The recent official request from the Prime Minister’s Office (PMO) that 1.5 million National Cadet Corps members should download and install the NaMo app on their smartphones is problematic at multiple levels. The NaMo app is not a government-owned resource; it is owned by Prime Minister Narendra Modi in his personal capacity. It connects to a domain, which is also owned by Mr Modi in his personal capacity. The registered address of the owner of both, the app and the domain, is the Bharatiya Janata Party office in New Delhi. Since the app is a private resource owned by a private citizen, it is improper to push its usage through official channels. This is all the more problematic as an official app — the government-controlled PMO India app -- exists and has been created for the express purpose of enabling the prime minister to interact with citizens.
There are other privacy and jurisdictional issues concerning the app, and what it does with the data it collects. The app harvests an enormous amount of data upon registration — far more than is commonly requested by most apps. It then sends that data out of India to an US-based server, to be analysed by a US-based company, Clever Tap. The location of the server means that the Indian government does not have either legal jurisdiction or control over the shared data. Clever Tap, which is owned by three individuals of Indian origin, is said to have been hired to do "third-party analytics" with the data collected from NaMo app-users, according to a statement by the BJP. The privacy guidelines mentioned in the NaMo app earlier did not seek permission from users over sharing personal data with a third party, which in itself would be illegal in many jurisdictions. It was only after the controversy that the NaMo app updated the information to say that personal data could be shared with third parties.
The data collected by the NaMo app is extensive. The mandatory information in the registration includes name, phone number, email address, state, district, city, profession and interests. Non-mandatory fields include date of birth and voter ID number. The app also seeks permission to access 22 features on users’ smartphones, including location, photographs, contacts, microphone and camera. In comparison, the official PMO India app seeks access to 14 features, while the official MyGov app, which was developed by the Ministry of Communications & Information Technology for generic citizen-government interactions, only seeks to access nine features.
The NCC is among the largest youth organisations anywhere and a substantial proportion of its members are minors. Collecting personal data of minors without taking permission from their parents is incorrect and improper, especially since many in this cohort will become eligible to vote for the first time in the 2019 general elections. It is understandable that the BJP would like to target these young voters in a focused campaign. However, it is unfair to do so by breaching their privacy and that too by using the official resources of the PMO. Moreover, such data should not be sent abroad to servers where foreign governments can access them.