1.INTRODUCTION
In this digitalized era of the 21 century, privacy is claimed to be ‘dead’ or a ‘myth’. With the rise of e-commerce, it has become even more difficult for the owners of various websites and online companies to enforce certain laws and to keep the consumers data and information safe and private. However, there are various technologies one can invest into to safeguard confidential information, but it is at the same time very expensive.
Coming to the simplest idea of the internet, one’s internet service provider not only knows all the websites you have visited every day, but also who has sent you emails, who all you have emailed, the content of all these emails etc. Every time someone makes an online payment from any website, be it a retail store or an online food delivery application, the details of your credit card and personal information is seen and recorded by someone somewhere.
The 21st century or the digital age are in “privacy paradox”. This has been suggested by a meta-data analysis by harvard business review. It says that people’s concerns about data privacy doesn’t make them take necessary actions for data protection.
2.ADDRESSING IMPORTANT QUESTIONS
What should the 21st century laws achieve?
Any privacy related law passed for the citizens of the country should have clear and simple objectives which are achievable by the companies. Data not required by websites to process a task, for example unnecessary personal information which buying something online must not be asked in the checkout process, if not required and if it is a sensitive information.
Choosing from complete isolation from the world or totally being transparent?
The world has come to a stage where we can’t choose to have partial security or privacy. Wanting to safeguard your personal data completely also means you can never choose to rent out /stay in an apartment in Airbnb privately. The more technologically advanced the world is turning out to be, the more transparent our lives have become. Technology has advanced to stages where AI, Big Data and the Internet of Things can predict and determine what your choices and tastes are before you figure it out for yourself.
Why being transparent is good?
Apart from the fact that consumer data is being sold to extract information, and to sell personalized products to customers, which isn’t ethically correct, privacy not being present can
be for the good. Such technologies that help understand human behaviour through their actions online, has also been helpful to detect cyber crimes, restrict terrorism, getting essential information for a better government and perhaps even expose corruption. These advantages does make technology and the no-privacy present less worrisome.
Should the companies allow you service even if you deny to their terms of service as part of data protection regulations or laws of a country? Or Should one have the right to negotiate the terms of service or request changes to them ?
The social media websites and most of the e-commerce websites make you agree to their terms of conditions , without which one cannot access their services. It is more of like a unilateral agreement and the services offered are so lucrative or in demand that one chooses their services over privacy.
The companies who come under the GDPR in Europe, PDPR in Singapore and many others similar data protection laws need to comply with certain rules and regulations.Therefore, companies can no longer use, sell or do anything else with the personal data of any individual without their consent.But it doesn’t even stop them for denying services for not giving consent for their data privacy policies and terms of use.
2.1 LANDMARK JUDGEMENTS
Aadhar Project ruled by the Supreme Court of India as Constitutional with the some scope limitations.
There was a concern that the aadhar project was in violation of the right to privacy(one of the fundamental rights – article 14, 19 and 21 in the Indian constitution)of the citizens of India.
The main arguments were that the project forces the citizen being issued the card, to part with it’s biometric information and thus it could be misused during authentications or the data collected may get compromised in the future.
Also, the transactions information done through aadhar enabled payments or with bank accounts linked with aadhaar numbers maybe used to do profiling of citizens and track movements and analyze the habits and manipulate behaviour of individuals. The supreme court supports all the welfare and good it will do in the society by providing dignity and identification to the marginalised groups of the country. Also, it will allow such groups to reap the benefits of the various social schemes the government has and will introduce in the future.
The court in the landmark judgement mentioned that parting with biometric information is a minimal violation of privacy as the benefits far exceed the issues surrounding privacy of an individual.But there was an imbalance created where in the one had to forego data privacy for social interests.
There was another issue i.e. biometric failure rate was at 0.23 % i.e. about 2.17 million people.
Therefore, the following judgements were made –
1.The project was not to be shelved.Only the current aadhar framework was to be changed to comply with the right to privacy law of the country.
2.The data collected is not “minimal” and therefore there should be safeguards in place to ensure that the biometric information system is not compromised and the failure rate of even 0.23% is not acceptable(Rai, 2018).
3. The Supreme Court ruled that Mobile phone operators, banks and other private entities are no longer authorised or given permission to collect or demand the customer’s Aadhaar numbers.Also, a proposal was given to the government to come up with or draft a good data protection law for the country(India)
2.2 EXEMPLARY STATUTES
- The Federal Trade Commission Act (FTC)[1914]:
This act regulates the unfairly portrayed or deceptive commercial actions. It is one of the maid regulators in the privacy area and brings enforcement actions against companies that fail to comply with the policies and hamper with personal information security. - Electronic Communications Privacy Act (ECPA) [1986]:
This act enforces law against wired, oral or any other form of electronic communications from unauthorised use or disclosure of information or data. - Computer Fraud & Abuse Act (CFAA) {1986}:
Enforces law against any unauthorised access of a computer with intention of obtaining certain information or anything of value, transfer any harmful item or direct unauthorised or irrelevant traffic or passwords. - Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM ACT) [2003]:This act governs posting or accessing unsolicited material, be it an e-mai or any visual content and prohibits misleading information which further requires senders to disclose a valid opt-out mechanism that are subject to criminal penalties.
- Financial Services Modernization Act (GLBA) [1999]:
It regulates the collection and the processing or the disclosure of the information collected during a payment or transaction occurs, it further requires a written information security system and customer notices. - Children’s Online Privacy Protection Act (COPPA) [1998]:
This act requires certain consent from the parents before collecting, using or disclosing private information from children under the age of 13. It requires websites to post an online privacy policy, collect only the necessary and reasonable information for security. (“Internet Privacy Laws Revealed – How Your Personal Information is Protected Online”, n.d.)
2.3 ILLUSTRATIONS
(Source: https://brandongaille.com/wp-content/uploads/2015/04/Internet-Data-Mining-Facts.jpg)
(Source: https://www.criticthoughts.com/guides/the-ultimate-privacy-guide/)
(Source:
https://economictimes.indiatimes.com/small-biz/policy-trends/60-online-users-fear-unauthoris ed-data-collection-only-11-users-read-privacy-policies-survey/articleshow/68355981.cms)
3. PITFALLS INVOLVED
Online privacy issues have been a hot topic for the recent years, but there are several reasons why it will take a while to solve these issues.
The first reason is the “policy vacuum”, which means the development of privacy protection laws is slower than the development of technology, leading to the situation when there is no policies or the existing policies are inadequate to deal with privacy issues. Without proper legal guidance, companies tend to act in their best interest, collect private data to improve their products and services to gain competitiveness. The advance of technology and increasing market competition lead to high variety of how data is collected and used, which makes it more difficult to come up with adequate legal guidance for online privacy protection, especially when it affects the benefits of several companies and organizations.
Another reason why online privacy issues remain is because of user’s reluctance to take actions. People have raised their awareness of the online privacy issues, but while many of internet users do not believe that their online data is safe, their behaviours show inappropriate privacy protection. This phenomenon is called “privacy paradox”, meaning that the inability to translate privacy concerns into protective actions. Users enjoy the so-called free services on the internet, such as social media platforms, to the extend that their perceived benefits from these services outweigh the perceived privacy risks. Users also tend to believe that they will not be the victim of privacy harassment, which is human’s vulnerable response toward risk-related issues.
4. WAY FORWARD
Development of surveillance methods?
With the continuous development in technology, several countries would adopt to using new innovations to improve the security of the country. Some think that security prevails and overrides privacy and hecne think that the future needs to focus more on customer protection than thinking about every individual’s private space.
Convenience over privacy?
The future prediction about privacy states that consumers will stick to convenience by sacrificing privacy in certain situations. For example, searching for some information on DuckDuckGo, which is a private network will not invade/ask/store any of the customer information, but it will also not yield personalized search results. While on the other hand, google will ask for basic customer information and provide more effective results.
Standard of privacy
Similar to the difficulties to govern the cyber transaction in general, the jurisdiction regarding online privacy also requires an uniform standards of privacy globally. For example, a global
company may collect data in one country and process those in another country, leading to the difficulty in deciding the regulatory framework to apply. Currently, some countries are requiring foreign companies to store and process data on domestic servers to protect domestic user’s online privacy. This act is believed to be a trend in more countries.
Negotiation of terms of service , before giving consent for using one’s personal data
The companies and individuals should now get into bilateral electronic contracts.This would mean customised or modified terms of service for each individual who wish to use and get access to the services of the companies i.e. social media websites and ecommerce websites.
This would make the policies more customer centric and also provide data privacy till the extent that any individual thinks is appropriate for them or suits their needs.
REFERENCES –
- Rai, P. (2018). The Indian Supreme Court’s Aadhaar judgment — A privacy analysis. Retrieved from:https://iapp.org/news/a/the-indian-supreme-courts-aadhaar-judgement-a-privacy-perspect ive/
- Geer, D. (2017). Retrieved from:https://www.business2community.com/cybersecurity/top-5-predictions-future-internet-pri vacy-01798441
- IFLA (2018). The future of online privacy and the security of personal data. Retrieved from:https://trends.ifla.org/expert-meeting-summary/the-future-of-online-privacy-and-the-secu rity-of-personal-data
- Internet Privacy Laws Revealed – How Your Personal Information is Protected Online. Retrieved from:https://legal.thomsonreuters.com/en/insights/articles/how-your-personal-information-is-pr otected-online/
