The present episode needs to be a deep wakeup call for the Indian nation.
Bengaluru: Content and technology firms — be it Facebook, Microsoft, Google, Apple or Whatsapp — have been dealt with greater amount of leniency by regulators and governments globally, said experts in the wake of the Facebook fiasco.
These firms have gone overboard and started taking undue advantage of customers’ excitement for internet-driven technologies and connectivity, said Dr Sridhar, an authority on data regulatory issues, also a faculty at IIIT-Bangalore.
“In most cases, no anti-trust laws are evoked against these companies even for grave customer right violations. The dominance of these companies are viewed only as emergence of leadership by governments and regulators. Because of their global presence, they become non-jurisdictional in every geography. Hope the Facebook fiasco will open up the eyes of regulators and trigger more stringent regulations,” said Dr Sridhar.
Facebook’s sharing of user data with Cambridge Analytica has attracted widespread attention, to the extent that the US Federal Trade Commission would be probing to determine whether user data had in fact been shared by Facebook with Cambridge Analytica.
Prashant Phillip — partner & practice head (technology) Lakshmikumaran & Sridharan Attorneys said, “The United States is very mature in terms of having data protection and privacy regime. It remains to be seen as to what impact this is likely to have on Facebook in the long run. However, owing to this incident, the reputation of Facebook has definitely taken a beating, with many users having started to delete their Facebook accounts.”
Supreme Court lawyer and well known cyber expert Pavan Duggal said, it is important that the governments, regulators, customers and technology and content companies take this as a wake up call as such scenarios can be repeated anywhere including India.
“India is a large internet economy. We have to come up with more stringent data privacy regulations before something big happens to us. Loss of physical assets can be easily restored while the damage involved in loss of personal data can never be repaired,” cautioned Mr Duggal.
He said that the recent episode has shown that no data is secure and that data repositories who offers free services are likely to keep on misusing personal data of individuals for their vested commercial interests. It is time that India needs to recognize the threats to its citizens’ data from such data repositories. It is time to strengthen the Indian Cyberlaw to make it having more teeth in the context of such misuse of data by intermediaries.
Further, the Indian approach on intermediary liability needs to be revised. The Government of India needs to make sure that intermediaries who are either having office in India or not but who are targeting Indian nation, must be complying with the Indian Cyberlaw, otherwise they could face legal consequences. The present episode needs to be a deep wakeup call for the Indian nation.
Mr Duggal said, “Indian Elections could potentially be targeted by third party data repositories. It is imperative that all steps must be taken to protect the sovereignty, security and integrity of India against unauthorized data misuses and breaches which could have a huge impact upon diminishing peoples’ confidence apart from misusing their personal details.”
The Supreme Court in India has established the right to privacy as a fundamental right. Although India presently does not have a specific law covering data protection or privacy, there are other regulations which do in fact provide some coverage in cases where user data is used or shared without their consent. For example, section 72A of the Information Technology Act specifically provides such a protection to user’s data. As per section 72A, securing access and providing ‘any material containing personal information about another person’ without consent of that person, or in breach of contract of a service is punishable with imprisonment or fine, or both. The section is however qualified by the fact that the intent behind securing such information should be to cause wrongful loss or wrongful gain. It remains to be seen whether sharing user information without their consent, which violates their fundamental right, would automatically result in a wrongful gain/loss to qualify such acts as an offence under the IT Act.