Need to protect personal data in digital age
The abuse of over 50 million Facebook users’ personal information by Cambridge Analytica for political gains not only gives a body blow to the trust that Facebook users reposed in the platform, but raises once again questions about the safety of consumers’ personal data in the digital age.
Responding sharply to revelations of data harvesting and manipulation, Consumers International, a coalition of consumer groups worldwide, called on Facebook ‘to start a constructive dialogue with the global consumer movement, to address the personal data implications of their business on consumers and ensure that we build a digital world consumers can trust’. CI also put forth the demands from consumer groups that Facebook (a) inform all users whose data was accessed by Cambridge Analytica, about how it was used (b) give them clear information on the measures that it will implement to eliminate the consequences and risks to these consumers and (c) provide information on how it will compensate consumers for the misuse of their data and how it will reimburse them the ‘economic value that was gained out of the exploitation of the data belonging only to them’.
Interestingly, only last fortnight on World Consumer Rights Day (March 15), CI had focused on ‘Global action for a better digital world’ and called for access to fair and secure internet for all, action against scams and frauds and better consumer protection online. Emphasising the need for comprehensive laws aimed at personal data protection and their stringent enforcement to bring about consumer trust in e-commerce, CI pointed to global surveys where consumers had said that having control over how their personal data was used was more likely to make them trust a company. “Consumers are left in the dark when it comes to how their data is collected, stored and shared. Even if information is shared, it can often be written in complicated technical language that makes it hard for people to understand. Also, the prevalence of disclosure and consent models leaves consumers with little opportunity for control or understanding,” CI said.
It’s now well recognised that data protection needs a comprehensive law and several countries around the world are drafting or have already drawn up such laws. The European Union’s General Data Protection Regulation, which replaces the Data Protection Directive and is enforced from May 25, 2018, for example, has certain important provisions, such as the ‘Data Erasure’ or ‘the right to be forgotten’. In other words, if the data is no longer relevant for the original purpose for which it was collected or if the subject wants to withdraw consent, he or she can ask that the data be erased. Similarly, informed and explicit consent is necessary for collection, storage, dissemination and disclosure of information and withdrawal of consent must be easy. Likewise, the Regulation provides for ‘right to access’– or right to know whether any personal data is being stored or processed and if so, where and for what purpose. It is also mandatory to notify consumers of any breach in the data. The Regulation also provides for steep penalties for violations.
In India, even before the government constituted a Committee of Experts on Data Protection Framework to draft a data protection law, MP, Baijayant Panda, had introduced in Lok Sabha , a comprehensive Private Member’s Bill to ‘codify and safeguard the right to privacy in the digital age and constitute a Data Protection Authority to protect personal data’. Hopefully the committee and the government will come up with a comprehensive, stringent law on data protection without delay.