Image Editing Applications & Data Privacy: A Security Concern
Recently, a Russian built image editing application called FaceApp caught the imagination of the people around the globe. The application consists of an age filter which uses artificial intelligence to generate a realistic transformation of faces in photographs. The application allows its user to transform his/her image to look older, younger or even swap genders.
FaceApp was downloaded 150 million times which showcased its growing popularity. India has nearly 940 million unique mobile connections and almost half of them use the internet. Easy availability of mobile data has skyrocketed individual consumption. Expanding market has resulted into users downloading image editing applications on a wide scale.
However, just like any other image editing app, FaceApp too has certain privacy concerns. Recently, a US Senator wanted the application to be investigated by the FBI because of its links to Russia.
Issues and Challenges related to Image Editing Applications
Image editing applications pose a big challenge to a country like India which has internet users in abundance but lacks a robust data protection framework.
Firstly, FaceApp is a Russian made application which raises serious concerns regarding the applicability of the laws related to data protection and privacy. Individual privacy in Russia is continuously under state surveillance and there are no privacy laws to protect data. So if the application is Russian made but the data has been stored in the US servers it would be extremely difficult to ascertain the applicability of the laws in this scenario, especially if the user is residing in India. Moreover, India is yet to enact a legislation related to data protection.
Secondly, there is a clause in the application which provides FaceApp, “a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable licence” to use the images uploaded by the user. There is clear ambiguity regarding access to information provided by the user. There are concerns regarding who has the access to such information, in which country has the access been made and what kind of permission is one giving.
Thirdly, privacy agreements provided by such image editing applications are lengthy and mostly skipped by the users. Ultimately, there are certain important clauses which are missed and the users end up surrendering their data privacy to such applications.
Fourthly, such applications extract a lot of crucial information from the users including name, email address, images from the phone gallery as well as the geolocation.
Fifthly, such applications tend to store personal data of its users despite making claims of deleting it. The data is stored in perpetuity by such applications which impinge upon individual privacy.
Sixthly, the enforcement of laws related to such applications remains the biggest issue. The data related to such applications is usually stored in foreign countries like the US since India does not have data localisation laws to store data within its territorial limit. Moreover, India is not a party to any international convention or agreement related to data privacy which is another cause for concern.
Seventhly, every application has its own privacy issues. There are many applications which leak far more data than people actually think. It`s just that many of such applications are developed in countries like the US and China which allows people to live at ease but that`s not the case. Applications like TikTok are equally prone to data theft.
Eighthly, data leakage can possibly be a result of many things. Sometimes such leakage can be from an employee of the company or sometimes the company itself leaks data as a market strategy.
Ninthly, the increasing digital footprint has resulted in the emergence of many such applications. It is almost impossible to regulate the development of such applications since everything is highly interconnected. Moreover, access to technology cannot be denied to people.
Finally, individuals prefer convenience and entertainment over privacy and security. Most of the citizens are open to sharing their personal data in order to avail services which provide entertainment.
The Way Out
Furthermore, there should be proactive debate amongst the members of the civil society, academia and others regarding the use of the internet and its regulation. Ultimately, the majority of data is generated by the users and some sort of responsibility lies upon them too. Also, digital literacy in the country needs to be enhanced. Most of the users are young and hence, prone to misusing the technology. Proper steps should be taken to make such users more vigilant.
Stringent privacy laws should be enacted in the country to protect individual data. Personal Data Protection Bill drafted by Justice Srikrishna Committee should be tabled before the Parliament on a priority basis and data localisation laws should be enacted so that individual data is stored within India. The draft envisages that critical personal data must be stored and processed only in India.
Furthermore, there should be a mixture of law and regulations with technology enhancement so that people can avail services without surrendering their personal data. A progressive approach is necessary to streamline this process.
Finally, individuals should become the beneficiaries of the technology provided to them rather than victims. A strong and progressive framework must be established to regulate data leakage.
Amity Law School, Delhi.
(Image used for representational purpose only. Image Courtesy: https://isg-one.com/consulting/strategy/articles/striking-the-balance-data-privacy-vs.-personalization )