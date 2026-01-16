ETV Bharat / technology

'Whoever Controls Our Health Data, Will Set Medicare And Public Policy Rules For The Future'

By Surabhi Gupta

New Delhi: Every day, millions of Indians give away intimate details of their health, location and finances in a single click, often without realising that this silent data surrender could expose them to profiling, misuse and long-term privacy risks. As artificial intelligence (AI) platforms expand rapidly into healthcare and financial services, cybersecurity experts, clinicians and legal scholars are raising alarms over how Indian users unknowingly surrender vast amounts of sensitive personal data at the very first step, the sign-up screen.

What appears to be routine app permissions, they warn, is quietly transforming health and financial data into a strategic asset controlled by global technology platforms, often beyond India’s legal and regulatory reach.

From fitness trackers and patient health record apps, to AI-driven diagnostic tools and insurance platforms, data collection today goes far beyond what users consciously intend to share. Analysts say this shift carries deep implications, not just for individual privacy, but for India’s data sovereignty, public health policy and economic security.

“At the sign-up stage, users often surrender far more than they realise,” Amit Dubey, an expert in cyber investigations, told ETV Bharat. “Precise location history, contact graphs, device identifiers, health metadata and behavioural patterns are routinely handed over. This is not consent in the informed sense; it is consent by design fatigue,” he added.

From Data Collection To Behavioural Profiling

Dubey said global investigations have repeatedly shown how data collected for “service improvement” is later repurposed. “Location and health-adjacent data has been used for targeted advertising, insurance risk modelling and even credit profiling through third-party data brokers,” he said.

“The danger is not just collection, but aggregation,” he warned. “Even anonymised datasets can be re-identified when combined with location, device and activity patterns. The industry calls this ‘insight generation’; regulators should call it behavioural exploitation.”

Many experts say this indirect use of data is particularly dangerous, because users never explicitly give consent to these outcomes, even though algorithmic decisions can affect access to loans, insurance premiums, employment and healthcare.

Pegasus And The Myth Of Digital Safety

Dubey also cautioned against assuming that any digital ecosystem is immune to surveillance, pointing to the Pegasus spyware controversy.

“The Pegasus episode clearly proved that no digital ecosystem, not even one marketed as privacy-first, is immune,” he said. “Encryption protects data in transit, but exploitation happens at the operating system and zero-day level. Absolute digital safety is a myth in a world of nation-state cyber warfare.”

According to experts, this reality makes the concentration of health and financial data within a few AI-driven platforms especially risky.

Who Really Owns Our Health Data?

While patients are legally recognised as owners of their health data, experts say control often shifts, the moment that data enters digital systems.

“Legally, patients own their health data, but technically and operationally, control shifts to hospitals, cloud providers and AI platforms, the moment this data is processed,” Dubey said. “When Indian health data flows through global AI systems, it effectively enters foreign legal jurisdictions. Ownership becomes theoretical, while access and influence are practical.”

He described this as the core sovereignty risk in health AI, warning that India could lose meaningful oversight over how its population-level clinical intelligence is used.

Breaches Underline Real-World Risks