After an outrage over Bharti Airtel’s privacy policy, over the personal data collected by it, the telecom operator has called it a ‘clerical error’, and has said that it does not collect any personal information relating to genetic data, religious or political beliefs, health or sexual orientation etc.
Over the past few days, Airtel faced severe backlash over the privacy policy that was updated on Airtel’s website on October 8, which stated that the telecom operator collects personal information that includes genetic and biometric data, ethnic origin, data regarding a person’s sex life, sexual orientation, financial information, physiological information, among others.
It also stated that it collected information that may include, but not limited to names of a user’s father, mother, spouse, date of birth, current and previous addresses, occupation, among others.
Several users took to Twitter criticising the scope and amount of sensitive information collected by the telecom operator.
I thought it’s a joke but I checked myself and yup, Airtel’s privacy policy seems effed up @internetfreedom pic.twitter.com/g3NzEPsu6t
— kalim (@akhmxt) October 16, 2020
Is it legally allowed?! Is there any agency to watch??? Let's start movement to shift to other service provider @narendramodi @PrakashJavdekar @rsprasad Anybody in govt bothered about bank details being shared by Airtel if this privacy policy is true???? https://t.co/dho3TwlkcQ
— S Kolhatkar (@SKolhatkar1) October 18, 2020
Airtel's privacy policy. This is plainly illegal! What else is left for them to steal from us.! pic.twitter.com/UD0Om9vXsn
— John Wick (@_aamirashraf) October 19, 2020
However, Airtel has said in its clarification that privacy of its customers is of paramount importance to them.
“The generic content of the definitions of what constitutes personal data as laid down by the IT Act are expansive, which had been inadvertently put on to our website. This was a clerical error. We thank those who brought this error to our attention,” it said in a statement.
Airtel further stated that the policy has been updated to what it has always used to collect user data.
The privacy policy now reads, “Personal information collected and held by us may include but not limited to your name, father's name, mother's name, spouse's name, date of birth, current and previous addresses, telephone number, mobile phone number, email address, occupation and information contained in the documents used as proof of identity and proof of address. airtel and its authorized third parties may also collect, store, process Sensitive Personal Information which may include but be not limited to password and financial information (details of Bank account, credit card, debit card, or other payment instrument details), for providing our products, services and for use of our website.”
However, while Bharti Ariel has attributed the earlier privacy policy to a ‘clerical error’ a Medianama report points out that the Sensitive Personal Data or Information Rules, 2011, which defines sensitive personal data, does not include genetic data, data on ethnic origin, political opinion, religious and philosophical belief, trade union membership, and data concerning natural person’s sex life, as was mentioned in the now taken down privacy policy.