+

ONLINE LEARNING HAS PUT THE SECURITY OF CHILDREN AT STAKE

In a bid to digitalise education in Covid times, the issue of the privacy of young students seems to have slipped under the radar. If left unchecked and unregulated, this will have long-term negative ramifications on the lives of many.

The swift lockdown of the entire world was unprecedented, unheard of, and took industries and institutions the world over by surprise. However, some sectors responded swiftly, and education was one of them. Universities, colleges, schools and coaching centres quickly switched to delivering lectures online through digital means. Camera surveillance, video recordings and online chats became the norm. However, issues of privacy, the safety of the data being collected, how it is being used and where it is being stored took a back seat.

To showcase its ‘Digital India’ objectives and how committed the government was to not let a pandemic dampen spirits, the Government of India also jumped on the bandwagon and pushed forth its own e-learning initiatives such as ‘Swayam’, ‘Diksha’, ‘E-Pathshaala’, Free/Libre and Open Source Software for Education and a few more. These online platforms quietly but surely have been able to collect huge amounts of data and generate different types of datasets. These platforms, which work under the beck and call of the government of the day, have become a massive repository of data, which the government and private players can exploit to build and control the society.

Such vast tracts of data in the hands of unregulated entities can be used to suit nefarious ends. They can be used for profiling, which in turn can be used to deliver targeted content to mould impressionable minds or make students the target for certain kinds of advertisements and thought processes. And the impact of these activities can be long term.

The weakness of the current infrastructure of cybersecurity of both government and private institutions in the country is highlighted almost every day. In the month of October, a data breach of the official website of the Prime Minister affected 5 lakh users. Earlier, a popular online education company’s website was breached and sensitive information pertaining to students and registered members was compromised. Very recently, there was news of the breach of security measures of a popular grocery delivery app, which resulted in the email IDs, phone numbers and addresses of its users being stolen. There are numerous such instances which reiterate the point that the data security infrastructure in India is still far from satisfactory and the government and private institutions will do well to go slow on the ‘Digital India’ campaign and first ensure that data is not jeopardised.

LEGAL FRAMEWORKS

In the US, laws such as the US Children’s Online Privacy Protection Act (COPPA) and California Consumer Privacy Act have been enacted specifically to protect children’s privacy and the regulation of data collection from them. The Federal Trade Commission of the US saddled with the regulation of trade and consumer protection in the US even brought out Covid-specific COPPA guidelines. Further, these laws require service providers (in this case, schools) to educate parents/guardians about privacy matters and privacy measures, to notify guardians about their privacy practices and to take explicit consent before collecting their wards’ data.

Institutions have also stepped up to the challenge. The MIT Media Lab at the Massachusetts Institute of Technology has put out age-appropriate modules which can be used to educate students on the appropriate ways of being online and giving control to students to determine the correct use of media for themselves. The University of California, Berkeley has also come with the Teaching Privacy project to teach the basic tenets of online privacy.

In India, the absence of appropriate laws and regulations has let everyone run amok and formulate their own rules and policies without much regard for the accompanying issues of privacy, data abuse and misuse. The Personal Data Protection (PDP) Bill is yet to see the light of day and the existing legal framework comprising the IT Act, 2000 and the 2011 Rules issued under this Act governing these digital platforms are inadequate to handle issues of privacy pertaining to children specifically. Since there are no clear-cut laws related to these matters yet, it is confusing for institutions and service providers, which contribute partly to breaches and inappropriate processing.

THE WAY AHEAD

To tackle security breaches and issues of children’s privacy online, it would be wise to incorporate appropriate provisions in the pending PDP Bill, which should lay down procedures, acceptable practices and standard operational procedures for online platforms and websites engaging in students’ activities. A rich and well thought out resolution released in the International Conference of Data Protection and Privacy Commissioners of European countries on E-Learning Platforms (Resolution) may be referred to while drawing up a legal framework.

On the ground, certain procedural safeguards may be put in place for schools and institutes to strictly adhere to. The data collected should be processed only for the purposes for which it was collected, complying with the purpose limitation principles. The data collected should not be used for any kinds of targeting or profiling. Material such as video recordings should be stored only for a very limited period of time and, prior to recording, clear unambiguous consent from parents or guardians must be sought. The platform should also ask permission for access to the device’s camera and microphone before each lecture, the video feed be relayed only to the child and her parent and not to the entire class, and parents/guardians be given the right to turn off video recordings. The explicit consent of guardians/parents should also be taken in case of any dire need for the recording being shared by any third party.

With each passing day it becomes clearer that the pandemic—and consequently, online learning platforms—is here to stay. Thus, privacy and data protection, which were earlier resigned to intellectual discussions, have to come to the fore and be handled with deliberation. We cannot cut corners now. The very future of our coming generations is at stake.

The author is a Delhi-based lawyer specialising in technology and IT. The views expressed are personal.

Tags: