Free means pay­ing with your data: Mishi Choud­hary

Governance Now - - FRONT PAGE -

The il­le­gal shar­ing and usage of 87 mil­lion Face­book users data have put the spot­light on the risks data breach poses to in­di­vid­u­als and democ­ra­cies around the world. Cam­bridge An­a­lyt­ica, the po­lit­i­cal con­sul­tancy firm which il­le­gally har­vested data us­ing the app ‘this is your dig­i­tal life ’, worked with the Don­ald Trump elec­tion team to make soft­ware to pre­dict and in­flu­ence vot­ers in the 2016 pres­i­den­tial elec­tions. The Uk-based firm is also al­leged to have in­flu­enced the Brexit ref­er­en­dum. Early in April, In­dia’s min­istry of elec­tronic and IT had is­sued no­tice to Cam­bridge An­a­lyt­ica and Face­book seek­ing de­tails of In­dian users whose data was shared il­le­gally. Face­book said that 335 peo­ple in­stalled the app in In­dia that lead to dis­clo­sure of 5.6 lakh users data. The min­istry is still con­tem­plat­ing if it would ini­ti­ate ac­tion against the two firms.

As the government pre­pares to bring in leg­is­la­tion on data pro­tec­tion, Pratap Vikram Singh speaks to Mishi Choud­hary on the risks data breach poses to In­dia and ways to cur­tail it.

What does the Face­book data breach means for In­dia?

There is no com­pre­hen­sive leg­is­la­tion that re­quires com­pa­nies to re­port on data breach or to pro­vide in­for­ma­tion to users and com­pen­sate for their losses. The news of data breaches is be­com­ing com­mon­place but we don’t see any ac­tion against par­ties who have failed to pro­tect that data. The prob­lem is as big as the size of data col­lected for in­dia’s large user base.

What kind of risks it poses to peo­ple and so­ci­ety?

From ex­ploita­tion in re­cruit­ment, dif­fer­en­tial pric­ing for goods and ser­vices to in­flu­enc­ing po­lit­i­cal choices, any­thing that can be im­pacted by data will be im­pacted by such breaches.

While the government prom­ises to take strin­gent ac­tion against data breaches, it is of­ten seen in a de­nial mode when a breach, es­pe­cially re­lated to Aad­haar, is re­ported in me­dia. Your com­ments?

Where there is data, there is a high pos­si­bil­ity of breach. We can only build se­cure sys­tems by ac­knowl­edg­ing their vul­ner­a­bil­i­ties and pre­par­ing for breaches. Trans­parency in re­port­ing on data breaches is paramount and the first step towards build­ing se­cure, ro­bust sys­tems. The government should in­vite ex­perts to solve prob­lems, point out weak­nesses in the sys­tem. We are all on the same side of build­ing a se­cure dig­i­tal in­dia.

What are your ex­pec­ta­tions from the pro­posed data pro­tec­tion law?

The ob­jec­tives of data pro­tec­tion leg­is­la­tion must be de­scribed in terms of peo­ple, not data. it should also not be about con­sent, but con­trol. What we call ‘data pro­tec­tion’ law must be our guar­an­tee of dig­i­tal safety against mass ac­ci­dents and de­struc­tion of in­di­vid­ual and so­cial welfare. The law we need is not about getting, man­ag­ing or au­tomat­ing con­sent. The ob­jec­tive is not con­sent, but con­trol. Peo­ple should be able to con­trol ac­cess to in­for­ma­tion about them.

The pur­pose of data leg­is­la­tion is not to ‘un­leash in­no­va­tion’ or to sub­sidise star­tups with favourable le­gal rules.

Fines for data breaches should be heavy and cal­cu­lated as a per­cent­age of global rev­enue. Time limit for dis­posal of any com­plaint should not be more than a year and con­sent should not be a suf­fi­cient ba­sis for de­ter­min­ing the re­spon­si­bil­i­ties to pro­tect data about peo­ple.

How can data shar­ing with­out user con­sent be checked? How can we stop re­cur­rence of breaches sim­i­lar to the one re­lated to Face­book, ‘this is your dig­i­tal life’ a pp?

stop us­ing the apps that don’t clearly in­form you of how they use your data. de­mand easy to read and un­der­stand terms and con­di­tions. use pri­vacy pro­tect­ing prod­ucts like duck­duckgo and Free­dom­box. learn to pay for on­line ser­vices and not ex­pect free; as free only means pay­ing with your data.

Is data lo­cal­i­sa­tion the an­swer?

no mat­ter where the data is stored, all com­pa­nies should be sub­jected to the same reg­u­la­tions. Cur­rently, we have no com­pre­hen­sive data pro­tec­tion so how will lo­cal­is­ing data solve

any­thing?

How can users have a con­trol over their data?

it is not easy un­less the plat­forms make data usage and shar­ing trans­par­ent. They start seek­ing pro-ac­tive con­sent at each stage of data col­lec­tion and shar­ing. The users on their part should have the abil­ity to with­draw con­sent at any time.

pratap@gov­er­nan­cenow.com

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.