Through queries addressed under the company section, the banned applications have been asked about their parent companies, countries of incorporation, and whether the parent entities are required to share data with the Chinese government. They have also been asked about differences in permissions sought from Indian users as compared to those in other countries. Other questions in the list are about the apps’ policy for incident response, version update and disclosure with regard to the app providing information to India’s nodal cyber security authorities, the Indian Computer Emergency Response Team (CERT-In).
Last week, it was reported that the parent companies for the banned applications were asked by the government to prove their credentials as an independent entity with no links to the Chinese state. The banned apps were also asked about their data sharing around specific incidents such as the Pulwama terror attacks in February last year, and whether the apps had shared the data of Indian users with third parties around such incidents. A part of the government’s queries were also relating to the location of data servers for these banned applications, with the government’s concern being that the data of Indian users was being shipped offshore, and shared with the Chinese government.
In response, TikTok, one among the banned applications, in a bid to assuage the concerns of the government, said that it would be willing to locate its data servers in India. In a statement shared last week with Inc42, TikTok India head Nikhil Gandhi said that the company hadn’t shared the data of Indian users with any foreign government, nor would it do so if asked in the future. “Throughout the duration of our operations, we have demonstrated an unequivocal commitment to complying with the local laws, including data privacy and security requirements,” Gandhi had written.
Why Question Only The Chinese?
Notably, India’s concerns about the data of users being sent to offshore data servers through mobile applications is unique to Chinese apps. A host of mobile applications owned by companies based in the US, such as Dubsmash and Triller, among others, now being popularised as alternatives to ByteDance-owned TikTok, haven’t been presented with a similar list of queries by the government about the location of their data servers, parent companies, beneficial owners and data-sharing policies.
In fact, even Indian applications, such as the government’s Covid-19 contact-tracing app Aarogya Setu, rank poorly when it comes to transparency in terms of data sharing policies. In May this year, the Massachusetts Institute of Technology (MIT) downgraded its rating of India’s Aarogya Setu app. Reportedly, the app lost points when judged against the parameters of ‘data minimisation’. Simply put, it meant that the app was asking its users to share more data than was needed for the app to function smoothly.
India is now a major destination for multinational technology companies, vying for a piece of a market with more than 500 Mn smartphone users and growing internet penetration in the hinterland of the country. Since the ban on TikTok, both ‘Made in India’ and foreign applications such as Roposo, Zili, Dubsmash, Trell, Mitron and Chingari, among others, billed as alternatives of TikTok, have seen a spurt in downloads.