A steady stream of public commentary is flowing in about the implications of the draft Rules on Social Security Code, 2020, and the Motor Vehicle Aggregators Guidelines, 2020, for the rights of platform workers. We interrogate these developments from a data rights standpoint. The draft Rules on Social Security Code, 2020, propose the creation of a centralized database of platform and gig workers. Enrollment on this database is to take place through two routes — self-registration using Aadhaar authentication and periodic sharing of worker data records by platform aggregators. The data fields will range from address, mobile number, number of work days, skill-sets, to any other particulars that the Center chooses to add. While it can be argued that the creation of such a database is imperative for effective targeting in social security schemes, the proposed design raises some concerns.
No recourse has been made available to workers in case of a dispute between self-declaration and an aggregators’ records, or erroneous deletion of names in any de-duplication exercise that may be undertaken. Paradoxically, the onus of updating records falls fully on the shoulders of individual workers — with Rule 50 (2)(h) even cautioning that in the absence of such updation, they will not be eligible to receive benefits.
The absence of purpose limitation safeguards with respect to use of worker records by aggregators and/or government agencies exposes platform workers to the threat of discriminatory profiling. It is not difficult to imagine that their records may be used by aggregators to unfairly profit off workers. The risk of algorithmic systems being used by the State to weed out “undeserving” workers has been well-documented in the administration of social security. These risks are compounded by the absence of a robust personal data protection legislative framework.
For its part, The Motor Vehicle Aggregators (MVA) Guidelines, 2020, requires ride-hailing aggregators to store “data generated on the app” on a server in India, and make this data available to states as per due process of law. Considering the difficulties that governments have faced in obtaining access to valuable non-personal data from ride-hailing apps for public interest purposes, the obligation for mandatory data- sharing is a welcome move. However, the absence of specific provisions that distinguish between state agency requests for anonymized non-personal data with potential public value, and those pertaining to personal data (especially of drivers), and inadequate attention to the higher standards of safeguards required for personal data protection, create room for concern. Additionally, the collective claim of drivers, unions, and driver-run data trusts over data generated from their behavioral footprints has not been recognized.
The MVA Guidelines, 2020, also place transparency obligations on ride-hailing aggregators with respect to various aspects of their business model, including “functioning of the app algorithm”. The data collected by aggregators feeds into complex algorithms that make a variety of decisions, from routing drivers through the city to off-boarding them from the app. However, this provision does fully ensure algorithmic accountability, unfortunately not incorporating a “right to explanation”.
Platform workers’ organizations need to incorporate a data rights agenda, which, in the short term, must comprise the following demands — one, a federated database architecture with room for democratic and decentralized data stewardship arrangements; two, appropriate personal data protection safeguards underpinning mandatory data-sharing obligations under the MVA Guidelines, 2020; and three, recognition of platform workers’ right to explanation.
In the long-term, a well-rounded data rights agenda that acknowledges privacy and personal data protection considerations as well as workers’ collective claim need to become the new 21st century frontier for the labor movement.
This piece was first published in the Hindustan Times.