‘Current Indian laws are inadequate to protect consumer data’

by | Apr 4, 2018

data privacy, personal data collection, Data Privacy, Cambridge analytics

On March 16, the world was distraught to hear news about how Cambridge Analytics (CA) misused consumer data it procured from Facebook, to influence voters during US presidential elections. Facebook consumers were enraged to find that their trust with the social media platform was betrayed; their privacy was breached. Consumer data was being sold to third parties without consumer consent.

What’s to stop Facebook and other platforms from selling consumer data from Indian subscribers? It’s a well-known fact that there are inadequate laws in India, to protect consumer data and privacy.

In an email interview, we asked Pankit Desai, Co-founder and CEO, Sequretek what needs to be done, at an industry level, in government and at a consumer level.

Pankit Desai, Co-founder and CEO, SequretekPankit Desai: Adequate laws which strongly advocate protection of consumer data (are needed). Currently, the laws don’t spell out stringent guidelines for companies who own the consumer data and how can they share it. Taking advantages of the loopholes, consumer data of any volume can be bought or sold just like any commodity. We believe data is the new oil in the 21st century; hence it is important that companies collecting consumer data should evaluate the third-party partner before sharing the data with them.

Even at the enterprise level, companies should design strict data sharing policies with an outsider entity.

DC: What role can government and the regulator play in securing consumer data that lies on servers in other countries — and outside the jurisdiction of the consumer’s country?

Pankit Desai: Many countries including ours, have time and again raised this issue with tech majors like Facebook and Google, about storing data on US servers. Being a private organisation, there can’t be much done by the government of the other country. The State heads of these countries should jointly mull a policy initiative where data of citizens of one country should not be stored on foreign servers.

DC: What can government’s do to prevent misuse of consumer data to rig election results or to influence voting?

Pankit Desai: The biggest hurdle government agencies could face is that they are unable to keep pace with the evolution of technology, especially concerning consumer data. To avoid a scandal like CA, election bodies should take an active role in defining the quantum of voters’ data that can be used for profiling and targeting by political parties.

DC: What do companies like Facebook and Google need to do to ensure privacy, even as they pass on data to the ecosystem of partners?

Pankit Desai: Today, the fine print hides what consumers give away as rights while using these data aggregator services. The way their data can be used or abused is something that there is just no understanding of the service users, just like the way hazardous warnings are put on cigarette packets. The risk to individuals is similar, if not higher since the collective consciousness of a generation can now be moulded using the large database at these companies’ disposal. Whilst the companies, I am sure, will learn from this and put a process that guards their data, I am looking towards a regulatory framework that finds a way to audit these practices, and not just leave it to their self-certification. And lastly, there will need to be an awareness campaign that continues to educate the user base on the rights they are giving up by using these platforms.

You might also want to read: Lessons learned from the Facebook-CA incident

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles