“In the online world, free means paying with your data”

Mishi Choudhary, technology lawyer and managing partner, Mishi Choudhary & Associates, talks about the risks data breach poses to India

pratap

Pratap Vikram Singh | May 8, 2018


#Facebook   #Data Privacy   #Internet   #Data  


The illegal sharing and usage of 87 million Facebook users data have put the spotlight on the risks data breach poses to individuals and democracies around the world. Cambridge Analytica, the political consultancy firm which illegally harvested data using the app ‘thisisyourdigitallife’, worked with the Donald Trump election team to make software to predict and influence voters in the 2016 presidential elections. The UK-based firm is also alleged to have influenced the Brexit referendum. Early in April, India’s ministry of electronic and IT had issued notice to Cambridge Analytica and Facebook seeking details of Indian users whose data was shared illegally. Facebook said that 335 people installed the app in India that lead to disclosure of 5.6 lakh users data. The ministry is still contemplating if it would initiate action against the two firms.

As the government prepares to bring in legislation on data protection, Governance Now speaks to Mishi Choudhary on the risks data breach poses to India and ways to curtail it.

What does the Facebook data breach means for India?
There is no comprehensive legislation that requires companies to report on data breach or to provide information to users and compensate for their losses. The news of data breaches is becoming commonplace but we don’t see any action against parties who have failed to protect that data. The problem is as big as the size of data collected for India’s large user base.

What kind of risks it poses to people and society? 
From exploitation in recruitment, differential pricing for goods and services to influencing political choices, anything that can be impacted by data will be impacted by such breaches.

While the government promises to take stringent action against data breaches, it is often seen in a denial mode when a breach, especially related to Aadhaar, is reported in media. Your comments? 
Where there is data, there is a high possibility of breach. We can only build secure systems by acknowledging their vulnerabilities and preparing for breaches. Transparency in reporting on data breaches is paramount and the first step towards building secure, robust systems. The government should invite experts to solve problems, point out weaknesses in the system. We are all on the same side of building a secure digital India. 

What are your expectations from the proposed data protection law?
The objectives of data protection legislation must be described in terms of people, not data. It should also not be about consent, but control. What we call ‘data protection’ law must be our guarantee of digital safety against mass accidents and destruction of individual and social welfare. The law we need is not about getting, managing or automating consent. The objective is not consent, but control. People should be able to control access to information about them.

The purpose of data legislation is not to ‘unleash innovation’ or to subsidise startups with favourable legal rules.

Fines for data breaches should be heavy and calculated as a percentage of global revenue. Time limit for disposal of any complaint should not be more than a year and consent should not be a sufficient basis for determining the responsibilities to protect data about people.

How can data sharing without user consent be checked? How can we stop recurrence of breaches similar to the one related to Facebook, ‘thisisyourdigitallife’ app?
Stop using the apps that don’t clearly inform you of how they use your data. Demand easy to read and understand terms and conditions. Use privacy protecting products like DuckDuckGo and FreedomBox. Learn to pay for online services and not expect free; as free only means paying with your data.

Is data localisation the answer?
No matter where the data is stored, all companies should be subjected to the same regulations. Currently, we have no comprehensive data protection so how will localising data solve anything?

How can users have a control over their data?
It is not easy unless the platforms make data usage and sharing transparent. They start seeking pro-active consent at each stage of data collection and sharing. The users on their part should have the ability to withdraw consent at any time. n

pratap@governancenow.com

Comments

 

Other News

IIT Bombay Racing to launch ‘EVoX’ tomorrow

IIT Bombay Racing will launch its 6th generation electric car ‘EVoX’ in the institute’s on Saturday. The racing car developed by Formula Student team from India based at IIT Bombay is designed to run at 100 km per hour in just 2.88 seconds. It is powered by 40 KW motors, titanium uprights

SAIL supplies 10,500 tonnes of steel in Kishanganga hydroelectric power project

SAIL has supplied 10,500 tonnes of steel for the 330 mega watt hydroelectric project, featuring three power generating units of 110 MW each. The enterprise’s steel supply consists of TMT rebars, structurals, plates and sheets. SAIL had also supplied around 70 percent steel used in the

Algerian Ambassador visits Goa Shipyard

The recent visit of Ambassador of Algeria to India H.E. Hamza Yahia Cherif to Goa Shipyard Limited has given a boost to the PSU’s ambition of receiving international orders from the Mediterranean region. CMD, GSL, Rear Admiral (Retd) Shekhar Mital apprised the Ambassador about various

IOCL posts Rs 21,346 crore net profit in 2017-18

IndianOil has clocked a net profit of Rs 21,346 crore for 2017-18 fiscal as compared to Rs 19,106 crore in the last fiscal. The reported revenue from operations for 2017-18 FY was Rs 5,06,428 crore as compared to Rs 4,45,442 crore in 2016-17. IndianOil’s reported revenue from operation

NTPC to help Bihar improve power sector

A memorandum of understanding (MoU) was entered amongst Bihar government, Bihar State Power Holding Company Ltd. (BSPHCL), Bihar State Power Generation Co. Ltd (BSPGCL), North Bihar Power Distribution Company Ltd.(NBPDCL), South Bihar Power Distribution Company Ltd.(SBPDCL), Bihar State Power Transmission

ONGC team summits Mt Kanchenjunga

A team of ONGC has successfully scaled the third highest and most challenging peak, Mt Kanchenjunga. The first group comprising five ONGC employees completed the mission on May 20, 2018 while the second group of four employees and one Indian Mountaineering Foundation (IMF) member summited the peak a day la

Current Issue

Current Issue

Video

CM Nitish’s convoy attacked in Buxar

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter