A Human Rights Watch (HRW) report, “How Dare They Peep into My Private Life? Children’s Rights Violations by Governments That Endorsed Online Learning During the Covid-19 Pandemic”, has raised the alarm that two apps developed by the Government of India, Diksha and e-Pathshala, were engaged in “data practices that put children’s rights at risk”.The report said, “In their rush to connect children to virtual classrooms, few governments checked whether the EdTech they were rapidly endorsing or procuring for schools were safe for children. As a result, children whose families were able to afford access to the internet and connected devices, or who made hard sacrifices in order to do so, were exposed to the privacy practices of the EdTech products they were told or required to use during Covid-19 school closures.”
It regretted, the EdTech “products monitored or had the capacity to monitor children, in most cases secretly and without the consent of children or their parents, in many cases harvesting data on who they are, where they are, what they do in the classroom, who their family and friends are, and what kind of device their families could afford for them to use.”
Worse, HRW said, “Most online learning platforms sent or granted access to children’s data to third-party companies, usually advertising technology (AdTech) companies. In doing so, they appear to have permitted the sophisticated algorithms of AdTech companies the opportunity to stitch together and analyze these data to guess at a child’s personal characteristics and interests, and to predict what a child might do next and how they might be influenced.”
Insisting that “governments bear the ultimate responsibility for failing to protect children’s right to education”, HRW said, as many as 33 apps “endorsed” by 29 governments – including Government of India-developed Diksha and e-Pathshala – were found with the ability to collect as many as 86.9 million child users’ advertising IDs via the Android Advertising ID (AAID).]“This allowed these apps to tag children and identify their devices for the sole purpose of advertising to them”, it added.
In its case study of Diksha, an EdTech app owned and operated by the Union Education Ministry, first launched in 2017, butlater used during the pandemic “as the government’s primary means of delivering online education to students”, HRW found, the app was found to collect “children’s precise location data, including the date and time of their current location and their last known location.”
Offering lessons, textbooks, homework, and other educational material for grades 1 to 12, Diksha, said HRW, “was downloaded by over 10 million students and teachers as of 2020”, with some state education departments setting “quotas for government teachers to compel a minimum number of their students to download the app.”
Instead, it “misleadingly” stated that Diksha collected a different piece of information – a user’s IP address – only once, “For the limited purpose of determining your approximate location – the State, City and District of origin… and the precise location of any User cannot be determined.”
Further, HRW insisted, “Diksha also granted access to its students’ location data to Google, through the two SDKs – Google Firebase Analytics and Google Crashlytics – embedded in the app.” Through dynamic analysis with the help of Esther Onfroy, founder of Defensive Lab Agency, HRW found out that Diksha was “collecting and transmitting children’s AAID to Google” and appeared to share “children’s personal data with Google for advertising purposes.”
“As a result, children and their parents were denied the opportunity to make informed decisions about whether to permit the Indian government to surveil their location and share it with third-party companies”, HRW noted.
As for the other app built by the Government of India, through its dynamic analysis, HRW claimed that e-Pathshala was “transmitting details about what children search for within the app to Google.” Ironically, it said, the Indian Education Ministry, who built the app, did not notify its child users that the app was sending what information children were seeking “within their virtual classroom to Google.” It added, “The app has no privacy policy at all.”
Comments