This article is written by Armaan Waseem Ahmad of RMLNLU, Lucknow
Recent times have shown the threats people face from their digital lives. Governments use personal information to crush dissent and or witch-hunt probable oppositions, whereas multinational corporations use it to advertise or invite international intervention to sovereign actions of the State. However, out of all the different possibilities, the chief asset of any individual that is constantly under attack from either private players or government organizations is their privacy.
Data can be divided into different categories such as sensitive data, general data, financial data, electoral data, etc. However, any of these types of data can be misused if accessed by malicious entities. The world of the internet has become the biggest threat to the privacy of all individuals, people’s information can be accessed in a matter of minutes, millions can be stolen and returned without a trace of the culprit. In essence, the current form of the internet is a nemesis to the privacy of all individuals.
Data Storage
With enormous amounts of data doing rounds across the world regularly, it needs to be stored somewhere or the other. After all, where would your saved game go? Or the months-long chats you had with your friend? Or maybe, that e-form you filled to open a bank account?
All the information needs to be stored somewhere, and this is where the complexities begin. The locations (hereinafter called databases) are only as secure as their creators made them be. Databases are the vaults of all the information that the government, your internet service providers, and social media websites access to know who you are and what you want. Now, these vaults can be stored in any location, i.e., they can lie in any country’s jurisdiction (this is solely decided by the service providers you choose). From this stems a multitude of problems, since the service provider can do anything with your private data. It could be sold to international intelligence agencies, or to huge companies that wish to know you better and personalize their services as per your taste, either way, your privacy stands violated.
Data Localization
To avoid information from people of a specific geographic location affecting it in any negative manner, the idea of data localization finds practicality. The idea is simple, ensure that the databases are located within the jurisdiction and protection of the sovereign authority, i.e., the government. Data localization cements the idea of enforcing the country’s law on the company that conducts business in the country. However, this plan is also not without its loopholes. Surveillance of citizens to spot dissent and opposition seems to be the favorite pastime of governments anyway. Granting access to citizens’ information to their government opens another pandora’s box which destroys democracy rapidly.
To put it in Facebook’s Founder, Mark Zuckerberg’s words:
“India's data localization demands are understandable, but allowing it for one nation can trigger a demand from countries which are much more authoritarian and can misuse the citizens' data[1].”
The irony here is that Facebook itself has been convicted of selling the personal information of nearly 550 million of its users[2].
The 4-Edge Blade
Privacy is a term that cannot be defined with a few words, it encompasses a wide array of aspects related to the personal lives of individuals. Thus, there are many threats to people’s privacy.
Blade #1: Multinational Companies
Companies collect data from their users to help with their sales. They assess user patterns and modify their services and content in a fashion that the product is more intriguing to the user. Furthermore, these databases are not safe either, the information can be easily accessed by third parties to further their agendas[3], or even sold to other entities in a twisted manner[4]. Lastly, enormous amounts of data are already reaching these huge companies and third parties associated with them. Prof Leith from Trinity College Dublin states that, “I think we have completely missed the massive and ongoing data collection by our phones, for which there is no opt-out. We’ve been too focused on web cookies and badly behaved apps.”
After examining the data, it was found out that even after just being set up, smartphones send enormous amounts of data to pre-installed third-party apps and the Operating System Developer.[5]
Blade #2: Governments
Governments have always been infamous for their handling of the private information of citizens. Mostly because it has real-life consequences on the lives of the citizens. Surveillance and crushing dissents are some[6] of the most terrifying consequences one fears if governments are granted access to their information. Journalists, whistleblowers, and activists use VPNs and the deep web to escape the undue scrutiny of the government. Personal data is quite literally the life of the individual.
Blade #3: Technology
It’s no surprise that technology is progressing at a rapid rate. So much so, that it is unable to contain its security. Cases of cybercrime have become an everyday phenomenon, 2020 alone reported 4.9 billion cyberattacks[7]. Our cybersecurity measures show their gaps regularly. From government organizations[8] to private companies[9], everyone is susceptible to cybercrimes and data leaks. This puts in question, even if the individual trusts the organization/ company with their private information, they’re still at a loss since data leaks will affect them negatively anyway.
Blade #4: People
Figures like the “81% of Americans believe that they don’t have little/no control over their data that companies collect.[10]” and “55% of Europeans show concerns over their private data getting accessed by fraudsters and criminals[11]”, might depict the attitude of individuals about their private information, but the reality is much different. A study by ProPrivacy.com showed that 99% of people agreed to the T&C of their agreement without even reading it. The agreement had clauses such as handing over rights to the airspace above the user’s residence; handing over naming rights of the parents to the company; giving their mother access to all the search history, among others.
Furthermore, over 80% of users agreed that they preferred apps that gave personalized content and products to them[12]. This brings to question, how is it that individuals who are scared of private entities and governments accessing their private information, ready to part with their privacy for a more personalized app?
The Problem?
Numerous problems need to be faced if privacy is to be secured. The primary need of them all is the introduction of reasonable data protection laws, which don’t favor the government, thus incline the table towards autocracy, nor monopolize the markets with the Big Tech companies. Granting free access to databases of companies creates atmospheres where they can freely meddle with presidential elections, and outright data localization eliminates the competition from the international market since smaller players cannot compete with setting up localized databases[13].
Even if these probable menaces can be escaped, there is the imminent problem of “Hyper-Personalization”, which can be used in warfare, espionage, sabotage, and other tactics at an international level.[14]
The Legality
The landmark judgment in the case of K.S. Puttaswamy v. Union of India[15] established that the Indian State recognized privacy as a fundamental right under Article 21 of the Indian Constitution. Along with this, other major jurisdictions recognize the fundamental right to privacy and are working to protect it through legislation. 128 out of 194 countries recognized by the UN have already adopted legislation to protect their privacy and data from malicious entities[16]. The collection and handling of the data collected by companies and different organizations will be dictated by these legislations. The precedents set down by the courts of law are scarce and scattered on this specific matter, the gap in the legal view is to be filled by the legislations enacted by the different countries.
To get a gist of what entails data localization, one could look at the Data Localization norms of 2018, laid down by the Reserve Bank of India for the private financial information of Indian nationals. Enacted in 2019, the rules held that financial data could be stored locally for 6 months, and overseas for 24 hours. After the exhaustion of this time limit, the data needs to be deleted to protect it from any future cyberattacks. The upcoming Personal Data Protection Bill, 2019 is also said to have clauses aimed at data localization, but the access granted to the government for national security makes it a debated topic (Justice Srikrishna criticized the amount of power it grants to the government)[17].
Conclusion
Data protection is a major concern rising internationally, people are becoming more aware of who has access to their private lives, thus, it should be given its due importance. However, this should be done while keeping in mind the potential threats absolute privacy poses. Localization is an efficient way to overcome access to foreign intelligence, but at the same time governments of the State cannot be trusted themselves.
One needs to bear in mind that Data Localization is not the absolute defense against cybercrimes, the world of the internet is without any walls. Data security relies heavily on the technical expertise of the handlers, cybersecurity protocols, and mostly the technology being used to protect it. Localization doesn’t provide absolute assurance that the information stands protected, technological advancements need to be constant, aimed at outmaneuvering their predecessors. Thus, in conclusion, the balance of national security, personalization, data protection, and free access will be achieved through the age-old method of hit-and-trial and the international amalgamation of ideas about the governing laws of the internet, because the internet truly is a unifying platform.
[1] The Quint, Here’s Why Facebook CEO Zuckerberg Has Fears About Localising Data (April 29, 2019), https://www.thequint.com/tech-and-auto/tech-news/facebook-mark-zuckerberg-data-localisation-concerns-india#read-more accessed October 10, 2021. [2] Aaron Holmes, 533 million Facebook users' phone numbers and personal data have been leaked online (April 4,2021) https://www.businessinsider.in/tech/news/533-million-facebook-users-phone-numbers-and-personal-data-have-been-leaked-online/articleshow/81889315.cms accessed October 10, 2021. [3] Miles Parks, FACT CHECK: Russian Interference Went Far Beyond 'Facebook Ads' Kushner Described (April 24, 2019) https://www.npr.org/2019/04/24/716374421/fact-check-russian-interference-went-far-beyond-facebook-ads-kushner-described accessed October 10, 2021. [4] Bennett Cyphers, Google Says It Doesn’t 'Sell' Your Data. Here’s How the Company Shares, Monetizes, and Exploits It. (March 19, 2020) https://www.eff.org/deeplinks/2020/03/google-says-it-doesnt-sell-your-data-heres-how-company-shares-monetizes-and accessed October 10, 2021. [5] Colin Gleeson, Android phones engage in ‘significant’ data collection and sharing (October 11, 2021) https://www.irishtimes.com/business/technology/android-phones-engage-in-significant-data-collection-and-sharing-1.4697056 accessed October 12, 2021. [6] David Greene, Jewel v. NSA: Americans (Still) Deserve Their Day in Court, (August 17, 2021) https://www.eff.org/deeplinks/2021/08/jewel-v-nsa-americans-still-deserve-their-day-court accessed October 10, 2021. [7] Ivana Vojinovic, VPN Statistics for 2021 – Keeping Your Browsing Habits Private, (March 21, 2021) https://dataprot.net/statistics/vpn-statistics/ accessed October 10, 2021. [8] Pranav Mukul, Explained: What is the Air India data breach that has hit its customers?, (May 27, 2021) https://indianexpress.com/article/explained/air-india-sita-data-breach-explained-7325501/ accessed October 10, 2021. [9] Mitchell Clark, Poly Network hacker gave back more than $600 million in stolen crypto, (August 23, 2021) https://www.theverge.com/2021/8/23/22638087/poly-network-600-million-stolen-crypto-hack-restored-defi accessed October 10, 2021. [10] Brooke Auxier, Lee Rainie et al., Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information, (November 15, 2019) https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/ accessed October 10, 2021. [11] YOUR RIGHTS MATTER: DATA PROTECTION AND PRIVACY, European Union Agency of Human Rights, doi:10.2811/292617, https://fra.europa.eu/en/news/2020/how-concerned-are-europeans-about-their-personal-data-online accessed October 10, 2021. [12] PressRoom, New Epsilon research indicates 80% of consumers are more likely to make a purchase when brands offer personalized experiences (January 9, 2018) https://www.epsilon.com/us/about-us/pressroom/new-epsilon-research-indicates-80-of-consumers-are-more-likely-to-make-a-purchase-when-brands-offer-personalized-experiences accessed October 10, 2021. [13] Remya Nair, What is data localisation & why Mastercard, Amex, Diners Club can’t add more customers in India (July 28, 2021) https://theprint.in/economy/what-is-data-localisation-why-mastercard-amex-diners-club-cant-add-more-customers-in-india/703790/ accessed October 10, 2021. [14] Dunlap, Charles J., and Charlie J. Dunlap. “The Hyper-Personalization of War: Cyber, Big Data, and the Changing Face of Conflict.” Georgetown Journal of International Affairs, 2014, 108–18. http://www.jstor.org/stable/43773654. [15] K.S.Puttaswamy v. Union of India, (2017) 10 SCC 1 (India). [16] UNCTAD, Data Protection and Privacy Legislation Worldwide https://unctad.org/page/data-protection-and-privacy-legislation-worldwide accessed October 10, 2021. [17] Shruti Dhapola, Justice Srikrishna calls new Data Protection Bill a blank cheque to the state, (February 29, 2020) https://indianexpress.com/article/technology/tech-news-technology/justice-srikrishna-calls-new-data-protection-bill-a-blank-cheque-to-the-state-6292350/ accessed 10 October, 2021.
Comentarios