Author: Suganya. R, V Year of B.B.A.,LL.B(Hons.) From Sathyabama Institute of Science and technology, Chennai.
Introduction
The "Digital India Mission" is a key initiative of the government to digitally empower the nation. The mission intends to boost the economy by providing digital infrastructure to all the citizens in the nooks and corners of the country. It shifted the people to move from traditional paperwork to digitise forms and documents. It made it easy to access the information in digitised forms, unlike written documents, which need additional care to preserve and access for future use.
The digital platform is an integral part of internet based services. It provides a wide range of reliable services based on the people's lifestyles. The consulting firm Bain and Company's report estimates India's e-commerce industry will beat the United States' e-commerce industry, based on a steady increase in user base. Even though the rapid expansion of internet services is considered a digital transformation, the cyber security experts worry that the lack of digital literacy among the people to secure their information on digital platforms could be a hindrance in the country's economic growth.
Thus, the article is an attempt to make the readers aware of security problems on digital platforms. Since then, data breach incidents have now come into the spotlight, which needs the users attention to be cautious of certain things before accessing services from these platforms.
Personal data- Meaning and its significance
Let's break down the technical jargon of what exactly "data" means before discussing personal data. The data are nothing but facts, knowledge, or information about anything (it includes living people, non-living things, companies, etc.). If this data contains information about a person's name, physical features, health, and financial details, it shall be called "personal data. Since information is used to socially identify a person.
Now these digital platforms (including both mobile applications and websites) provide services after getting information, such as name, contact number, email address, age, gender, etc from their users. People may think the platform' gets users' information only to provide services (like seeing product availability in your locality or offering delivery services). Have you ever questioned yourself as to what happens to our personal data after that? Whether the platform stores our personal data or deletes it, once the service ends, is unclear. The answer to this lies in the privacy policies of these platforms'.
The platform asks the users to agree to their privacy policy before collecting their personal data. But, has anyone read those terms and conditions properly to know why our personal data is collected and how it is stored and used for future transactions? I guess the answer is no. We are all well-educated people, but why didn't we have the patience to read those policies? Here comes the lack of knowledge on the technical and functional aspects of data.
Data breach
The literal meaning of data breach is "the stealing of users personal data that is stored in the tech company's server, device, database, etc. Data breach is a serious cyber crime, as the stolen personal data can be used by the hacker to give sexual threats, stalk your online behavior, access loan and other financial details, etc.
Few data breach incidents in India,
In 2005, employees of the Mphasis BFL call centre in Pune extracted bank account details of Citibank's American customers to divert US $ 3,50,00 to bogus accounts in the US.
In 2020, 22 million users of Unacademy, an online learning platform, will be exposed to the dark web.
Then the Air India user's ID and password data are breached by the third party to access their GST invoice and publish it in the public domain.
To our shock and surprise, the cybersecurity firm Tenable report states that India ranks 2nd in data breaches globally. Now, we should all know if the Indian legal framework is competent enough to tackle data breach problems or not.
Legal framework for data breaches
The privacy or cookie policy of an application or website is the legally enforceable contract between the tech companies and individual users. As we all know, a minor is a person who is below the age of 18, and the minor is not competent to enter into a contract. So, it means, the parents of a minor child are completely responsible for the acts on the digital platforms.
The policy also imposes a contractual obligation on the tech-companies to utilise the data only for the purposes mentioned when accepting the policy. If the tech companies use that data for other activities or share it with a third party, it becomes illegal.
In India, the Information Technology Act of 2000 discusses punishment for data breaches.
Section 43A also imposes a penalty on tech companies to pay compensation for failing to protect the users data and,
Section 66 states that the offender shall be punishable with imprisonment up to three years or a fine of Rs. 5 lakh or both.
Section 72A imposes punishment with imprisonment up to three years or a fine of Rs. 5 lakh rupees, or both, if the tech companies disclose information received from their users, on agreeing to their policies.
The Information Technology Act discusses punishment in the instance of a data breach. It doesn't impose a prerequisite security measure to be compiled by the tech companies to protect their users' data. To resolve this, the government released the Digital Personal Data Protection Bill in November 2022, and this bill is yet to be enacted to resolve the data protection issues in the country.
Digital literacy is a must to protect data
The term digital literacy refers to a person's ability to utilise technology in an effective manner. It helps protect your personal data from being used for illegal activities. The users must be aware of what to do and what not to do in the digital platforms to protect their personal information.
As already stated, the parents are solely responsible for the acts of their minor children. The schools shall educate the children on what to do and what not to do in the digital platforms. Children are easily targeted by the criminals. The school and parents shall teach the children not to virtually connect with unknown people and how to respond to sexual threats or harassment made on a digital platform. If their children take online classes, the parents can monitor to ensure their children use only those online study platforms and not use unauthorised game platforms. In this way, we can protect our children from becoming victims of data breaches.
Conclusion
The tech-companies make use of highly populated countries like India to gain a mass customer base and expand their revenue. These companies have a responsibility to adopt the best security mechanisms to secure their users personal data. But at the same time, it is also the duty of the people to be vigilant enough to use their personal data wherever necessary in the digital medium. Meanwhile, the government shall take all the necessary steps to curb data breaches and enact the data protection law, addressing the legal lacuna, to make digital platforms safe and secure to use. We shifted from the age-old practices of writing on paper to a digital medium to make use of available resources as a sustainable practice and not let our personal information be taken away inside the colourful digital medium.
Reference
1. https://www.governancenow.com/news/regular-story/digital-india--paperless--cashless-indian-economy
2. https://economictimes.indiatimes.com/tech/technology/ecommerce-user-base-in-india-to-outpace-us-in-two-years-bain-report/articleshow/94767324.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst
3. https://timesofindia.indiatimes.com/business/india-business/6-in-10-indians-report-personal-data-breach-by-loan-service-provider-survey/articleshow/95563738.cms
4. https://bnwjournal.com/2020/07/17/pune-citibank-mphasis-call-center-fraud/
5. https://cisomag.com/unacademy-data-breach/
6. https://www.businesstoday.in/latest/trends/story/exclusive-if-you-flew-air-india-your-data-could-be-compromised-346626-2022-09-07
7. https://www.financialexpress.com/life/technology-india-data-security-personal-data-leaks-surfshark-cert-in-2560424/
8. https://www.indialawoffices.com/legal-articles/data-protection-laws-in-india
9. https://indianexpress.com/article/explained/explained-economics/india-draft-digital-privacy-law-data-protection-laws-8279199/
Author: Suganya. R, V Year of B.B.A.,LL.B(Hons.) From Sathyabama Institute of Science and technology, Chennai.
Introduction
The "Digital India Mission" is a key initiative of the government to digitally empower the nation. The mission intends to boost the economy by providing digital infrastructure to all the citizens in the nooks and corners of the country. It shifted the people to move from traditional paperwork to digitise forms and documents. It made it easy to access the information in digitised forms, unlike written documents, which need additional care to preserve and access for future use.
The digital platform is an integral part of internet based services. It provides a wide range of reliable services based on the people's lifestyles. The consulting firm Bain and Company's report estimates India's e-commerce industry will beat the United States' e-commerce industry, based on a steady increase in user base. Even though the rapid expansion of internet services is considered a digital transformation, the cyber security experts worry that the lack of digital literacy among the people to secure their information on digital platforms could be a hindrance in the country's economic growth.
Thus, the article is an attempt to make the readers aware of security problems on digital platforms. Since then, data breach incidents have now come into the spotlight, which needs the users attention to be cautious of certain things before accessing services from these platforms.
Personal data- Meaning and its significance
Let's break down the technical jargon of what exactly "data" means before discussing personal data. The data are nothing but facts, knowledge, or information about anything (it includes living people, non-living things, companies, etc.). If this data contains information about a person's name, physical features, health, and financial details, it shall be called "personal data. Since information is used to socially identify a person.
Now these digital platforms (including both mobile applications and websites) provide services after getting information, such as name, contact number, email address, age, gender, etc from their users. People may think the platform' gets users' information only to provide services (like seeing product availability in your locality or offering delivery services). Have you ever questioned yourself as to what happens to our personal data after that? Whether the platform stores our personal data or deletes it, once the service ends, is unclear. The answer to this lies in the privacy policies of these platforms'.
The platform asks the users to agree to their privacy policy before collecting their personal data. But, has anyone read those terms and conditions properly to know why our personal data is collected and how it is stored and used for future transactions? I guess the answer is no. We are all well-educated people, but why didn't we have the patience to read those policies? Here comes the lack of knowledge on the technical and functional aspects of data.
Data breach
The literal meaning of data breach is "the stealing of users personal data that is stored in the tech company's server, device, database, etc. Data breach is a serious cyber crime, as the stolen personal data can be used by the hacker to give sexual threats, stalk your online behavior, access loan and other financial details, etc.
Few data breach incidents in India,
In 2005, employees of the Mphasis BFL call centre in Pune extracted bank account details of Citibank's American customers to divert US $ 3,50,00 to bogus accounts in the US.
In 2020, 22 million users of Unacademy, an online learning platform, will be exposed to the dark web.
Then the Air India user's ID and password data are breached by the third party to access their GST invoice and publish it in the public domain.
To our shock and surprise, the cybersecurity firm Tenable report states that India ranks 2nd in data breaches globally. Now, we should all know if the Indian legal framework is competent enough to tackle data breach problems or not.
Legal framework for data breaches
The privacy or cookie policy of an application or website is the legally enforceable contract between the tech companies and individual users. As we all know, a minor is a person who is below the age of 18, and the minor is not competent to enter into a contract. So, it means, the parents of a minor child are completely responsible for the acts on the digital platforms.
The policy also imposes a contractual obligation on the tech-companies to utilise the data only for the purposes mentioned when accepting the policy. If the tech companies use that data for other activities or share it with a third party, it becomes illegal.
In India, the Information Technology Act of 2000 discusses punishment for data breaches.
Section 43A also imposes a penalty on tech companies to pay compensation for failing to protect the users data and,
Section 66 states that the offender shall be punishable with imprisonment up to three years or a fine of Rs. 5 lakh or both.
Section 72A imposes punishment with imprisonment up to three years or a fine of Rs. 5 lakh rupees, or both, if the tech companies disclose information received from their users, on agreeing to their policies.
The Information Technology Act discusses punishment in the instance of a data breach. It doesn't impose a prerequisite security measure to be compiled by the tech companies to protect their users' data. To resolve this, the government released the Digital Personal Data Protection Bill in November 2022, and this bill is yet to be enacted to resolve the data protection issues in the country.
Digital literacy is a must to protect data
The term digital literacy refers to a person's ability to utilise technology in an effective manner. It helps protect your personal data from being used for illegal activities. The users must be aware of what to do and what not to do in the digital platforms to protect their personal information.
As already stated, the parents are solely responsible for the acts of their minor children. The schools shall educate the children on what to do and what not to do in the digital platforms. Children are easily targeted by the criminals. The school and parents shall teach the children not to virtually connect with unknown people and how to respond to sexual threats or harassment made on a digital platform. If their children take online classes, the parents can monitor to ensure their children use only those online study platforms and not use unauthorised game platforms. In this way, we can protect our children from becoming victims of data breaches.
Conclusion
The tech-companies make use of highly populated countries like India to gain a mass customer base and expand their revenue. These companies have a responsibility to adopt the best security mechanisms to secure their users personal data. But at the same time, it is also the duty of the people to be vigilant enough to use their personal data wherever necessary in the digital medium. Meanwhile, the government shall take all the necessary steps to curb data breaches and enact the data protection law, addressing the legal lacuna, to make digital platforms safe and secure to use. We shifted from the age-old practices of writing on paper to a digital medium to make use of available resources as a sustainable practice and not let our personal information be taken away inside the colourful digital medium.
Reference
1. https://www.governancenow.com/news/regular-story/digital-india--paperless--cashless-indian-economy