wordpress blog stats
Connect with us

Hi, what are you looking for?

Privacy without principles: another look at the Notice and Choice approach

MediaNama is hosting a full day discussion on privacy, called The Future of User Data in India, on the 6th of September 2017, supported by Google, Microsoft and Facebook. Apply to attend at http://www.bit.ly/namaprivacyapply. One of the key elements of current privacy discussions, and especially the TRAI consultation on data protection is the Justice AP Shah report on Privacy, submitted in 2012. This opinion piece by Bhairav Acharya looks at whether the framework suggested by that report is in consonance with current practices and needs.

*

Privacy principles born in the 1970s that still inform the law globally are now on the verge of obsolescence.

The prospects for consumer privacy in India have rarely been bleaker. A series of high-profile breaches and hacks reveal an economy thoroughly unprepared for safeguarding data privacy. But privacy suffers from something worse than widespread breaches: the state of the national privacy debate. Indian industry and civil society want regulation on the basis of a globally widespread set of privacy principles. The principles were born in the early 1970s in Europe and the US and have informed law ever since.

In 2012, a group appointed by the Planning Commission and chaired by Justice Ajit Prakash Shah proposed an extended version of the principles for India. But while they worked well for the last 40 years, the principles are now on the verge of obsolescence.

Notice and choice

The nine Shah principles pertain to notice, choice, collection limitation, purpose limitation, disclosure, access, security, openness, and accountability. The first two together create the “notice and choice model” of consumer privacy. A service provider provides notice in the form of a privacy policy and a consumer exercises choice by clicking the “I Agree” button.

Advertisement. Scroll to continue reading.

In a free market, the belief went, service providers would compete to offer the best privacy terms for consumers to select. But it has not worked out that way. Privacy policies are too convoluted to understand. That may be a deliberate ploy by lawyers or an unavoidable reality due to the complexity of commercial data practices.

Choice is meaningless because there are no popular alternatives to mainstream data practices. The model has failed to create an informed consumer base to demand better privacy from service providers. In surveys, consumers claim to value their privacy but in practice, they sacrifice it for incremental convenience. There is a yawning disconnect at the heart of the notice and choice model.

Big data

Big data endangers the principles. Broadly speaking, big data refers to the massive amount of data collection taking place on a daily basis. Inevitably, new uses are found for that data beyond the purposes for which it was collected. For instance, roving location data collected from phones could help cities plan efficient mass transportation.

More data means more uses, so more data is collected. But the principle of collection limitation, which restricts the amount of collectable data, directly conflicts with big data. The principle of purpose limitation, which restricts how data can be used, prevents that data from being repurposed for new uses.

Smart data

Smart data, the operational element of big data, which is best manifested in the Internet of Things, threatens most of the remaining principles. So far, data collection sensors—cameras, radio frequency identification readers, and such—have been unconnected. In the Internet of Things (IoT), sensors will be ubiquitous, connected, and freed from human interaction. Your phone, fridge and television will talk to each other without your input.

Eventually, there will be connections between a body area network of wearable devices, a local area network of home devices, a remote network of cars, and a very wide area network of municipal infrastructure. In a system designed to simultaneously share data, the principle of disclosure, which restricts data sharing, will be bent into an unrecognizable shape.

Advertisement. Scroll to continue reading.

Smart data is growing. It will be integrated into the scalable Smart Cities project as the IoT proliferates. The principle of access, which calls for people to be able to review their personal data, will become unworkable as data is continuously collected. Contrary to the principle of security, data insecurity intensifies as more devices join the system.

The future of privacy

The Shah principles were designed for a pre-big data economy. They will be eclipsed twice over by smart data. The solution is to modify the principles where possible and, where not, devise a new approach. The notice and choice model does not work. It focuses on data collection even though people blindly agree to collection and multiple uses. Only a model focused on data use will work.

A use-focused model will categorize data uses on the basis of harm. Data can be tagged at the moment of its creation with a list of permissible uses. Discriminatory uses are clearly harmful, urban planning less so. Data tagging will code context-based integrity into the system. For instance, your phone’s roving location can be shared in real time with other phones to plot travel times, but not with your employer.

This does not mean that data collection will be unconstrained. Designing devices that minimize data collection but are compatible with the IoT is another solution. “Privacy by design” offers a better chance of success given people uncomprehendingly sacrifice privacy for convenience.

What about people who simply do not want any part of smart data? The data industry is not eager to cater to them, so their data will be collected by default. That should be changed so that the default mode is non-collection unless consumers opt in. But to create the demand for that, India needs a more sophisticated privacy debate.

*

Advertisement. Scroll to continue reading.

This post was first published in Mint on Dec 25 2016. Crossposted here with permission from Mint.

At the time that this was published, Bhairav Acharya was an Open Technology Institute Program Fellow at New America. He is currently ‎Public Policy Manager, India and South Asia at Facebook.

Written By

Free Reads

News

With GPS in every car, India's toll collection is going high-tech.

News

Google is currently undergoing the necessary procedures for the leasehold land, which is presently under the ownership of the Maharashtra Industrial Development Corporation.

News

The pilot project for which is being launched in 19 cities this year, with a plan to launch a full-fledged rollout next year.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...

News

Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...

News

The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...

News

Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...

News

Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ