STUDENT DATA PRIVACY: THE CASE OF DELHI UNIVERSITY
This article is written by Muskaan Bangani of Mody University of Science and Technology, Lakshmangarh, Rajasthan and curated by Dheepika R of ICFAI Law School, Hyderabad.
Everyone and their neighbor today are aware of the power of technology in education. It has the ability to reach every student, all over the globe, irrespective of the physical barriers. It can allow each and every student to learn and ensure complete mastery over academic content. In a country like India, where social barriers like caste, sect, and gender often affect student attendance and behavior in the classroom, but the development of technology can remove all these barriers by allowing all the students to operate independently. It’s not difficult to estimate how the technology can become dangerous. School servers’ stores extremely sensitive and personal data of the student like their address, date of birth, gender, caste, financial status, etc so one faulty move could push all of this data into the wrong hands. Recently in 2017, cybercriminals hacked into school servers in several districts, using personal student data to threaten and extort students and their families. Currently, the usage of personal data–or data collected from every Indian citizen–is controlled by the Information Technology Act, 2011. The Act contains no mention of age or industry-specific regulations about data processing. Even in the instances where it discusses individual data privacy, it provides an incredibly narrow definition of what constitutes “sensitive personal data”, due to which it provides easy loopholes for companies to override the restrictions placed on processing or selling, personal data.
Imagine how you’d feel if you picked up your phone expecting to see a message from your friend, but instead received a message from an unknown number that had explicit content. This was experienced by the students of the Delhi University in July after filling up the details for their admit cards in the online portal provided by the university, Delhi University was set to conduct their Open Book examination on July 2020, the students had to fill up their details like name, roll no. and gateway password for downloading the admit card which was an essential document for the student who would be appearing for the examination. Since the admit cards were student-specific, it was expected that the gateway password would be unique to every student and students would receive their passwords with utmost privacy. However, it was not the case, the passwords were provided with the links to access this portal, a common ‘college code’ for each college was shared with all students openly via WhatsApp forwards. In Delhi University, the law department has about 2,000 students and every semester result are shared publicly via a PDF file that contains the exam roll no, name of student, and marks obtained. Anyone who wishes to access the data of any student can be done quite easily, they will require basic information of the student that is the roll number, gateway password, and the college code. A human stalker or a computer program can extract the exam roll no. and name from the widely circulated result sheets, and obtain the admit cards of each and every student very conveniently and they can get access to the student’s data which includes, phone number, address, date of birth, email ID, gender, etc. This was an open data goldmine: private information was laid bare for anyone to access.
Soon after the information of the students started to spread, they started receiving blackmail from anonymous, the blackmailers started to harass all the students and especially the female students, they stated that if the girls do not speak to them, they might ruin their future by spreading their sensitive and private information. The students felt unsafe and depressed. A storm was raised over this issue on Twitter, as soon as the media portals had caught the attention of this matter, they reached out to the authors of this article. The media reportedly received responses from the authorities. A complaint was filed by former Delhi University Student’s Union President Arun Hooda at Maurice Nagar Police Station, says that the university has failed to maintain the trust of students. Mr. Hooda has filed the complaint on the behalf of National Students’ Union of India (NSUI), pursuant to which services on the platform were suspended after 6 PM on 2 July 2020.
It is concluded by stating that students’ data is very sensitive, the university authorities must make sure that the data of the students must be protected. Not only the universities, but the government should also pass stringent regulations in which the hackers are prevented from committing such acts and also make sure that they cannot find any loophole in order to blackmail and harass the students and their families. Strict punishment should also be inserted to prevent the offenders.