It is worth noting that the Indian Ministry of Electronic and Information Technology that deals with cyber law and E-security of citizens has no information on personal data transferred outside Indian jurisdiction.
In a Right to Information reply dated April 22, 2019, the ministry said it does not have records and the matter was of no concern to it.
Robin Zaccheus, who filed the RTI, explains the sequence of events that led him to seek information from the ministry: “The son of CRPF martyred soldier Pradeep Kumar, Siddharth Kumar, shared that minutes before the Pulwama attack he spoke to his father over the phone while he was moving from Jammu to Srinagar in a CRPF convoy and his last words were that he was heading to Srinagar base camp and would reach in an hour or so. The rest is known to all.
“This triggered a question in my mind in the quest to understand the possibilities of where we (mobile phone users) could have gone wrong from security and privacy perspective of the soldier’s movements”.
Mr Zaccheus says he knew that Google and some Chinese mobile manufacturing companies in India are transferring the data out of the country’s jurisdiction and nobody is looking at this critically. “The information like Web and APP Activity, Track Location History, Record Voice and Audio Activity and Tracking of YouTube search history is by default in the Google app,” he says.
Aneesh Sharma, an independent security researcher, says there will always be the “threat of data misuse and also being targets for advertising companies. Countless users receive emails and texts from companies they have never given personal information to and we wonder how they are able to contact us. It is because users’ personal data is being shared or sold globally. Users are advised to read the privacy policies of mobile manufacturers.”...