The Internet Freedom Foundation (IFF), a non-profit organisation, raised concerns over the breach of personal data of millions of teachers and school students by the Digital Infrastructure for Knowledge App (DIKSHA) in a letter addressed to Priyank Kanoongo, Chairperson of the National Commission for Protection of Child Rights (NCPCR).
DIKSHA is an online educational platform that was launched by the Union Education Ministry and the National Council of Educational Research and Training (NCERT) in 2017. The letter by IFF points to a report by Wired which states that the complete names, contact information, and email addresses of more than 1 million instructors are stored in files on the unprotected server, along with information concerning over 600,000 students.
The organisation further referred to another report by the Human Rights Watch (HRW) that named DIKSHA among 21 other apps which were guilty of enabling third-party companies to access children’s precise location data, potentially enabling these companies to analyse, trade, and monetize this information.
IFF has written to the Chairperson of the @NCPCR_ expressing our concern over the breach of personal data of millions of teachers and school students by the Digital Infrastructure for Knowledge App (DIKSHA). Read our letter here.👇 1/7https://t.co/ArpqFutLgq pic.twitter.com/aAqVrKR5Wa— Internet Freedom Foundation (IFF) (@internetfreedom) February 15, 2023
Additionally, in Uttar Pradesh, the state government set quotas and pressurised teachers to get students to download the app "without gauging the after-effects of such a move and leaving children with no choice but to download the app in order to continue their education," the IFF said.
They noted that such a breach violates the students’ fundamental right to privacy, as upheld by the Supreme Court in the KS Puttaswamy v. Union of India judgment. "Significantly, the judgement highlighted the need to secure children’s right to privacy, bearing in mind that minors lack the legal capacity to give consent. Hence, if necessary measures are not taken to protect the personal information of children, it would stand in violation of the Puttaswamy decision," they stated in the letter.
The organisation further said that the collected information can leave several students and teachers vulnerable to fraud and identity theft, "as individuals do not change their personal information, especially email addresses and phone numbers, over such a short period."
Given the aforementioned consequences, the organisation has urged the Commission to initiate an inquiry about gaining access to students’ personal information and into the alleged nature of data collected by the app. Further, they also requested the Commission to effectively implement remedial measures to protect children's data by drafting comprehensive guidelines to sensitise schools, educational institutions, and other stakeholders to protect students’ sensitive data.