- RaviShankar Prasad warned Facebook that the government may summon Facebook chief Mark Zuckerberg to India in the same way as he is being questioned by the US government currently.
- Data analytics firm, Cambridge Analytica, harvested the data of 50 million Facebook users and used that information to feed strategies such as ‘behavioural microtargeting’ and ‘psychographic messaging’ for Donald Trump’s presidential campaign in the U.S.
- Chris Wylie, a former CA employee-turned-whistle-blower, set off a storm with revelations of how the company had deployed a ‘psychological warfare’ tool for alt-right media guru Steve Bannon to try to sway the election in Mr. Trump’s favour.
- The combination of using personal data without consent and tailoring slander campaigns, fake news and propaganda to discovered preferences of voters is a potent and corrosive cocktail.
- Facebook founder and CEO Mark Zuckerberg has offered an apology and expressed willingness to cooperate with inquiries and potentially open up Facebook to regulation.
In the Democracy like India the data controller should only seek data relevant, commensurate and incidental to the service promised. The link between the services and the data requested should be clear and adequate in terms of ‘minimum necessary’. Say, one installs a mobile app which optimizes phone battery performance. But the app wants access to media files, which it doesn’t need. In setting the minimal consent standards, the law will have to decide whether the customer can bargain the degree of consent or be faced with a take-it-or-leave-it option.
Individuals often share their data without being aware of it or understanding the implications of privacy terms and conditions. Fourth, there must be clear laws on the ownership of data and what data need to be protected. Personal data cannot be the new oil. Individuals must own it, have a right to know what companies and governments know about them and, in most cases, that is, when there are no legitimate security or public interest reasons, have the right to have their data destroyed.
The CA issue is a wake-up call for India; the government is still dragging its feet on framing a comprehensive and robust IT data protection law.