Multiple online profiling agencies graze on legally grey zones and collate private data without consent for commercial use.
As the problem is reaching menacing proportions, it calls for stringent regulations in the domain.
What are some of the common cases?
Sitting in front of a computer or using a smartphone in the comfort of our homes, we might think that the world doesn’t know what you are up to.
But every click online creates an indelible data trail that is being capitalised by data hawks who’ve set up the infrastructure to monetise on them.
This intrusive trend can significantly compromise ones health status, schedules, food and sleep habits, educational profile etc...
Broadly there are two modules that are used for data mining from unsuspecting users, who happen to part with their data.
Cloud Breach - Information shared through e-mail is thought to be inherently secretive and that only the intended receivers get access to it.
But information gets regularly breached and shocking cases of “add targeting” based on the content of personal e-mails have also come up.
Notably, one of the contenders claimed that he disclosed his planned tour only to a firend over mail, which has his browser being flooded with related ads.
Hence, even harmless data about your itineraries, your financial statements etc, that is stored in your personal email cloud might not be all that secure.
Data Brokering - Applicaitons that compare and contrast various services presently aplenty online, most of which don’t have a clear data protection law.
These applications demand some basic contact information as a pre-requisite for accessing their services, which most users willing part with.
In many cases contact information is then outrightly sold by the promoters of the applications to marketers of the products you’ve been looking for.
Notably, sometimes even direct marketing calls are made if phone number had been inadvertently provided.
How does the data-brokerage landscape look worldwide?
Nearly 10 million open datasets are published by government agencies and non-governmental organisations (NGOs), annually.
While there are data sets that actually are aggregated with the concent of the user, the landscape is dominated by unauthorised accumulators.
Data brokers are companies that sell personal information of individuals online and there are an estimated 5,000 data brokers worldwide.
Incidentally, no data-brokering firms claims them to be one and rather they use fancy names for their services like - “customer engagement, data research, information services or marketing automation”.
But their work is the same - collecting data about individuals from many sources without consent from those who are profiled.
Crime investigators and data brokers actually perform a similar task – while the former profiles criminals to nab them, the latter works to target the public with suitable ads.
What are the challenges in the field?
Data Theft - Fraudulent websites that resemble the real ones are often set up where the unsuspecting online visitor will generously offer his or her details.
But crack down on clones of even hugely popular online games like Temple Run and sites such as Flipkart, WhatsApp, Facebook has been lukewarm.
Data is also easily scraped from websites with poor security policies by hackers or even out-rightly sold by the promoters without consent.
Sometimes unsuspecting users don’t realise the implications of giving out their data on unsecure platforms and liberally share personal information.
Legal Gaps - Data brokering as such is not illegal but it does fall in a grey zone as the legal recourse in this regard is vaguely articulated at present.
Currently, provisions of the Information Technology Amended Act, 2008 (ITAA) is what governs the data framework in India.
While a stand alone “Personal Data Protection Bill” is under consideration to strengthen regulations, it may still take some time to come into force.
EU and Japan have laws that mandated consent of a data subjects in case of transmitting data to a third party or diverting it for unstated purposes.
There are also provisions that establish significant liabilities on data controllers, and individuals are entitled to compensations in case of a breach.
What is the way ahead?
Considering the potential implications of this new phenomenon – the policy makers and all other stakeholders need to be invested in finding a solution.
Organisations too need to look at the ethical considerations in collecting, storing and sharing data in a way that does not compromise individual privacy.
At an individual level, being more alert while leaving a digital footprint will go a long way in protecting one’s privacy and individual interests.
Using ad blockers, disabling third-party apps, auditing social media accounts and not sharing personal details at random online and offline sites are key.
It is also very important to educate and raise awareness in this domain among the younger generation.
