An analysis of privacy policies of public COVID-19 apps: Evidence from India

Abstract

Governments around the world are utilizing their digital ecosystems to respond to the COVID-19 pandemic. To increase awareness among the beneficiaries about privacy risks, they must proactively publish the data handling practices for their digital initiatives through appropriate privacy policies. This study analyzes the privacy policies of public COVID-support mobile applications (apps) in the context of India. We found a total of 63 government initiated COVID-support apps in India out of which 38% were found to have an app-specific privacy policy. These policies were analyzed further to assess their coverage of key principles, such as “Purpose,” “Data Categories,” and “Data Retention,” derived from legal requirements. We also analyzed the extent of the specificity of policies with a high coverage. In India, only one nation-wide app stood out to have both considerable coverage of key principles as well as a high level of specificity. Other national/regional apps fail to display the desired levels of coverage and/or specificity. The broader policy recommendations of this study are that the government should better address privacy concerns regarding its existing and future disaster management apps as well as its other digital initiatives by (a) establishing and enforcing a comprehensive legislative framework for data protection and (b) increasing privacy awareness among the beneficiaries.