Data Privacy:

The recent revelation from the data breaches has raised awareness about the absence of provisions governing protection of personal information in the digitized era. The issue highlighted was that the users gave deemed consent to use the information which was assumed to be irrevocable for free access on different platforms even though the potential use of personal data was not provided to them. The prevailing laws limit the use of personal data only for the purpose for which the data was provided. The Information Technology Act, in this regard provides protection of sensitive personal data, security practices and procedures to be followed by organisations dealing with sensitive personal data. The numerous technological measures subsist through which these risks can be reduced. But pertaining to maintenance of privacy, certain ambiguity still prevails which could be analyzed through instances which happened recently in cyber space.

The bulging debate over the PMO India App data leakage controversy has raised concerns pertaining to the privacy of users. This led to requisite revision of existing provisions on the intermediary liability for making service providers liable for the unauthorized access to and use of the third party data. The regulations concerning mobile application service providers have not been defined or adequately dealt with under the Cyber Laws or Information Technology Act. However, these services providers are termed as intermediaries, mandated to exercise due diligence while discharging their obligations under the law. The data localisation needs to be examined in this regard to protect the data users and the sovereign interest in the cyberspace.

The mishandling of user data could also be seen through the crisis which arose when Cambridge Analytica, firm improperly accessed the data of millions of Facebook users. The social platform had provided access to app creators and researchers for conducting their own studies but later in 2015 clamped down the access, citing user privacy concerns. The social network has tab on users profile and personal information including name, profile pictures, networks, religious and political affiliations, relationship interests, work and education histories and much more. This information was accessed by the developers and targeted by the advertisers.

The eventuality of leaks persisted when the market regulator SEBI chased set of serious cases of insider trading involving leaks of vital financial information over Whatsapp about leading stocks in the market. The encryption offered by the network posed difficulties for the regulator to conduct raids and seize evidences in this manner, as the data captured is only for targeting ads and not to access investigations. The insider trading is a serious offence but due to unchecked mass circulation of unsolicited trading tips on the SMS it becomes complicated for the regulators to trace such information.

The occurrences of data breaches pose responsibility on the policy makers to reset laws to provide effective remedies to people prejudicially affected by unauthorized access of personal information. The privacy policy shall be formulated clearly stating that the personal information and contact details of the users shall remain confidential and shall not be used for any purpose other than communication purpose. This would entail the app developers to access such information based on the consent of the user and not accessing personal feeds from social networking sites. Third party data sharing will clearly be defined under the proposed privacy act. The right to removal of content shall also be revised permitting individual removal of content through court order or any specific government authority if the content violates any law.

The Telecom Regulatory Authority of India (TRAI) also seeks to regulate the flow of data from users to the app makers while defining as to what comprises the personal information for recommendations on the data ownership, privacy and security. The users ought to negotiate with the companies and government agencies for deciding the usage of their personal data to prevent the irreversible damage; otherwise they would be subject to such continual exploitation.

India can be the trailblazer in shaping the rules for the data world. It has become data rich with over 450 million internet users. Recognizing the potential of providing timely legal recognition to new technology, Indian government has begun to take steps. The Government shall stride cautiously to create the right environment for technologists to keep innovating, while enacting the protection laws in the interest of the rights of its netizens, which in turn will help India to emerge as a destination for outsourcing such services. In an ever-evolving world regulatory agility, gives competitive advantage to the jurisdiction which promotes it. Innovators tend to flock to countries where regulation leads innovation, ultimately resulting in economic development. The policy makers require to rethink the role, legal system could play in enabling and fostering innovation in consonance to the right against infringement of privacy.