They call for expediting the process of making a data protection law
In one of the largest data leaks in social media history, Cambridge Analytica, a London-based political consulting firm linked with US President Donald Trump’s 2016 election campaign, allegedly extracted Facebook data from 50 million user accounts without consent. A loophole in the social network’s application programming interface or API allowed a third-party to collect data through its apps of not only the app users but also from their friends network. The firm is accused of creating psychological profiles to influence how people vote or even think about politics and society or “behavioural microtargeting with psychographic messaging” that could have affected the polls.
Even Congress has been facing criticism for its possible link with Cambridge Analytica ahead of the 2019 general elections, with the whistleblower testifying that the party had employed the controversial firm for certain "regional projects".
Sinha says the central issue is that the psychological quiz app that passed on the data to Cambridge Analytica “need not be the only app at that point of time” and that once Facebook digs out details of other apps that had a similar access during the period, “we will see what sort of apps gained that level of data and whether it still exists somewhere and has been utilised for Indian electoral purposes”.
Sinha added that as bad actors are always present in a system who abuse it and its loopholes, the central blame of the data leak falls on Facebook because it was responsible to guard the users’ data. He also raises a question that if Facebook had plugged the gap in 2015 as they claim, for how long is that data valid and how it can be used in influencing elections.
Osama Manzar, Founder and Director, Digital Empowerment Foundation says data privacy protections currently in place are “no longer enough to encompass all the technological advances made in the past two decades”.
“India is in the process of making a data protection law and this process needs to be expedited. The existing provisions in the IT Act are not stringent enough. The law should adopt and adapt the EU's General Data Protection Regulation (GDPR), which is set to come into force this May. The GDPR places strict collection on the purposes that data can be collected and how it can be processed. It has a provision for the right to be forgotten, which ensures that residents can ask that their data be deleted from databases under the right circumstances,” he adds. Google has also recently updated its EU User Consent Policy to reflect the new legal requirements of the GDPR.
Both Sinha and Manzar agree that the way forward is digital literacy and awareness, especially in a country like India where there are many first-time internet users. “A lot of people work with the default settings, so the other question is the know-how. People do want to post pictures and their personal moments (on social media). In that case, we should be well aware of these privacy laws... At the end of the day, you are dealing with your own data. Just the way when you walk out of the bank, you look at your passbook very carefully, (in the digital world) you should be careful about the permissions you are giving to an app. The challenge is that we are not taught through our education as to how to deal with this expression of data,” Sinha says. “Initially, it will need a conscious effort but over the time, it will become a subconscious activity similar to how we look at both left and right while crossing the road.”
Manzar adds that privacy policies need to be understandable by the common people and not be written in complicated, legal language, especially in India that has language barriers and low literacy rates. “Strict onus of accountability needs to be placed on bodies that collect data,” he says, adding that there needs to be a regulation of such platforms “but what is the right kind of regulation needs to be debated. In a country like India, with the current political climate, regulation left solely to the government might do more harm than good.”
Move from news to views and get in-depth reports on issues that matter to you, every fortnight. Subscribe now »
We are a voice to you; you have been a support to us. Together we build journalism that is independent, credible and fearless.You can further help us by making a donation. This will mean a lot for our ability to bring you news, perspectives and analysis from the ground so that we can make change together.
Latest Facebook data breach episode is a reminder that rise of Big Data represents a massive engineering of society with ominous implications for notions of freedom, privacy and justice
Comments are moderated and will be published only after the site moderator’s approval. Please use a genuine email ID and provide your name. Selected comments may also be used in the ‘Letters’ section of the Down To Earth print edition.