Calls for implementing measures reducing data vulnerability and preventing erosion of user privacy have been resounding worldwide.
While all of us would agree that “data is the post-prized commodity in the digital age”, protecting it and ensuring data privacy becomes extremely critical. It is a well known fact that India is the second largest online ecosystem in the world with over 900 million internet users. With the rising internet penetration this number is bound to increase sharply in the next 5 years. India is reported to be dealing with the second-largest number of data breaches reported globally. At this time, it is crucial to educate users about data collection and privacy and also to build laws which protects individuals from misuse of their personal data.
With the digital shift and services moving to the cloud there is a large amount of highly precise personal data being exchanged not just through the websites we browse or the apps people use on their mobile phones but also through appliances such as security/surveillance cameras, digital doorbells, temperature control thermostats, smart home automation, digital assistants to name a few. The data collection’s primary use case is to improve and personalise the services offered, however, it can be misused to evade an individual’s privacy, security and trust. Analysis of this data, when collected over an interval of time, can lead to the identification of individuals, inferring information about a person’s beliefs, preferences, religion, or health. They can eventually be used to influence, cause threats to personal safety, targeted advertising, fraud and hacking. For example, analysing an individual’s location data to determine the stores/places an individual visits and with what frequency can lead to identification of interests, social behaviour and also socio-economic status.
For organisations, a data security incident could lead to legal and business implications and also a lack of user trust. Facebook-Cambridge Analytica fiasco is one of the infamous data breaches, in 2018 data for almost 87 million Facebook users was used without their consent and understanding. The data inappropriately obtained from Facebook was used to create voter profiles and used for political advertising (without consent). This was the biggest data leak faced by Facebook. This drove awareness of data privacy issues, how the concept of privacy is changing and highlighted customer anxiety about getting accustomed to the technological advances but not still fully aware of the extent of privacy erosion and the trade-offs in the quality of service vs privacy related opt-outs. There are privacy settings exposed by companies however they are not easily understood and there is also not clear about the impact on user experience on disabling certain kinds of data access. For governments, a privacy breach could lead to the risk of leaking confidential national information.
Changes to tech and data related laws is a global challenge. Europe’s General Data Privacy Regulation (GDPR) which took effect in 2018, defines and unifies privacy regulations with the European Union (EU). GDPR not only gives privacy controls to individuals but also places obligations on organisations holding their data. China announced data privacy regulations with the Personal Information Protection Law (PIPL) in 2021. These laws also outline the data privacy requirements for companies based outside of China/EU for managing and using the data of their citizens. The US does not have a single privacy law but a combination of state or sector specific laws such as California Consumer Privacy Act (CCPA) introduced in 2018, followed by California Privacy Rights Act (CPRA) in 2020 and Health Information Privacy and Portability Act (HIPAA).
However, unlike the rest of the world which has privacy laws and regulations which aim to protect the privacy of citizens, India still does not have a privacy law to safeguard its citizens. In Aug 2017, the Supreme court of India declared the right to privacy as a fundamental right for Indian citizens protected by the Indian constitution. Following the right to privacy, India introduced the Data Privacy Bill in 2019, however it was withdrawn in 2022 and no new legislation has been proposed so far. India needs to step up its efforts and have data privacy laws aligning with the global vision around data privacy. The regulations take out the burden from citizens and establish a clear vision for organisations to comply with them.
Views expressed above are the author’s own.
END OF ARTICLE