1. Data protection in the modern age is critical
2. A user must keep a tab of what kind of information is shared on a public domain.
3. Companies need to build better infrastructure to ensure user data is protected.
We live in an increasingly digital-driven world. It’s a world where our personal data is flowing freely online. Whether it’s information close to us such as our date of birth, private chats or even financial data, we find ourselves interfacing with the online world on a continuous basis. Irrespective of whether we understand how these services work around secure data on the internet, there exists a major worry over the possibility of that information and data getting hijacked for potential misuse. Some businesses use our information for targeting ads, while vandals use it for ransom. What differentiates the two is intent, and understanding the intent needs perspective.
There’s no running away from this threat looming large. As long as you’re connected to the online world – whether through a smartphone or through a computer, data continues to remain sensitive as ever. Even with a minor loophole, personal data of millions of users like you and me is put to risk. Each time a bug is discovered, we, as end users are quick to hold the company accountable for not ensuring the safety of our data. But is that the solution to the bigger problem?
Data protection in the modern age
In a conversation with BGR India, Mishi Choudhary, a technology lawyer and founder of SFLC.in, stressed on the need for the end consumers to become more responsible about their data and control its exchange. With the increased usage of the digital medium for everyday communication, it is evident for us to rely overtly on services or apps to protect the exchange of data on their platforms.
Whether it is lack of understanding or patience, we find ourselves impatient while signing up for a new service. In fact, we are in such a hurry that we choose to overlook the terms and conditions. If a notification pops up, the hurried nature we have acquired compels us to tap our way into using a particular app or service without understanding what all it entails.
This results in ads you don’t want to see, and emails you don’t remember signing up for. Also not to ignore, the pesky calls you receive at the most unexpected hour to sell you a policy you don’t need. All of it is connected to big data. Large companies ensure your data stays within their ecosystem. But if you, as a user, don’t understand what you have signed up for, how is it possible for you to claim injustice?
Need for change
“This can change by demanding simplified Terms of Service from companies, insisting on laws that insist on simplification devoid of any obscure legal jargon and choosing products that respect their privacy,” suggests Choudhary. Today, if someone wants to sign up for a simple messaging service such as WhatsApp, all they need to do is have a valid mobile number and enter the required details to hop on the platform and start exchanging every kind of data. Now, when such a service is connected to an even larger platform like Facebook, and linked to the third service like Instagram, what are the odds of seeing a product ad on one platform, which you possibly scrolled by on another ‘related’ platform?
Choudhary says, “Some of the consumers love being bombarded with ads, while others, like me, use ad-blockers everywhere. The business model of the internet is surveillance-led advertising. If you want everything for free, you will have to give something in return. In this case, it is you, your data, and ultimately your independence.”
A user can control what goes out
Hardip Singh, Executive Director, Optiemus Infracom – a Delhi-based company which entered into a licensing agreement with BlackBerry for manufacturing and marketing BlackBerry-branded devices in India, reiterates the need for users to protect their data in the modern age. “As technology evolves there are challenges and opportunities both. Today rapid mobility changes have enabled us to live our lives on-the-go, right from how we book transport, to ordering our food, to our entertainment consumption habits to almost living our life online! Indeed, it’s a connected world out there. Perhaps what, therefore, has emerged as an even more critical aspect is how are we protecting ourselves in this online world.”
Truecaller Insights 2017 report discovered that India is plagued by the highest number of spam calls in the world, with the average Truecaller user receiving 22.6 spam calls per month. The problem is not only of spam calls but offensive/obscene messages as well. As per a recent survey by the company, it was found that one in every three women in India receives sexual and inappropriate calls or SMS at least once a week. The unwanted content flowing on the internet thus also leads to a bigger problem related to online harassment.
Choudhary explains, “There is no comprehensive data protection legislation in India, the companies are under limited obligations to protect the users’ data.” To prevent instances where data is compromised to the level of reaching the dark web or leading to wrongful exposure of content to minors who use the internet, Mishi suggests that there is a need to introduce changes to the data protection legislation.
“The objectives of data protection legislation must be described in terms of people, not data. All persons are entitled to control the collection of information about them: about their bodies, their behavior, and their thoughts. So, the law we need is not about getting, managing, or automating consent. The objective is not consent, but control. People should be able to control access to information about them,” she added.
Opt-in or Opt-out
Most times we end up signing up for services, because at that moment, the only way to gain access is to ‘subscribe’. Post the bombardment of pesky emails, one has to manually scout for the unsubscribe button to ensure a cursory glance at airfares does not become a daily discount deal.
Choudhary, who is a big proponent of opt-in systems says that there needs to be an ease of withdrawal of consent by the user. One should have the right to object anytime to the processing of personal data including profiling. “We should actively opt into a system where we know we will be profiled instead of default being the burden to opt-out.”
She says, “Regulations should require that people ‘know’ who is requesting data about them, not that they should consent not to know and let everything operate in the dark.”
Daily status updates, photo uploads, airport check-ins and what not. The daily life on the internet has made us almost ignorant to what underlies the pool of data. Now you might say you have ‘dumped’ so much data on the internet that you have almost forgotten about it. If you want to protect your digital identity from compromising your real identity, the time is now to take necessary precautions.
If you sign up for a service, be sure to hit the ‘Settings’ or ‘Manage My Account’ section every now and then. Maintaining digital hygiene is as critical as ensuring your guests do not end up reading your electricity bill. The privacy goes beyond just browser history.
“Why should all the responsibility always be of the centralized platforms? By asking such companies to do everything for us and shunning our own responsibilities, users tend to empower large giants who are the only ones who can comply with regulations thereby discouraging new small players,” says Choudhary.
So what else can a user do other than ensuring their data is as private as they want it to be? She suggests, “You can use ad-blockers, opt for search engines that respect privacy like DuckDuckGo and send a message about what you want instead of being beholden to whatever is offered to you by the companies in a take it or leave it manner.”
Additionally, you could look at services and hardware which offer encryption. Today, the technology for end-to-end security makes it difficult for prying eyes to snoop onto the data exchange. Smartphone manufacturers such as Apple and BlackBerry claim to offer highly secure devices; the latter in particular now offers a dedicated DTEK security app which helps users configure their device for optimal security and provide visibility into how applications are accessing their personal data.
It is also imperative that you are cautious about the kind of network you latch your devices on. If you are using public Wi-Fi then you must ensure you take necessary steps such as using a VPN app or service to access your data online, or ensuring you do not install dubious apps or access malicious websites on open networks, which are often the breeding zones for malware.
And as Choudhary suggests, try considering digital detox once a while. “Even if it sounds difficult at the moment, a life that is less dependent on these apps is possible. There is an increased demand for privacy-respecting products. With more education, customers can understand the trade-offs they are making and make better, informed choices.People can decide if Rs 50 discount is what they want over a digital leash that follows them everywhere while aggregating data and building a comprehensive profile. Convenience cannot trump everything.”
What companies can do
It takes two to tango. Having only the consumers be protective of their data is not the only solution. If everyone starts overtly protecting their data and nothing goes out, the internet health will suffer, and so will the advertisers and publishers.
In a bid to win consumer trust and ascertain the data is protected, it is critical for companies and service providers to build a better infrastructure and be more transparent with the users. As Singh says, “It is the ethical responsibility of every business to ensure security of user data.”
“Passwords or pin locks are easily hackable,” warns Singh. The need for transparency and infrastructure is all the more heightened in such a scenario.
The issue of Aadhaar
In a country like India, which is on a digital revolution, the most complex of issue is that of Aadhaar. The government-initiative is looking at having each citizen ‘profiled’ for their income, expenditure, assets, even mobile numbers. Time and again, reports have emerged about Aadhaar servers with loopholes, putting to risk crucial data of millions of citizens of the risk of hacking.
“Centralized systems create high levels of risk. You cannot solve what is a design problem with laws as an afterthought,” says Mishi. While the agency behind the initiative, UIDAI has claimed that Aadhaar is absolutely safe, there still remains a concern amongst users about the possible vulnerabilities with more sophisticated attacks.
Singh reiterates, “The Government has constituted a committee that’s working on the data protection bill. Awareness on data privacy and security is imperative in today’s world. The conversation and importance of cybersecurity encompasses the whole ecosystem and it is greater awareness and taking the right steps required to address this issue.” For telecom operators, health personnel, or social networking services, it is important to safeguard the data of the very users these agencies serve in order to continue innovating without compromising privacy.