Mobile Internet

Data Privacy at Risk, Reveals a Recent Study

Data Security

In the backdrop of the ongoing debate over data privacy, data localization and right to privacy, an alarming research has come to fore.

Researchers from the International Computer Science Institute (ICSI) in the US identified 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission, news portal CNET reported.

Data privacy also called information privacy, is the aspect of information technology (IT) that deals with the ability an organization or individual has to determine what data in a computer system or a mobile phone device can be shared with third parties.

One of the apps mentioned by name was Shutterfly, which is used for editing photos. It had been gathering GPS coordinates from photos and sending that data to its own servers. In a statement, Shutterfly said: “Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement.”

The study published on the FTC website cited 153 apps, including Samsung’s Health and Browser apps, which are installed in more than 500 million devices.

Recently, the Supreme Court of India has expressed concerns over inroads made into an individual’s right to privacy in the digital age and called for a data protection law proportionate to the purpose for which data is collected and stored. Justice D.Y.Chandrachud said, “Informational privacy is a facet of the right to privacy. The dangers to privacy in an age of information can originate not only from the state but from non-state actors as well.”

The Supreme Court categorically recognized certain data protection principles such as data minimization (restricting collection of data to data necessary for stated objects or purpose), purpose limitation (limiting the scope of purpose and using the data only for such purpose), data retention (retaining the data only for a limited period necessary for the purpose) and data security as relevant factors in determining whether the provisions of particular legislation was in conformance with an individual’s right to privacy.

The internet is a powerful tool, and it is increasingly intertwined with our lives. Digital data in India was around 40,000 petabytes in 2010; it is likely to shoot up to 2.3 million petabytes by 2020, which makes it necessary to take steps to protect the personal information and privacy.

Effective data protection in India will require a strong regulatory framework with a hierarchy of data regulators that can protect our basic rights irrespective of our understanding of complex digital setups and levels of consent. Also, any solution that is solely based on the detection of privacy violations and subsequent punitive actions is unlikely to be effective. The technology to support such regulatory functions exists, what is necessary now is an effective and rights-based data protection law, and the will to build the required regulatory capacity.

-Aditya Patil

Comments (8)

  1. Effective content. Data regulatory schemes must be launched not only on paper but practically.

  2. Very nice informative article,it’s really the need of the day coz the content is quite alrming about personal information and other data which we don’t wanna revel

    • Thanks a lot Dr. Swapnil. It’s our pleasure that you liked the article. Please keep visiting the website for more such interesting content in the future.

  3. A thoroughly researched and sound write up!

    • Thanks a lot, Ankita. Your comments and feedbacks are much appreciated. Please keep visiting the website for more such interesting content in the future.

    • Thanks a lot, Sushil. Your comments and feedbacks are much appreciated. Please keep visiting the website for more such interesting content in the future.

Comment here