Updated: September 16, 2020 3:53:31 pm
Written by Shilpa Kumar
A harmless social media “like or share” that could eventually influence an election outcome seems a far fetched illustration of the “Butterfly Effect” — a small change triggering a significant outcome. That’s what “The Great Hack” suggests. The feature film on the Cambridge Analytica saga traces the journey of personal digital data and suggests that it played a central role in crafting winning electoral strategies in large democracies like the USA and UK in 2016. It focuses attention on how small bits of digital information can have large implications and also have a bearing on an individual’s privacy.
COVID has made this an important discussion. People across the entire socio-economic continuum have been compelled to work, study, shop and entertain themselves online. What have we been revealing about ourselves online as we increasingly live digital lives? How might our data be used? How will it affect our lives? “Privacy” has become a trending topic of discussion across households and has now been catapulted beyond the elite world of technologists, think tanks and futurists.
Historian and philosopher Yuval Noah Harari has a sobering view of the digital future. He sees data at the heart of the challenge that society will face in the 21st century where a small elite with control of data could fast become a digital dictatorship. He seems surprised at the willingness of people worldwide to give away their “valuable assets (personal data) in exchange for free email services and cat videos”. And compares this to African and North American tribes who unwittingly sold entire countries to European imperialists in exchange for colourful beads and cheap trinkets.
A pre-pandemic study done by Arrka, a Bengaluru based cyber security firm throws fascinating light on the approach to digital privacy of consumers. It looked at 100 organisations in India that have created some of India’s most popular apps and websites. There are four significant takeaways in terms of how they collect and use data.
One, data collected by apps far exceeds what they require for providing their service. The numbers are staggering. Seventy-five per cent of Android apps sought and used the location of the user even though half of them did not need this for the functionality they provided. Eighty-six per cent of these apps could write to their customer’s external storage and 58 per cent had access to their cameras. A third of the apps also had access to users’ microphone and could read their SMS.
Two, there was significant sharing of user information with third parties. All the websites that were studied had third party trackers and on average there were 22 such trackers for each website.
Three, nearly all the user data travelled outside the country.
And four, almost all of this happened with the explicit consent of the user when she assented to it while signing up or downloading the app. Arrka’s rating of the privacy notices displayed by these apps was rated “very confusing/difficult”.
The study highlights the difficult choice for a consumer in availing a customised, convenient and cheap service even though it may entail sharing a lot more of their digital footprint. The issue probably lies in the binary nature of a number of user consent notices. The choice is largely about using the service with its myriad data demands or to forego the service itself.
COVID-related privacy debates have led to significant awareness around this issue and pushed the consent/accountability debate centerstage. Informing customers and taking their consent should not be the only baseline of privacy compliance. There needs to be greater accountability of businesses in terms of what data they hold and how they use it.
There is a growing maturity relating to privacy in Indian businesses. Some progress has already happened and was significantly influenced by the policies of app stores and nascent privacy regulation.
Arrka’s pre-COVID study itself showed a dramatic reduction in data accesses sought over a 12-month period. Greater awareness has also resulted in a significant plunge in data sent to third party providers like advertising and analytics companies.
Privacy regulations are the larger force in drawing the boundaries for consumer data and privacy protection as the industry moves to a more mature phase. For instance, stringent laws in Europe have seen apps reading customer SMS and accessing user location drop to 4 per cent each, versus 29 per cent and 75 per cent, respectively, in India. The passing of the proposed Indian data protection bill will have significant positive implications for consumers and their data rights.
The last decade has seen tectonic shifts in technology and the digital world. Pioneers have rushed in to claim territory and mine digital gold. As with any gold rush, there is a time when the sheriff eventually comes in, laws are framed, and the dust settles down.
Over the next three years, India heads towards being a nation of almost a billion internet users. The debate on individual protection of their digital possessions must and will intensify. Consent based models of data access would need to be supported by the accountability of data holders.
The writer is investment partner, Omidyar Network India
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
© IE Online Media Services Pvt Ltd