Even as India's two principal political parties engage in a slugfest over whose app is more anti-national in sharing data of citizens with foreign servers, the spotlight is clearly on the prime minister's app 'Narendra Modi' because it treads a thin line.
The big question is: Whose app is this anyways?
Narendra Modi-the citizen of India
Narendra Modi-the Prime Minister of India
Or, Narendra Modi-the leader of BJP
The App sends out conflicting signals. And answers to each one of those would raise more questions of propriety.
The copyright of the app is with 'Narendra Modi'.
The developer is 'Narendra Modi'
Yet, it claims to be the 'official App' of the Prime Minister of India, Narendra Modi, whose owner should ideally be the Government of India or the Prime Minister's Office.
Also, if this is the Prime Minister's official app, should it also have 'BJP Connect' section which exhorts the user to visit BJP's official website and that of senior party leaders including LK Advani, Rajnath Singh, Nitin Gadkari, Arun Jaitley, Sushma Swaraj and party president Amit Shah, their Twitter accounts, besides BJP chief ministers and their Twitter accounts.
This then raises 3 key questions:
If it's owned by citizen Narendra Modi, why does it claim to be the 'Prime Minister of India's' official app?
If it's the Prime Minister's official app, why is it owned by citizen Narendra Modi and not the government of India?
If it's the Prime Minister's official app, why does it exhort users to go to BJP leaders' homepages and Twitter accounts via 'BJP Connect'?
Before the scam broke, until March 22, it said, "The information shall not be provided to third parties in any manner whatsoever without your consent".
The app now says, "The following information may be processed by third party services to offer you a better experience- 1) Name, Email, mobile number; 2) Device information, location, network carrier."
In the FAQs, the app still claims in the iOS version: "The data you provide on the app is strictly housed safely and not passed on to anyone else". Clearly, a remnant of the previous policy and not the new one.
Eventually, it's the ownership of the app that decides who's liable for the breach-if any-of the provisions of the Information Technology Act. India is yet to define its data protection policy, even though the Supreme Court has said every Indian has the right to privacy. While a committee headed by Justice BN Srikrishna is working on India's data protection framework, at present there's no guideline to specify leak of which data amounts to violation.
A 2011 notification on the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data) Rules specifically defines 'Personal Data' as: passwords; financial information such as bank accounts, credit or debit card details or other payment instrument details; physical, psychological or mental health conditions; sexual orientation; medical records and history; biometric information.
The frequent cases of data breach in the recent past should, ideally, push the government to expedite the formulation of a strong data protection policy.