Monday, April 25, 2016

Mobile Application Developers In India Are Not Complying With Privacy, Data Protection And Cyber Law Requirements

Growing e-commerce in India has resulted in an increase in websites and mobile applications among Indian masses. Some business models depend upon websites whereas others are exclusive application based models. Further, many entrepreneurs have decided to explore mobile application based business models alone.

Surprisingly, there is a tendency among the application developers as well as its users to ignore the applicable legal requirements of India. For instance, privacy, data security, data protection and cyber law compliances are mandatory in India. Yet neither the application developers nor the entrepreneurs using the same are complying with these legal compliances.

Many mobile based application and software providers are exploring the areas like m-health, telemedicine, e-commerce, mobile payment, online payment, cyber security, cloud computing, online gaming including poker, online pharmacies, Bitcoins exchanges, etc. For instance, Apple is planning to launch mobile payment service through Touch ID. In order to ensure that Apple complies with laws of different jurisdictions, Apple has also removed the blockchain application from its store. Similarly, Twitter is also planning to use its platform to enter e-commerce market world over.

These ventures have made the websites and application developers liable under the laws of different jurisdictions simultaneously. The conflict of laws in cyberspace has also complicated the penal liability of these application providers in different jurisdictions. If the application developers are based in India and they wish to raise funds from foreign investors, these application providers must also take care of cyber law due diligence requirements (PDF) as prescribed by Indian laws. Besides, the foreign investors investing in Indian applications would also conduct their own cyber law due diligence to ensure that Indian applications are in compliance with Indian laws.

Presently India and foreign application developers are in direct violation of various Indian laws and corresponding regulations. These include cyber law due diligence, internet intermediary liabilities, encryption related violations, cloud related violations, data protection and privacy regulations (PDF), etc. Most of them are not even aware about the encryption laws of India that have to be complied with.

There are mobile applications that accesses and uses mobile phone owner’s data, information, SMS, contact details, phone books, etc without owner’s permission. Further, there are many application providers that store such information and data outside India on foreign servers. Many time these data and information includes private, sensitive and crucial information that are not authorised to be viewed and used by such application providers.

The cyber litigations against foreign websites and application providers would increase in India in the near future. It is in the long term interest of Indian and foreign application providers to ensure techno legal compliances so that they are not prosecuted in India.