NEW DELHI: With the rise in smartphone usage in India, the digital gaming industry is booming. Currently, India is home to more than 278 lakh online gaming users, who make up approximately 46% of the total 604 lakh internet subscribers in the country. However, companies such as Paytm and Tencent (backed by Alibaba) and Youzu that are investing in online gaming are based in China. This has become a matter of serious concern as these companies that offer free-to-play digital games can sell their databases to third parties and the information may contain users’ email addresses, social media accounts and personal preferences.
On the condition of anonymity, a Kolkata-based software developer told The Sunday Guardian: “When the gaming application says it is free to play, it means that the user is the product. As 90% of the users log in through their social media accounts, the companies can easily access the public profile of the users such as their names, friends’ list, phone numbers, etc. This data can be used for various purposes as it is a key asset to determine the user’s behaviour and this is highly desired by the marketing professionals and researchers.”
While most of these companies have their data centres in India, cyber experts believe that any company, even if their data centre is not in India, can easily breach their data. Earlier in 2017, Chinese company Alibaba’s UC browser had come under Indian government scanner for the alleged leak of the mobile data of Indian users.
The startling fact is that most of the online games and free-to-use applications ask for the user’s permission to get access to the contacts, messages and the camera of the user’s smartphone to start the game. Amit Malhotra, a cyber security expert who works with the Delhi Police and the Punjab Police, told The Sunday Guardian: “99% of applications steal our personal data through these techniques. There are multiple expenses when going from the use of branded server to application development and yet these apps are providing everything for free. Why? When you download an application on your phone and allow them to access your contacts and other details, everything, from your location to the phone’s history, gets shared with these companies.”
Currently, India does not have any strong legislation governing data protection or privacy other than the Information Technology Act, 2000, and Indian Contract Act, 1872.
Vijay Pal Dalmia, a Supreme Court advocate, told The Sunday Guardian: “Apart from the Information Technology Act and some data protection rules, we don’t have any specific law relating to data protection. Moreover, the rules under the I-T Act for protection of our privacy have very limited scope. It is limited in the sense that there are only five to six particulars that are in the protected list and the rest of the information doesn’t come under the rules.”
“If these companies take the entire data of your phone, it is a criminal offence. However, our country lacks a proper legal mechanism to address this kind of offence,” Dalmia said.