November , 2020
Digital world needs strong policy to protect users’ privacy
12:04 pm

Tushar K. Mahanti


“We create our own digital trails that hackers and companies alike capture and use for a variety of marketing and advertisement targeting” - goes the saying. The world is fast digitalising and is leaving behind footprints to trail.


Countries across the world are moving towards digital economy, as it is not only revolutionising the way business is done but also creating new opportunities for growth and prosperity. Technological advances and digital connectivity are spurring innovation in business models, business networking and knowledge transfer while also facilitating access to markets.


New and emerging digital trends, such as cloud computing, mobile web services, smart grids and social media, are radically changing the business landscape — reshaping the nature of work, as well as the boundaries and responsibilities of enterprises.


Individuals at the other end are fast adopting these digital devices to keep them socially connected and to get their work done - be it online buying, paying utility bills, transferring money or booking rail and flight tickets. Most of these jobs are now done via designated apps, whose uses and spread have phenomenally increased with the rapidly rising app economy. Findings from App Annie suggest that between 2016 and 2021, the number of app users will almost double from 3.4 billion to 6.3 billion and the time spent in apps will grow to 3.5 trillion hours in 2021 from 1.6 trillion in 2016.


The increasing usage of the internet is leaving behind the problem of individual privacy as each online entry leaves behind footprints to be followed. When a user interacts on the internet, he leaves a trail of information behind him, which is known as “digital footprint”. When internet users communicate, use social media platforms such as Facebook, WhatsApp or make calls over telecommunications applications and use online services through apps or send electronic mail, they leave behind personal information.


What is digital privacy?


As the internet becomes ubiquitous the need to protect privacy too is turning into a bigger issue. But first, what is internet privacy? With more people and devices connected to the internet, the term digital privacy has become a household word, especially after increasing incidences of data breaches that compromised countless accounts across the world, causing users to worry about the risk of identity theft. While it is simply defined as the protection of information from private citizens who use digital media, its parameters are a little more ambiguous.


The ambiguity begins since different people have different comfort levels when it comes to digital privacy. A person may be comfortable sharing his personal details on the web, while another may not be so. The digital privacy then, is when the information available online about a given person is within his or her comfort zone.


People are willingly handing over their data to social media and search companies. When one creates social media profiles or post in social media platforms, all of that information gets stored on the site’s servers. And it is not these companies alone that could potentially access users’ information but there are chances that social media companies could share them with third parties.


Privacy means that not only do other people not have unwanted access to one’s information, but also that one can control what data may be made public and what would stay private. Many services on the internet require users to consent to broad privacy policies in their entirety to use a service. This is not a user-friendly, privacy focused model.


In a perfect system for privacy, users could opt in to specific data collection or usage. But in reality, the ways companies collect and use individual information are determined by the company’s privacy policy. Unfortunately, these are vague and hard-to-read documents that do not always give users a clear idea of how the company uses their data.


The responsibility of internet data privacy is a two-way street. While businesses have a great responsibility to handle customers’ information strictly for the purposes requested, and not to share it with a third-party, users too have responsibility to empower them in protecting their own data. Every individual is responsible for the privacy of their information and how much of it they decide to disclose. However, it seems that people often believe that the protection of their information is the responsibility of the website, social media, or online business that they are accessing.


This is why it is important to know and practice internet rights even if they are not properly defined. The precedents have already warned us of the risks. For example, the Equifax hack in 2017 compromised 143 million of American’s social security numbers.


 Why is internet privacy important?


Internet privacy or online privacy is becoming a growing concern for users all around the world. As the internet continues to evolve, and the number of websites, online products, services, and special applications continues to expand, the full range of potential internet privacy issues grows exponentially. Ironically, people still continue to share their personal lives on social media, losing the boundaries of how much they are exposing themselves by leaving a digital footprint every time they ore online.

The digital footprint can be used to infer personal information, such as demographic traits, sexual orientation, race, religious and political views, personality, or intelligence without individuals' knowledge and can expose individuals' private psychological spheres into the social sphere - putting the individual’s privacy at a risk. The personal and financial information is highly desirable to cyber criminals. With the theft of identity, a cybercriminal may be able to access user’s banking details, obtain credit cards or loans and create a trail of credit rating destruction - all in the user’s name.


Users’ personal and financial information is highly desirable to cyber criminals. With the theft of identity, a cybercriminal may be able to access the user’s bank details, obtain credit cards or loans and create a trail of credit rating destruction all in your name. The risks need to be mitigated as the number of debit card and credit card users have grown rapidly over the years.

This is evident in the increasing number of fraudulent transactions of debit card and credit According to RBI data, 52,006 fraudulent usages of debit cards, credit cards and internet banking were reported in the first nine months of FY 2020. The amount involved in these fraudulent transactions was `228.44 crore. In the previous year, some 52,304 fraudulent transactions were reported involving `149.42 crore. Between FY17 and FY20, a total of 140,471 cases of fraudulent usages of debit cards, credit cards and internet banking were reported involving `589.14 crore.


How to protect digital privacy?


Since the users leave the digital footprints themselves and the information at a risk are theirs, the primary responsibility to protect them lies with the users. For this it is crucial to have a better understanding of how personal data can be used either by companies or cyber-criminals. And having a better comprehension of internet rights will allow users to be empowered in controlling online privacy and making smarter decisions when managing data.


There is a wide range of steps one can take to secure private data. For instance, one must always log out of websites and apps once the job is done and avoid setting them to remember the username and password. One must also avoid using public web providers, especially when dealing with sensitive sites such as bank accounts.


When shopping online, one must try to use well-known websites with high-security levels and must avoid posting personal information such as private email, phone number, or home address. This data is vital to safeguard.


The same goes with social networks. It is up to the user how much information he wants to share or with whom he is willing to share it. However, it is quite easy to lose track of social network posts. Therefore, it is vital to set up privacy settings.


Google and Facebook, two of the biggest names of the technology world, are now subjected to criticism pertaining to spying on and tracking users’ data. Technically, these platforms track users’ activities, which users knowingly or unknowingly allow to happen.


But there are ways by which one can stop Google and Facebook from tracking. It would entail compromising some browsing features. For example, it can be done by disabling the location tracking option of the app by which the user can stop Google from tracking his/her location. The user also needs to disable location tracking in other apps as they may be serving ads via Facebook.


Both Google and Facebook build an advertising profile of users, where they target ads based on users’ preferences. They do this by tracking users’ web activity and show them the most relevant advertisements. Though they say it’s for your own good, your privacy is compromised. This can be stopped by disabling the ad personalisation option.


Experts claim that these steps will guarantee that Facebook and Google get fewer personal data like location, online activity, and preferences, but it will also affect browsing experience which won’t be as seamless.


Government legislations to protect internet privacy


But while individual internet users take safety measures to protect their online privacy, the government needs to facilitate them by articulating users’ internet rights and by taking measures to protect private information.


In fact, with the advancement of digitalisation and the misuse of personal data by web companies, most of the governments across the world have enacted laws to stop this menace. When it comes to internet rights and legislation, the European Union has taken leadership. The EU General Data Protection Regulation (GDPR) enforced by the European Union parliament in 2018 regulates internet rights and legislations in Europe. The legislation is designed to harmonize data privacy laws across Europe, protect and empower users’ data privacy and reshape the way organisations across the region approach data privacy.


In the United States, data privacy isn't as highly legislated on the federal level as most of the other countries on this list. Like with many issues, the federal government leaves a lot of the details up to each state. Laws also differ depending on the industry, which results in a confusing mess of rules and regulations for American website owners.


The world's largest online users, China has unveiled its draft law on personal data protection last October, a significant step to address the long-held problems of leaks and hacks. The draft clarifies the definition of sensitive private data, including race, ethnicity, religion, biometric data, medical and financial data, and personal trajectory. The draft law proposes to impose hefty fines to those breaching legal provisions - hoping that it will discourage organisations and individuals who have been illegally collecting, using and trading personal information for profit. 


In India, the Personal Data Protection Bill, which proposes to put restrictions on use of personal data without explicit consent of citizens, is likely to be tabled in the next year's Budget session. The draft bill, approved by the Cabinet in December 2019 proposes setting up a Data Protection Authority of India which will see that provisions of the bill are adhered to.


Currently, India's most comprehensive legal provisions that speak on privacy on the internet can be found in the Information Technology Act (ITA) 2000. The ITA contains a number of provisions that can, in some cases, safeguard online privacy, or in other cases, dilute online privacy. 


In 2012, the Report of the Group of Experts on Privacy was published by a committee of experts chaired by Justice A.P. Shah. The report created a set of recommendations for a privacy framework and legislation in India. Most importantly, the report recognised privacy as a fundamental right.


The present bill was drafted following a Supreme Court judgement in August 2017 that declared Right to Privacy a fundamental right. As per the provisions of the bill, all internet companies will have to mandatorily store critical data of individuals within the country. However, they can transfer sensitive data overseas after explicit consent of the data owner to process it only for purposes permissible under the proposed legislation.


Critical data will be defined by the government from time to time. Data related to health, religious or political orientation, biometrics, genetic, sexual orientation, health, financial, etc. have been identified as sensitive data.


Even though the bill empowers the individual with certain rights, it entitles the government free access to personal data under wide reasons including national security, sovereignty, integrity etc. This may lead the state to intrude in the lives of the citizens - defeating the purpose of the bill. And if the main purpose of the bill was to protect the privacy of the individuals, the provisions pave the way for state surveillance.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.