Android app, serve 2.6 million students in 26,000 schools, and be extended to teachers after it has been successfully implemented for students. The system will capture a secured binary template based on 72 points on the face rather than photos of end users.Article: Telengana facial recognition system will include…
Content type: Examples
Following pilots in Nirmal and Jayashankar Bhupalpally districts, the government of the Indian state of Telangana is planning on adopting facial recognition software to manage attendance in the schools. Officials have said the system should ensure every transaction is transparent and traceable and work in all environments with low-configuration mobiles and tablets. The existing biometric system has had technical issues.Article: Telangana adopts facial recognition for taking…
Content type: Examples
Since launching its The Learning App in 2015, the Indian EdTech company Byju's had grown to serve more than 80 million users and 5.5 million paid subscribers by 2021; it provides learning programs for students aged four years old and up. However, former employees say that underpinning the company's growth is a hard-selling culture that takes advantage of underprivileged families who can't afford their products but in India's hyper-competitive environment take out loans they can't afford to…
Content type: Explainer
The Free to Protest Guide Pakistan has been created by adapting Privacy International's (PI) Free to Protest Guide UK according to the laws and policies of Pakistan, in collaboration with PI and local activists in Pakistan.The Guide has been published in English, Urdu, Punjabi and Pashto.DISCLAIMER: This guide forms part of PI's global work to highlight the range of surveillance tools that law enforcement can use in the protest context, and how data protection laws can help guarantee…
Content type: Examples
Drivers for app-based companies like Uber, tired of their lack of transparency, share their experience and swap tips to help each other game the platforms to their advantage via in-person workshops and Telegram groups, aided by the Indian Federation of App-based Transport Workers and the Telangana Gig and Platform Workers' Union. Similar movements exist around the world. In 2021, a Dutch court upheld a complaint by Uber and Ola drivers from the UK and Portugal asking those companies to provide…
Content type: News & Analysis
Privacy International (PI) is concerned by developments in Pakistan regarding the enactment of the Draft Personal Data Protection Bill, 2023 and the opaque process which will see the bill become law.
The Bill was published on 19 May 2023 by the Ministry of Information Technology and Telecommunication ('MITT'). However no open and inclusive consultation was open for comments to be submitted to the MITT. In a concerning development it was reported that the Bill was approved by the Federal…
Content type: Examples
A security flaw in the mandatory "Diksha" app operated by the Education Ministry, which became an important tool for giving students access to coursework while at home during the pandemic, exposed the data of millions of Indian students and teachers for more than a year when a cloud server hosted on Microsoft Azure was left unprotected. In 2022, Human Rights Watch found that Diksha was able to track students location, and shared data with Google, which indexed more than 100 files from the…
Content type: Long Read
Introduction
India’s educational system is the largest in the world, with over 250 million students, 50% of whom attend publicly administered schools.
The autonomy given by the Indian Constitution to the 28 states and 8 union territories means that the right to education is implemented quite differently in each one, respecting culture, language, and other local specificities. Educational policies are suggested at the national level by various autonomous agencies and states can implement them in…
Content type: Examples
In January 2021, the Indian Health Ministry officially allowed Aadhaar-based authentication when creating a UHID for identification and authentication of beneficiaries for various health IT applications promoted by the Ministry. This enabled the Co-Win portal, which is used to book COVID-19 vaccination appointments, to accept Aadhaar for authentication. As per Clause 2a of Co-Win’s privacy policy, “If you choose to use Aadhaar for vaccination, you may also choose to get a Unique Health ID…
Content type: Examples
It is said, better late than never. Some activists and academics, hesitantly, thought the old maxim could be applied to the Centre's micro-credit facility for street vendors – which was indisputably behindhand, in the wake of the coronavirus-triggered lockdown, announced on March 24.
But, more than a month down the line since its launch, the programme is not proving to be any beneficial either.
The majority of the eligible vendors are not able to avail the Rs. 10,000 loan, under the Pradhan…
Content type: Long Read
This piece was last updated in June 2021.
In many countries, access to social protection (such as welfare programmes or healthcare) is made conditional on producing a form of identification (“ID”). But obtaining a recognised and accurate ID is often a process riddled with discriminatory designs, bureaucracy and technical failures that prevent individuals from accessing the services they are entitled to. Even when people eventually get an ID, it might not accurately reflect who they are,…
Content type: Long Read
This article was written by Sameet Panda and Vipul Kumar.
Over the last couple of years, there has been a push towards digitising the PDS, which includes linkage with the Aadhaar (India’s biometric identification system) and maintenance of digital records at Fair Price Shops that distribute the ration, among other initiatives. Without taking into account the availability of appropriate digital infrastructure and access among beneficiaries, these initiatives have been unable to solve…
Content type: Examples
Many of India’s informal workforce of 450 million people - 90% of the total workforce - were abruptly closed out of their places of employment when prime minister Narendra Modi abruptly ordered a lockdown in April. Left without pay, unable to stay in their living conditions, and with only limited train service available, many workers began walking back to their home states. Along the way, police are punishing them for failing to obey the quarantine and social distancing rules; others are dying…
Content type: Examples
Governments in Norway, Britain, Qatar, and India, among others, have had to either drop or remediate the contact tracing apps they’ve released to help combat the coronavirus due to the rush in which they were released. Many had security flaws that risked exposing user data; others pose privacy and security risks due to the amount of data they collect. While the apps may be helpful in countries like South Korea, where the medical infrastructure exists to do mass testing and isolation, digital…
Content type: Examples
Based on a recommendation by union home minister Amit Shah, in mid-June the Delhi government directed hospitals to issue covid-free certificates to patients when discharging them on the basis that they would help reduce the stigma around the disease and allow those who have recovered to go back to their normal lives. Patients were being discharged after recovery without confirmatory tests, and needed assurance that they were no longer contagious; the certificates would also ease travel by rail…
Content type: Examples
TrustNet Pakistan, the country’s only digital trust foundation, has begun work alongside many other global technology companies on a digital vaccination verification platform called CovidCreds. The initiative supports projects that use privacy-preserving verifiable credentials. TrustNet is working on a solution called Vaccify to provide verification that it’s safe for people to travel out of Pakistan. The system is expected to work via a mobile phone app that can digitally receive test results…
Content type: Examples
The Manchester-based cybersecurity company VST Enterprises is working a digital health company Circle Pass Enterprises to create the “Covi-pass” digital health passport intended to allow holders to work and travel safely. The Covi-pass uses a colour system of red, green, and amber to indicate whether the holder has tested positive or negative for the coronavirus, and holds other key information such as name, address, and age, plus a biometric. Despite the challenge of sourcing enough…
Content type: Examples
Between June 25 and July 6 India said officials would visit every household in New Delhi’s entire population of 29 million to record each resident’s health details and administer a COVID-19 test. In the meantime, police, along with surveillance cameras and drone monitoring, will enforce physical distancing and prevent the population from mixing inside the capital’s 200-plus containment zones. The move follows a spike in cases and the discovery of large clusters of cases in the capital that have…
Content type: Examples
A detailed analysis of Pakistan’s app, which was developed by the Ministry of IT and Telecom and the National Information Technology Board and which offers dashboards for each province and state, self-assessment tools, and popup hygiene reminders, finds a number of security issues. Among them: the app uses hard-coded credentials, which it sends insecurely, to communicate with the government server, and it downloads the exact coordinates of infected people in order to provide a map of their…
Content type: Examples
More than 2,500 foreign Muslims from 35 countries travelled to India to attend a mid-March gathering held with government permission at the Tablighi Jamaat headquarters in Delhi in mid-March. A day later the government issued a notice limiting events in Delhi to 50 people and a week later grounded all international flights grounded and, with just four hours’ notice, ordered a strict nationwide lockdown. More than 1,000 visitors were stranded in Tablighi Jamaat’s headquarters. However, numerous…
Content type: Examples
The lack of data protection laws and the absence of a privacy commission are contributing factors to Pakistan’s failure to investigate or remedy security flaws in the country’s recently-launched COVID-19 tracking technology, which partially depends on a system originally developed to combat terrorism. While there are no reported cases of harassment or targeting based on the leak online of the personal details of thousands of COVID-19 volunteers, the lack of response fails to boost citizens’…
Content type: Examples
Any user of India's Aaorgya Setu contact tracing app can now request deletion of the data they've entered according to the Aaorgya Seta Emergency Data Access and Knowledge Sharing Protocol, 2020, which specifies the definition, collection, processing, and storage of the data the app collects. The protocol will be applicable for the next six months, and also increases the amount of time the data will be retained from 60 days to 180. IT ministry officials said the protocol was needed after a…
Content type: Video
A quick catch-up on the state of play of apps round the world - though we end up mostly discussing India and the UK - and we celebrate a very special birthday.
You can find a much deeper and more detailed look at the various questions and concerns around coronavirus apps on our website: https://privacyinternational.org/long-read/3792/covid-contact-tracing-apps-are-complicated-mess-what-you-need-know and all the latest news in our tracker https://privacyinternational.org/examples/tracking-…
Content type: Examples
As the first confirmed coronavirus case in Pakistan, Yahyah Jaffery became a pariah after his identity, photograph, and home address were leaked on social media. Similar leaks about dozens of other patients and medical staff followed. The contact tracing system being used for coronavirus was originally developed by the country's Inter-Service Intelligence (ISI) to combat terrorism; it is based on a new data hub in Islamabad that will collect information from the ISI tracking system and share…
Content type: Examples
After a call from a vendor, India's state-owned Broadcast Engineering Consultants Limited (BECIL) put out an expression of interest for electronic bracelets and accompanying software for use to ensure that COVID-19 patients do not violate their quarantine orders.
A hundred companies responded. BECIL saw the idea as an opportunity to sell a patient surveillance system to municipal corporations, private companies, welfare resident societies, and central government departments. BECIL, which was…
Content type: Examples
A security lapse exposed one of the core databases of the coronavirus self-test symptom checker app launched by India's largest cellphone network, Jio, shortly before the government lockdown began in late March.
The database, which had no password protection and contained millions of logs and records collected during the last two weeks in April, was found by security researcher Anurag Sen on May 1.
Some of the exposed records included individuals who answered a series of questions to create a…
Content type: Examples
Shortly after launch, security researcher Baptiste Robert discovered that India's contact tracing app, Aarogya Setu ("Health Bridge"), allows users to spoof their GPS location, find out how many people reported themselves as infected within any 500-metre radius, and mount a triangulation attack to confirm someone else's suspected positive diagnosis. The app, which was created by the government's National Informatics Centre, uses GPS to track people's movements rather than Bluetooth as many…
Content type: Examples
Our partners from the Centre for Internet & Society in India wonder themselves whether the use of an official chatbot to advance ‘right information’ is the most efficient way to handle misinformation?. In a recent example, a ministry released advisories on how homeopathy can prevent the coronavirus infection, which was proved to be false by many scientific sources. This heightens the problem of fake news or the spread of i.e. incorrect information as it comes from an official source.
Link…