“I think if you draw out a distinct parallel between iOS ecosystem and the Android ecosystem and I’m sure people who have played with enough with the platforms, they do realize that Android lends itself to a lot more data [collection] which otherwise is not possible on iOS,” Manav Sethi, Chief Marketing Officer at ALT Balaji remarked about permissions which are sought by the two biggest app ecosystems in the world, at the #NAMAprivacy conference.

“Now, who do you go depute that responsibility to, is anybody’s guess, right? Is there a rule of law which allows them or disallows them not to do that, again I guess that’s anybody’s guess,” Sethi added. He added “history has taught us that regulation has always had a laggard approach in catching up with technology. And that’s where I feel that rule makers have a very important role to play: To create that kind of regulatory regime that compels all the players at play to ensure that they are compliant.”

However, in the absence of laws on data collection or data regulators, Malavika Raghavan, project head for the Future of Finance Initiative at IFMR Finance Foundation, said that app stores and intermediaries should take on more responsibility for the nature of data collection.

“The app stores are only part of the solution. The app stores say they’ve started doing more hygiene [checks for apps on their platform]. But we should think about what should providers be doing beforehand and what they can do directly instead of getting other people to do that for you. The incentives aren’t aligned for app stores necessarily, where Google wants to put more apps up and of course, they want safe apps and they’ll do testing only till that point,” she added.

Number of permissions sought: Permission Fatigue

Raghavan pointed out that many users experience a bit of “permission fatigue” where they are unable to make an informed decision when an app asks for multiple permissions to access data. She pointed out to banking and finance apps.

“So what we did was look at the app permissions of financial apps which we scraped from the Google Play Store – about 1000 apps from the finance category – and we just took a look at permissions and what is going on there. And it is interesting to see banking apps especially taking anywhere from 2-34 permissions. We took one banking app which took 34 permissions and another one which took two to perform the same service. One of them was Bank of Baroda and the other was the Indian Overseas Bank app. Bank of Baroda’s app took around 34 permissions,” she said.

“One is there is essential data that needs to be given and an opt-out service and why aren’t we making that distinction. Consumers may not care because they don’t know what’s behind the hood,” she added.

Clients building databases without permission

Meanwhile, Hitesh Oberoi, the CEO of Info Edge which runs online services such as Naukri (a job seeker platform) and Jeevansaathi (a platform for people looking to get married), added another dimension to the nature of permissions and preferred not to mix two different databases.

“We don’t even use Naukri data for Jeevansaathi. You know a lot of people ask: there’s a 23-year-old guy who is looking for a job and wants to get married. Why don’t you use the data from Jeevansaathi as well. We don’t because we don’t have permission,” Oberoi said.

He also described how Naukri and Jeevansaathi’s business model works. “It is a free registration. You can upload your profile where they have some mandatory fields such as location so that the user gets discovered in the search. Beyond that, there aren’t  too many fields which are mandatory. You can also attach a Word document as a word CV. There is no financial information or any sort of thing….. So you can apply various filters and narrow down the result set. Then post that, you can send an email. If you’re interested in a person, you can send an offer or contact them on phone. So how our business model works is that we sell access to the database for a fee and in that you get to see a limited number of limited numbers of profiles,” Oberoi said.

However, this would lead to a situation where other companies and recruiters will start building their own databases without the user’s permission. So Oberoi mooted for tweaking the company’s model to recommendation system to limit the data misuse.

“We would ideally want to move to a system where today we are more search driven and move to a recommendation-driven system. We want to do the same thing on the recruiters’ side as well. So we want to move away from giving the entire database where we tell recruiters to look for whoever you want,” he added.

Data privacy law and information asymmetry

A member of the audience pointed towards information asymmetry being an advantage for some companies: “The fact that there is information which is not balanced, that’s how business models have been configured. My question is, once these rules come in on collection through the data privacy law, are business models geared to them without threatening the business model itself? The fear is that Google collects too much data, Amazon collects too much data because there is no law. Now the rule will come.”

To this, Sethi responded by saying that “The objective reply to that is: yes. None of these businesses have an underlying model of exploiting the data. The data became a collateral. Fact of the matter is, you take any country and any jurisdiction, any app and including the US Social Security number as well, they have been leaked in the past, right? I am believing in the blockchain leap. Any amount of data, any secure place on the planet will not be enough. Objectively, once the rules are in place, business will evolve because the underlying models were never built on the exploitation of data.”

Data used for political opinion making

We have seen how analytics firm Cambridge Analytica helped to manipulate voters in the 2016 US presidential election and the Brexit vote by building psychological profiles through metadata on social networks. Ankit Lal, campaign evangelist at the Aam Aadmi Party (AAP) raised some concerns on political opinion making where the party was offered data on users from unlikely sources.

“We deal in the business of political opinion making. And all sorts of operators approach us with data sets. And I want to share three anecdotes. During the 2015 election, we were approached with data of people who did coaching from a certain institute saying that these people might be earning quite a bit right now and these are the people who you can approach for fundraising. We were also approached with a lot of BTS data (the mobile tower data) saying that these are the kind of people living in this area and you can target with the media you have. So we were also doing a number of IVR based campaigns and people approached us and said that you can target people who are listening to your speeches on TV on TV through Google apps. They take permissions for audio pixels where we pick up audio and we can target them with data through mobile. And this is all happening in 2015. By 2017 all these operators will be evolved much more,” Lal said.

Lal also called for regulation in this regard.  “We are very behind in terms of what operators are doing in terms of manipulation, in terms of what they’re selling in the market. A segmented standardization approach for data is needed right now. We are talking about what kind of data can be used, but it is already being used in our emails, inboxes and all sorts of SMS. It up to us to now think in policy approaches where it can be stopped. The question or not whether it has started. It is already a business which is running worth millions,” he added.

***

Updates: Malavika Raghavan sent in slight modifications to what she said, to provider greater specificity, and this post has been updated to reflect that.

The #NAMAprivacy conference was supported by Google, Facebook and Microsoft. To support/sponsor #NAMAprivacy discussions, contact harneet@medianama.com