In the backdrop of the ongoing debate over data privacy, data localization and right to privacy, an alarming research has come to fore.
Researchers from the International Computer Science Institute (ICSI) in the US identified 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission, news portal CNET reported.
Data privacy also called information privacy, is the aspect of information technology (IT) that deals with the ability an organization or individual has to determine what data in a computer system or a mobile phone device can be shared with third parties.
The study published on the FTC website cited 153 apps, including Samsung’s Health and Browser apps, which are installed in more than 500 million devices.
Recently, the Supreme Court of India has expressed concerns over inroads made into an individual’s right to privacy in the digital age and called for a data protection law proportionate to the purpose for which data is collected and stored. Justice D.Y.Chandrachud said, “Informational privacy is a facet of the right to privacy. The dangers to privacy in an age of information can originate not only from the state but from non-state actors as well.”
The Supreme Court categorically recognized certain data protection principles such as data minimization (restricting collection of data to data necessary for stated objects or purpose), purpose limitation (limiting the scope of purpose and using the data only for such purpose), data retention (retaining the data only for a limited period necessary for the purpose) and data security as relevant factors in determining whether the provisions of particular legislation was in conformance with an individual’s right to privacy.
The internet is a powerful tool, and it is increasingly intertwined with our lives. Digital data in India was around 40,000 petabytes in 2010; it is likely to shoot up to 2.3 million petabytes by 2020, which makes it necessary to take steps to protect the personal information and privacy.
Effective data protection in India will require a strong regulatory framework with a hierarchy of data regulators that can protect our basic rights irrespective of our understanding of complex digital setups and levels of consent. Also, any solution that is solely based on the detection of privacy violations and subsequent punitive actions is unlikely to be effective. The technology to support such regulatory functions exists, what is necessary now is an effective and rights-based data protection law, and the will to build the required regulatory capacity.