Hyderabad: Retail businesses in the city, such as shopping malls, have always asked their customers to give their mobile numbers before generating a bill. Some businesses such as Decathlon, in fact, refuse to sell customers who don’t provide a phone number. For long, activists and the general public have raised issues about the unnecessary collection of data and the risk of it falling into the wrong hands. Even when sharing of phone numbers is voluntary, digital literacy activists have asked citizens to exercise caution and discretion. However, this argument has not caught on much since much of the public is fine with sharing their numbers to almost any retailers that asks for it.
Sashi, a Hyderabad-based businessman, narrated his experience at Decathlon at KPHB Colony from several months ago. “At the bill counter, the man insisted I give him my phone number or else the bill couldn’t be generated. I was puzzled. I kept asking why I needed to furnish my number for a physical offline purchase,” he said. Sashi took up the matter with Decathlon India’s management, who gave him a “canned and diplomatic answer” which said customers’ numbers were necessary to track him/her down in case there was a product recall. He let the matter go after that, though he wasn’t happy. “I have lived in the USA for a while. There, people don’t share their personal details so easily. There is an attitude problem here. Even when sharing the details is voluntary, a lot of them do it anyway. They don’t realise that this data could be stolen or sold, thereby compromising their safety,” he said.
Sashi, who has experience in e-retail, said, “Most of these companies, including the large shopping malls have very unsecure websites. They can be attacked easily. How can one trust their personal details so easily?”
Police in Hyderabad and Cyberabad commissionerates is divided on the matter. On one hand, the officials admitted that the collection of data by retail outlets posed a risk of data theft. However, they said action could be taken only when a theft actually happens.
A senior official from Cyberabad said, “Indeed, no retail outlet guarantees the protection of data. They collect personal data of citizens for their own marketing requirements. This is why even after a person activates do-not-disturb (DND) of their phones, bulk messages come anyway. We would advise the public to not share their numbers to everyone.” However, the official said that offering advice is where their responsibility ends on this matter. “We would like to act more proactively on this, but the retail outlets are not doing anything wrong. The Ministries of Telecom and IT have to come up with guidelines on collection of data,” he said.
However, the official agreed that retailers cannot make collection of phone number mandatory. “We will look into Decathlon’s case. We will check if their point-of-sale (POS) don’t generate bills without a phone number. If this is the case, we can hold Decathlon management liable,” he said.
KVN Prasad, ACP, Hyderabad police’s Cybercrime division had a similar response. “Asking for phone numbers is a marketing ploy by these companies. But we can act on collection of data when there is a report of data theft or if a retailer’s database is hacked. Until then, we can’t do anything. However, we will look into cases of retailers who mandate submission of phone numbers for generation of a bill. We will take the necessary action,” he said.