On March 16, the world was distraught to hear news about how Cambridge Analytics (CA) misused consumer data it procured from Facebook, to influence voters during US presidential elections. Facebook consumers were enraged to find that their trust with the social media platform was betrayed; their privacy was breached. Consumer data was being sold to third parties without consumer consent.
What’s to stop Facebook and other platforms from selling consumer data from Indian subscribers? It’s a well-known fact that there are inadequate laws in India, to protect consumer data and privacy.
In an email interview, we asked Pankit Desai, Co-founder and CEO, Sequretek what needs to be done, at an industry level, in government and at a consumer level.
Pankit Desai: Adequate laws which strongly advocate protection of consumer data (are needed). Currently, the laws don’t spell out stringent guidelines for companies who own the consumer data and how can they share it. Taking advantages of the loopholes, consumer data of any volume can be bought or sold just like any commodity. We believe data is the new oil in the 21st century; hence it is important that companies collecting consumer data should evaluate the third-party partner before sharing the data with them.
Even at the enterprise level, companies should design strict data sharing policies with an outsider entity.
DC: What role can government and the regulator play in securing consumer data that lies on servers in other countries — and outside the jurisdiction of the consumer’s country?
Pankit Desai: Many countries including ours, have time and again raised this issue with tech majors like Facebook and Google, about storing data on US servers. Being a private organisation, there can’t be much done by the government of the other country. The State heads of these countries should jointly mull a policy initiative where data of citizens of one country should not be stored on foreign servers.
DC: What can government’s do to prevent misuse of consumer data to rig election results or to influence voting?
Pankit Desai: The biggest hurdle government agencies could face is that they are unable to keep pace with the evolution of technology, especially concerning consumer data. To avoid a scandal like CA, election bodies should take an active role in defining the quantum of voters’ data that can be used for profiling and targeting by political parties.
DC: What do companies like Facebook and Google need to do to ensure privacy, even as they pass on data to the ecosystem of partners?
Pankit Desai: Today, the fine print hides what consumers give away as rights while using these data aggregator services. The way their data can be used or abused is something that there is just no understanding of the service users, just like the way hazardous warnings are put on cigarette packets. The risk to individuals is similar, if not higher since the collective consciousness of a generation can now be moulded using the large database at these companies’ disposal. Whilst the companies, I am sure, will learn from this and put a process that guards their data, I am looking towards a regulatory framework that finds a way to audit these practices, and not just leave it to their self-certification. And lastly, there will need to be an awareness campaign that continues to educate the user base on the rights they are giving up by using these platforms.
You might also want to read: Lessons learned from the Facebook-CA incident
