India’s new super app has a privacy issue

- Advertisement -


April 7 Ranendra Ojha, a marketer based in Kolkata, east India, was looking forward to installing and using the new Tata Neu super app. Super apps are umbrella mobile apps under which companies offer multiple services. But once Oja installed and registered with Tata Neu with his phone number, he was shocked to see that this newly launched app already had three of his old addresses along with his full name — details he never shared with the app.

- Advertisement -

After digging further, Oiha realized that the app seemed to have retrieved data from the Big Basket grocery app that Oja often uses. Like Big Basket, Tata Neu is owned by the Tata Group, which is almost 155 years old. Tata Group, one of the largest Indian conglomerates and a well-known name, sells everything from salt to software and has recently invaded the world of consumer technology through a variety of acquisitions.

- Advertisement -

“To be honest, I was really shocked that Tata took my personal data from one of their apps and used it for this new app,” says Oja. “Basically, they shared my personal data with all Tata Group companies without my permission.”

Another user from the South Indian city of Bangalore was similarly shocked when he saw several addresses (including the address of his old house where he no longer lives) and his date of birth already preloaded on Tata Neu when he signed up using his phone number. and a one-time password. What puzzled him even more was that his wife’s Tata Noi also had her old office address, which he said they never used for any purpose. “Personally, I am a very big fan of the Tata Group, and when it comes to the Tata brand, there is trust,” says Naren, who asked to be quoted under a pseudonym for fear of a backlash from the company. “But that credibility is lost when they do such tricky things under the guise of user experience.”

- Advertisement -

Tata Neu was launched in the first week of April and had at least 2.2 million downloads. The app features all of the company’s brands across industries such as e-commerce, financial services, airline tickets, groceries, medicines, and hotels. But the inclusion of pre-loaded personal data in the new app means that Tata Group has been able to store customer data in its online and offline companies and create their profiles. This is problematic, according to privacy advocates, because it happened without the explicit consent of users and in the absence of a comprehensive data protection law in India.

Tatas with market capitalization more than 300 billion dollars at current exchange rates, had a strong offline presence across a wide range of sectors. But until recently, consumer technology remained an untapped market. So a few years ago, in an effort to compete with big tech giants like Amazon and Walmart-owned Flipkart, Tata began building its digital profile by acquiring startups like Alibaba-backed online grocery company Big Basket and drug delivery startup 1mg, as well as investments . at health and fitness startup Cult.Fit.

Some clients of these startups acquired by Tata received an email with updated terms. Others, including the author of this article, have not received any emails and are unaware of any other form of notification. And while these apps’ previous privacy policies have vaguely stated that they may share customer data with partner companies or other third parties in the event of acquisition, experts say it’s the lack of explicit consumer consent, combined with the fact that it’s data collected from purchased applications. company, making it an “ethical failure on the part of the Tata Group” according to longtime privacy advocate Nikhil Pahwa.

“All super apps already do this [data sharing] but the difference for Tata Neu is that they acquired the companies and then put all that data together,” says Pahwa, founder of Digital Media Portal. median. “There is a different liability threshold for them because customers who used an app or service prior to an acquisition naturally didn’t expect data to be linked to data from multiple different apps when an acquisition occurred.”

In response to inquiries sent to WIRED, a Tata spokesperson defended the company’s business practices and stated that it is committed to user privacy and security.

“Respecting and protecting the privacy of our customers is vital to our business at Tata Digital. We are very concerned about maintaining the privacy of their information,” the spokesperson said. “Tata Digital complies and will continue to comply with applicable data regulations, both in letter and in spirit.”

Last year whatsapp for which india is the largest market-updated its privacy policy requires users to consent to sharing their data with parent company Facebook (now known as Meta). This caused outrage among its users, many of whom abandoned WhatsApp has (at least temporarily) and moved en masse to other messaging apps like Signal and Telegram.

Competition Commission of India, India’s antitrust agency, will soon triggered regulatory action v. WhatsApp for unilaterally changing its privacy policy based on abuse of dominance. But antitrust and privacy lawyers say it can be difficult to argue unfair policy terms as a form of abuse of dominance in the case of a new entrant like Neu because it still has a relatively small market share. “However, if any of Tata’s subsidiaries clearly dominate the markets they operate in, then any forced data sharing with Neu could potentially cause competition law problems for that organization,” says Smriti Parshira, a technology policy researcher at think tank National Institute of Public Finance and Policy.

Tata data sharing counters the lack of a comprehensive data protection law in India. The closest thing there is now in the country is completed Data Protection Bill 2021 But the law is yet to be passed and it relies on “informed” consent as one of the main grounds for data processing. without giving people the option to opt out other than not using the service.

“Just passing a new law will not solve the problem completely,” says Parshira. “But it will create an accountability system where the new regulator can operate and consumers can seek redress.” It is also expected that the new regulator will develop rules regarding the tools that can be used to make the privacy policy more understandable to users.

Ojha, for example, is not waiting for the Indian government to create a legal framework for data protection. He decided to uninstall the app the same day it first appeared on his phone’s home screen. “I found it very cumbersome and absolutely zero for me,” he says. “Also, I felt uncomfortable that they were using my personal information without my express permission.”


More Great WIRED Stories

.


Credit: www.wired.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox