By Dhruvi Shah
While the Centre’s recent decision to revoke its November 28 directive requiring all Android smartphone manufacturers to pre-install the Sanchar Saathi application on all new devices did quell some of the interests and concerns raised as a result of the initial decision, many members of the public continue to be concerned with many other aspects of the directive. However, a number of experts, including legal, digital rights and privacy experts, maintain that the implications of the app extend far beyond the actual use of the app.
Under the original mandate issued by the government, smartphone manufacturers would have had to have embedded the app on all new devices in the next 90 days; they would have also been mandated to push the update to all existing devices over the air. As a result of the forceful nature of the mandate, Minister of Communications Jyotiraditya Scindia corrected the public perception of the government’s intention with the order. Scindia stated that users retain the ultimate decision-making power over the app and will be able to uninstall or delete the app at any time, and that the concern over potential violations of privacy is unfounded because the intention of the app is solely to protect consumers from potential cyber fraud.
However, this reassurance does not fully resolve concerns from the legal profession about what they perceive as a fundamental issue around the structure of the system, rather than the day-to-day operation of it. One attorney noted that unless checks such as these are placed in front of the Courts, for example, “In such an event, we would naturally enter into an Orwellian regime. “I don’t believe we are yet in an Orwellian regime but I’m confident if this type of behaviour is not kept in check, we will inevitably end up there,” reported the Indian Express.
He also explained that there is currently “no legal framework to regulate these types of applications or how the system can potentially be abused.” He went on to state that “the Government has effectively limitless authority to conduct surveillance of citizens through numerous various pieces of existing legislation.” reported the Indian Express.
Most of the criticism outlined above is directly related to the fact that the Directive relied on certain aspects of the Telecom Cyber Security Regulations and amendments to the Telecoms Act 2023 mandating the Directorate to take action against individuals who do not comply with the rules. Experts believe that this broad statutory authority is very concerning, especially when the current surveillance capabilities of the state operate with a very high degree of opacity.
Another controversial point in the Digital Personal Data Protection (DPDP) Act (2023) is Section 17 of the DPDP Act allows for the Government to waive their agencies from major requirements of Privacy if it is perceived to be in the national interest as it relates to national security or public welfare.
The concern surrounding Sanchar Saathi echoes the tenets provided in the landmark Supreme Court judgment on the right to privacy which, in its ruling of KS Puttaswamy vs. Union of India (2017), established Privacy was a Fundamental Right of individuals and set out three guiding principles for governmental intervention where privacy is associated – Legality, Necessity, and Proportionality. The critics of the Sanchar Saathi application argue that requiring every mobile telephone in India to have it pre-installed and to use its services, which are also provided in an optional manner, is not sufficient to meet the test of Proportionality.
In addition, Advocate Arzu Chimni states that it is necessary for there to be “transparency surrounding the app’s data collection,” including how long the data will be collected, who will have access to the data, and what type of information is collected.
In addition, many legal experts, such as B. Shravanth Shanker has expressed caution regarding digital tools, no matter how well-intentioned, and has advised that these tools should comply with the privacy protections included in the Constitution and with global best practices. As Shanker explained, “The goal of limiting IMEI fraud is justified; however, the requirement of mandatory installation is inconsistent with the standards of privacy outlined in Puttaswamy.” The elimination of the requirement by the government may have eliminated the immediate controversy and attention, but it raises larger questions about surveillance and consent, as well as the limits of the state’s authority in the digital age.