Last week, India decided to withdraw its controversial Data Protection Bill. However, this recent move doesn’t resonate with India’s ambition to go digital. A country cannot take operations online without a strong data protection law for its citizens. 

‘Uber Files’ is a case in point. It is a compilation of leaked documents about the shady practices the US ride-hailing company reportedly resorted to in order to achieve an exponential rise in the industry. The files leaked to The Guardian revealed that Uber used Geofencing and GreyBall to evade law enforcement agencies. 

According to the information shared by The Guardian, Uber used to collect vital information like credit card details, social media accounts, employment details etc, and when government employees wanted to book an Uber, they simply could not. Though the app looked exactly similar to the normal one and would show cabs nearby. These government officials would never get one even though they could successfully ‘request a ride’. 

(A clone app will always show ghost cars nearby, but officials couldn’t get a ride)

How this was done 

The app automatically identified government officials and presented a clone of the Uber app so these officials would not get a whiff of the rules and regulations Uber was violating. For example, many countries require commercial licences for taxi drivers in order for them to operate. Uber was able to hide the driver’s details from the government using this feature. According to an NYT report, “Uber served up a fake version of the app, populated with ghost cars, to evade capture.”

Kill Switch & the need for strong Data Protection Law

In 2015, Quebec tax officers burst into Uber’s office in Montreal, Canada equipped with search warrants. They had strong inputs about Uber having violated tax laws. However, the team failed to find anything. The data they were trying to collect seemed to be locked away. The higher management of Uber had successfully blocked the data from the government officials by deploying the Kill Switch. This was one of the first reported cases of Kill Switch being used by a tech giant. 

According to the leaked files, Uber used softwares called Casper and Ripley to block and destroy data from the local database in a country outside the US. The Kill Switch acts as a firewall between the data and local law enforcement agencies. 

Rob van der Woude, a former Uber board member said in a leaked email, “What we did in India is have the city team be as cooperative as possible and have BV (the company in the Netherlands) take the heat. E.g. Whenever the local team was called to provide the information, we shut them down from the system making it practically impossible for them to give out any info despite their willingness to do so. At the same time, we kept directing the authorities to talk to BV representatives instead. Not sure if that works here given they have telco info but that bought us some months there.”

Coming back to the Bill, the very first line of Chapter II of the Data Protection Bill, 2019, says, “No personal data shall be processed by any person, except for any specific, clear and lawful purpose”. What Uber did with GreyBall and Kill Switch in some countries, including India, would be illegal here had the Bill been implemented. The Bill also advocated localization of data, in fact, it was one of the most important points in the Bill. If not withdrawn, the Bill would have ensured justice to the company’s wronged customers. 

Today, according to a report by Clario, companies know almost everything about you; your name, mobile number, birthday, and email addresses being just the tip of the iceberg.  

Credit: Clario

Apps like Facebook, Instagram, and Tinder know what your face looks like, at what location you are using the app, who are the people you call often, and what images you store in the gallery. They even know what you sound like and what language you speak. 

The Data Protection Bill could have at least given us some semblance of an assurance that our critical data is not in the hands of corporations.