Data protection and privacy: Are we ready?
“If you don’t protect what is yours, it won’t be yours for very long.. ”
The way data breaches are happening, privacy will be soon thrown to the winds. Today privacy is dead, and social media holds the smoking gun. Privacy being a trait of individuality, free from any kind of intrusion. It’s not what we are merely entitled to, but it is a power and virtue. It’s not just a right, but it is prerequisite.
The most fatal instance of privacy invasion dates back more than two decades.
“…It’s in august of 1997 that newspapers were brimmed with news of the death of Princess Diana. She was killed in a car crash while fleeing from the paparazzi who were chasing her at high speeds. The death has been welcomed by flashes and clicks coming from cameras…”.
World on internet
Today we are so engrossed in using the internet, unaware of the fact that all our activities are watched and our personal data is collected for either marketing purposes or sometimes for hacking sensitive information.
Our web searches, social media profiles and bios, makes a particular profile for us which are further used for marketing purposes. It also enhances our customer experience, which is beneficial for us on the other hand, but the question still remains legitimate — are we ready to let our privacy remain at stake?
Let me go the other way round.
How many of us consciously surf the internet, being totally aware that our single click is noticed ! If at every point we are cautious about it, won’t it change our carefree searches and usage?
Actually there are two kinds of people, the first one who knows their privacy is being compromised and others who don’t. Unfortunately, the larger chunk is from the latter category and not the former one. There is the third category of people who are aware about data security and privacy being discussed in day to day public discourse , still it does not interest them. Hence they go by their usual ways. It doesn’t make a difference to them how their personalised data is being shared and used, until consequences are practically shown to them.
Need of data protection and privacy concerns.
As the economy is becoming more and more digitally driven and the number of internet users and their online time is increasing exponentially , data confidentiality has become the need of the hour.The pandemic has increased people’s participation in the digital economy. Unfortunately, the number of personal data breaches from major digital service providers has increased worryingly in the same period, adding a sense of fear even in IT experts. Although a breach alone is not a disaster as such, mishandling it can certainly be. So here legislative actions step in, to avoid any serious repercussions.
Arousing controversies on data breach.
Let’s understand it by recent scenarios and cases highlighted.
According to Whats App’s updated privacy policy, users would no longer be able to stop the app from sharing data such as location and number, with its parent Facebook unless they delete their accounts altogether.Its privacy updates are designed to make the business interactions on its platform much facilitated then before while also personalising ads on Facebook. That is how the strategy came to picture.
But the larger side of the story is that, according to the Government, the app discriminates against Indian users vis-a-vis users in Europe on the matter of a choice to opt-out of the new privacy policy, which is there according to some laws of european union called the General Data Protection Regulation (GDPR), which shield them from sharing data from Facebook or grant them the ultimate power to say no to Whats App’s new terms of service.
The another recent alleged data breach at MobiKwik could stand to be India’s biggest breach with the data of 9.9 crore users at risk. Given the significance of data in this age, robust data protection regimes are necessary to prevent such events and protect users’ interests.
There is another instance in this regard.
In April 2018, Facebook accepted the fact that data of more than five lakh Indian users had been compromised in the scandal. The breach occurred after 335 Indian Facebook users downloaded an app owned by Global Science Research, which later sold the information to Cambridge Analytica . CBI filed a case against Cambridge Analytica, after the issue came to limelight in a data breach scandal.
Legislative action in data protection
In response to this, the government is ready to go with its Personal Data Protection Bill 2019. The main purpose of this Bill is the protection of privacy of individuals relating to their Personal Data and to establish a Data Protection Authority of India for the said purposes and the matters concerning the personal data of an individual.
However, the controversial side shows up in the act itself.
While on the one hand it protects the personal data of Indians by empowering them with data principal rights, on the other hand, it gives the central government with exemptions that the government can process even sensitive personal data when needed, without explicit permission from the data principals, which are against the principles of processing personal data.
Information technology act, 2000(IT act)
Although at present, the only existing act is Information Technology Act, 2000 (IT Act), which gives grieved individuals a right to compensation for improper disclosure of personal information.Presently, how different entities collect and process users’ personal data in India is mainly governed by the Information Technology Act, 2000, but this data protection regime falls short of providing effective protection to users and their personal data.The Supreme Court of India, however has recognised the right to privacy as a fundamental right under Article 21 of the Constitution as a part of the “right to life” and “personal liberty”. Two years ago, in August 2017,a nine-judge bench of the Supreme Court in Justice K. S. Puttaswamy (Retd) Vs Union of India unanimously held that Indians have a constitutionally protected fundamental right to privacy.
Way forward
In this digital age, data is a valuable resource that should not be left unregulated.In this context, the time is ripe for India to have a robust data protection regime.
The Joint Parliamentary Committee that is scrutinizing the Bill, is expected to submit its final report in the Monsoon Session of Parliament in 2021. This interim period shall be utilized to make some changes in the Bill, targeted towards addressing various concerns in it could make a stronger and more effective data protection regime.
At last, “Privacy is not an option and it shouldn’t be the price we have to pay for just getting on the internet. Of course full data security can never be secured on any network, still loopholes need to be looked at, to avoid the awaiting damage”.
