Data Privacy: Why it remains an elusive proposition? - Part 1
During the pandemic while people were restricted to their homes and brands had fewer channels available for their communication, we witnessed a massive transition to digital. People used digital platforms via their devices not only for consumption of content but also financial transactions which resulted in growth for the digital sector. The pandemic slated the essence of the "new normal" and in today's time, every business is looking at digital in a completely different way as it takes a larger share of the media pie.
Defining this transition to digital, Inmobi presented some interesting stats in its report titled ‘Building Resilient Brands: The Era of Mobile - Marketing Maturity’:
321 million new internet users
25% worldwide downloads growth in peak month H1 2020 vs H2019
$143 billion worldwide app store consumer spend in 2020
2 hours spent on mobile by the average user in April 2020
6 tn hours spent on mobile worldwide in H1 2020 alone
$240 billion mobile ad spends in 2020
734 million monthly active internet user base whose primary device is mobile
14% of worldwide app downloads were driven by India
300% higher app download growth compared to global average
8 hours spent on mobile by the average user in April 2020
37% growth in time spent on mobile
11 GB data consumption per user per month
Concern vs Awareness
Today as digital consumers, we are all extremely worried for the safety of our data. New devices like Google Home and Alexa, growth in mobile devices and digital being used for transactions etc have further fueled this concern. But, how aware are we? Do we understand how data is collected and how do we protect ourselves?
The way the digital economy functions today, data is capital for every business. With the growth in technology and AI, data can and is being collected from several sources. Any app that you install today, there are certain permissions you give as a user after which you can use that app. Your data is collected via that app as a '1st Party' source which can then be used to target you as a consumer on other platforms.
Every noticed how a product you searched for on an E-commerce platform like Amazon or Flipkart suddenly appears in the form of an ad on your Google Searches or on YouTube? That's how it's done. Platforms and businesses can also use already existing data from "3rd party" sources to recognize you as a user and build your profile.
Today, this is a standard practice of the industry and what conversations over data privacy have done is brought awareness on these practices. Mihir Karkare, EVP of Mirum India says, "Data Privacy is a critical issue. The first step towards in confronting such an important issue, is awareness. The Whatsapp case that happened recently was a godsend in that way – because it really contributed to this first step – a lot more people are aware and talking about data privacy today."
Anup Cheruvathoor, Chief Technology Officer, Consumer IOT at Hero Electronix says, "The WhatsApp controversy has brought focus to things which are done by all Tech majors already. The main business model in most of the big tech to collect, use, and distribute the data for purposes of targeted advertisement, promotions and large predictions on trends in the consumer markets. The controversy has bought focus on the fact that it is difficult to bring the data driven business models to scrutiny." He adds, "It is important that users are clearly told what data is used for what purpose and how much of that is shared with third party actors. Right now all of these are hidden in lengthy legalese meant more to obfuscate rather than educate users of their data rights. It is India’s time to bring in robust data protection laws."
Ravi Kikan, Head Marketing and Growth, ZingHR, further emphasises on the importance of data privacy provisions and says, "The challenge lies with government agencies, government departments, large technology organizations and start-ups dealing with volumes of user data as data privacy protection puts additional cost burden. But the implementation of privacy provision is the need of the hour."
India's Data Protection Bill (IDPR)
When it comes to data privacy and security, the Data Protection Bill in India is a very important conversation to have. The Bill was introduced in December on 2019 and since then it hasn't been tabled leading to a massive delay. However, growing concerns amongst the citizens as finally led to the growth of importance of this Bill. The Data Protection Bill covers many key areas. According to the Bill, businesses need to inform users that their data is being collected and their consent needs to be given. Users can also withdraw consent, and this means businesses need systems and processes to ensure they can comply. The Bill also states that businesses need to organize themselves in a way where data privacy consideration is adopted throughout the company. Data that is classified as sensitive and critical needs to be stored in India only. Also, The Indian Government reserves access to non-personal data and non-compliance will lead to financial fines.
Giving his perspective on the Data Protection Bill, Pankit Desai, Co-Founder and CEO, Sequretek says, "The IDPR is fairly exhaustive and is pretty good, but it needs to pass. The fact that it is delayed so much itself reminds one of the phrase “justice delayed is justice denied”. There will never be a perfect law, but it needs to get out and there can always be tweaks made to it later."
Shradha Agarwal, COO and Strategy Head, Grapes Digital says "The Data Protection Bill is the need of the hour, which would control the collection, processing, storage, usage, transfer, protection, and disclosure of personal data of Indian residents. The government is keen that data cannot be misused by any company, and will reserve the right to safeguard its defense and strategic interest." She adds, "I certainly believe, the new bill will be focused upon to protect individual’s privacy, and to have strict laws against data theft issues so it could not be used by any red hand."
Harshit Jain, MD, Founder and CEO, Doceree, remarks, “At least it is a good start. The Bill mandates setting up of Data Protection Authority to look at any discrepancies and take required action against those messing with citizens’ personal data." He adds, "The parliamentary panel examining it has recommended 89 amendments and 1 new clause and it is yet to be seen what concrete shape it will take when finalized. But one thing is sure that its enforcement would make companies no longer use personal data without consent of citizens and that would be significant step."
Around the Data Protection Bill of India, there have also been conversations on the similarities it has with the European Union's General Data Protection Regulation (GDPR) and whether the Indian market needs something similar or completely different. Giving his perspective on this, Kumar Ritesh, Founder and CEO, Cyfirma, says, "Cybersecurity maturity level between EU and India is vastly different. To implement GDPR in India would not be suitable. The Data Protection Bill is a good start for India, and we’d need to explain the importance of this bill to businesses and showing them exactly how to implement the new processes."
However, Jain gives a completely different perspective and says, "Absolutely yes. India is a vast country, fast becoming digitally driven. When enormous amount of data is being generated every day, then the need to introduce a strong regulation such as GDPR becomes all the more essential."
Is Data Privacy an Illusion?
With data being equivalent to gold in today's digital ecosystem, many feel that Data Privacy is just an illusion and cannot exist in the world we live in today. With millions of devices across the globe and people using digital platforms in different ways, there are thousands of touch points from which data is being constantly collected and since it is capital for the market, existence of Privacy has a big question mark on it. In India, digital ignorance, many businesses still not taking privacy seriously and the sheer volume of data being collected and further ignited the concern.
However, many still believe that if the ecosystem – right from the user to massive organisations and even the Government, come together for standardized norms, data privacy isn't a farfetched thought. Ritesh says, "Data security is not an illusion. We have heard about data breaches occurring so frequently that there is no doubt some businesses are feeling helpless.But it does not have to be this way. To avoid data breach and minimize digital risk, businesses need to adopt basic cybersecurity hygiene: Build basic level of cyber hygiene by focusing on 4 pillars - people, technology, process, and governance."
Desai adds, "I don’t think so, encryption is ensuring that traffic between two endpoints is secure. The issue in not about data encryption, it is about the rights that we as users willingly give up to these platforms for using them. Once you give up the rights, your metadata is available for them to use the way they want it."
Giving his perspective, Jain says, "There's no such thing as perfect. There could be flaws in the system which hackers can take advantages of. Having said that, it doesn't mean that we can deem it useless. Instead, we should focus on how we can make it even more secure. The loopholes would always exist and we would need to work on fixing them before they do immense harm."
While the concerns over data privacy grow along with the massive growth that the digital ecosystem witnessing, it very important for us as users to understand the importance of data privacy and protect ourselves from any kind of theft or breach. Digital awareness is more important today than it ever has been and the entire ecosystem along with the a government and taking it more seriously. While businesses and the government take important measures to ensure data privacy, it is important for us as users to play our role in this ecosystem and ensure safety and security for all.
In Part 2 of this series, we will focus on the thin line separating UX and Data Privacy, how do data breaches happen and the future of data privacy in India and the global markets.