Public perception and public discourse on data privacy and protection have changed drastically all around the world. People are now apprehensive about sharing information on social media and other platforms. The New York Times, alongside The Guardian and The Observer, recently reported that Cambridge Analytica stole personal data of millions of Facebook users to use for clickbaiting. This information has taken the US by storm and many people called for deleting Facebook. The public debate on data privacy and protection reached its peak in India after the landmark Puttaswamy judgment by Supreme Court (2017). However, it is important to understand how and why such personal data exploitation happens, the consequences of a data privacy law, and what we can learn from such laws in other countries.
There have been major breaches of trust by technological companies in recent times. The activity-tracking application Strava accidentally revealed the locations of secret military bases through its data-populated heat maps. The dating platform Grindr shared its users’ HIV status with third parties. India's giant one billion public database of Aadhaar has been repeatedly hacked. Recently, European Union has questioned Google for demanding Android smart phone manufacturers to install the Google app along with its search option.
The data privacy debate is mostly about ignorance of the users with regard to compilation and sale of their personal data. The terms and conditions are too long to read and users just sign them agreeing with many questionable clauses. The hype around social media platforms instills a fear of being left out among users, not to miss the personal and professional updates posted by their colleagues, family and friends. It is not easy to abandon social media because of the networks and connections, as well as the addiction. When it comes to other websites like Google or Amazon, their usage is linked across services through browser cookies and cross-device tracking. Every click is saved by the service providers to sell the products based on user’s usage patterns, often without the users being aware of it.
The revenue model of platforms like Google, Twitter, and Facebook gives free service to users in return for their personal data. The service providers (mis)use the data in various ways. One, private data is used for targeted advertisements of products and services. This raises serious privacy concerns. Yet this is the least pernicious way of using data and one can always choose to not to view those advertisements. An example of the same is the Netflix recommendation engines. Two, private data can be unethically used as secondary data for analysis of market trends and forecasts. Three, private data of likes, posts, comments, and clicks are sold to third parties. Cambridge Analytica obtained raw private data of millions of users without many of them knowing about it. Since the users did not consent to share their data with the third party, this is classified as a criminal offense.
There are also security concerns with networked and borderless nature of present technology. Since most of these technology companies are based in the USA, the data of users is stored in the servers located in the USA. Currently, Indian law enforcement agencies require approval from the department of justice in Washington, DC, Federal Courts in the US, and the Federal Bureau of Investigation for accessing data of users in those social media platforms. Because of these reasons, Chinese government has regulated the popular platforms like Facebook, Twitter, WhatsApp, etc. and favours Chinese counterparts like WeChat. A possible solution could be to mandate the tech companies to have their data server that contains Indian users’ information in India itself. This will be not a logistical issue because there are approximately 500 million Internet users in India.
Given that every possible industry from retail and automotive to finance and healthcare uses data driven technologies, the need for clearly defined data privacy laws is very pertinent. Among the privacy laws around the world, General Data Protection Regulation (GDPR) of European Union stands out among others as the most recent and stringent data protection or privacy law. GDPR that will come into effect from May 25, 2018, is a game changer and it gives more power to consumers. It ensures that consumers know, understand, and consent to the data collected about them. It clearly defines personal data as something that can be used to identify either directly or indirectly, such as name, phone number, email address, place of birth and even one’s IP address. It gives the right to be forgotten, which obliges the controller of data to erase personal data without undue delay. The controller also needs to ask for content in an intelligible and easily accessible form, using clear and plain language. This mandates the terms and conditions agreements to be simple and ensures that consent given by the user is an informed decision. Consumers will also obtain the rights to access what data companies store about them, to correct inaccurate information, and to limit the use of decisions made by algorithms, among others. It also ensures that data are only collected for specified, explicit and legitimate purposes, are accurate and up-to-date, and not kept for longer than necessary.
The platforms discussed above have made the world more connected and brought terabytes of knowledge and information at our disposal. Also, services like Aadhaar have equipped governments to reach out to the beneficiaries in a more efficient manner with few misappropriations and improved the accountability of vendors. However, all the public and private organisations that compile, store, and utilise user data should realise that there is a huge potential of personal data to be misused for manipulation and cyber crimes. We need a comprehensive data privacy and protection law that not only recognizes and protects privacy as adjudged by Supreme Court, but also considers the future trends that are bound to arise from the ever innovating technological industry.
Ahluwalia, S. (April 3, 2018). In an age of leaks, just lock your data & sell it. Observer Research Foundation. Retrieved from https://www.orfonline.org/research/in-an-age-of-leaks-just-lock-your-data-sell-it/
Bhatia, G. (April 29, 2017). The Supreme Court’s Right to Privacy Judgment – I: Foundations By Gautam Bhatia. Retrieved from http://www.livelaw.in/supreme-courts-right-privacy-judgment-foundations/
Kantar TNS. (2017). Connected Life. Retrieved from http://connectedlife.tnsglobal.com/
Malik, A. (June 12, 2017). Real privacy debate is about Internet companies who are the repositories of enormous data. Observer Research Foundation. Retrieved from https://www.orfonline.org/research/real-privacy-debate-about-internet-companies-who-are-repositories-enormous-data/
Ministry of Law and Justice (2016). The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. Retrieved from https://uidai.gov.in/images/the_aadhaar_act_2016.pdf
Ministry of Law, Justice and Company Affairs (Legislative Department). (2000). The Information Technology Act, 2000. Retrieved from http://www.dot.gov.in/sites/default/files/itbill2000_0.pdf
Roofthooft, B. (June 5, 2017). Is the GDPR a game-changer? The Reference. Retrieved from https://www.the-reference.com/en/blog/bartroofthooft/2017/gdpr-game-changer
Saxena, S. (May 15, 2017). Data Protection in India. Live Law. Retrieved from http://www.livelaw.in/data-protection-india/
Sterling, B. (Feb 20, 2018). The General Data Protection Regulation: What it says, What it means. Wired. Retrieved from https://www.wired.com/beyond-the-beyond/2018/02/general-data-protection-regulation-says-means/
Image Credits: https://www.unglobalpulse.org/privacy
 On 24th August 2017, a nine-judge bench of the Supreme Court delivered its verdict in Justice K.S. Puttaswamy v/s Union of India, unanimously affirming that the right to privacy is a fundamental right under the Indian Constitution. The case became a constitutional issue when the Attorney-General for India defended the challenge to Aadhaar Scheme by stating that Constitution did not guarantee any fundamental right to privacy.
Subscribe to our weekly newsletters.
Get all our posts, blogs and video content via e-mail.