In Light Of Recent Facebook Breach, Privacy Advocates Demand Stronger Data Laws In India

After news of one of Facebook’s biggest data breaches perpetrated by British big data analytics startup Cambridge Analytica surfaced earlier this week, privacy advocates in India are now demanding stronger data privacy laws in the country.

This comes at a time when the Indian government’s Aadhaar programme has been garnering widespread attention due to its suspected vulnerability, which has left the system susceptible to countless data breaches and attacks.

In light of the reports claiming Cambridge Analytica harvested the profiles of up to 50 Mn Facebook users without their approval during the last US elections, privacy advocates in India have raised concerns that a similar breach could happen here to target voter opinion.

Speaking on the matter, advocate Apar Gupta told ET, “The government has not moved with necessary pace on data protection. Election commission (EC) has not taken up this issue of data protection for regulatory scrutiny. EC has in the past issued guidelines to protect election integrity and restrained exit polls and also required candidates to disclose social media handles. However, much more needs to be done.”

Interestingly, in September 2017, reports surfaced that a major Indian opposition party was looking to join hands with Cambridge Analytica for reaching a larger section of the country’s voting population in the upcoming 2019 general elections.

As per the digital publication, Moneycontrol, the data mining company made a presentation to the party in question a month prior to that, wherein it showcased a data-driven strategy based on voters’ behaviour on social media.

How Cambridge Analytica Perpetrated One Of Facebook’s Biggest Data Breaches

Created in 2013 as an offshoot of British big data analytics company Strategic Communication Laboratories (SCL) Group, Cambridge Analytica is a privately-held big data analytics firm that is partly owned by the family office of American right-wing billionaire, Robert Mercer.

Since its inception, CA has been involved in more than 44 American political races. Additionally, the big data startup was part of the famous “Leave.EU” campaign of the 2016 Brexit referendum. As part of these campaigns, Cambridge Analytica reportedly bought data from a multitude of sources, including shopping data, club memberships, bonus cards and public registries, among others.

The report further stated that the big data analytics company tracked information pertaining to the type of magazines people read, places they visit and churches they attend.

As explained by Cambridge Analytica CEO Alexander Nix, the startup’s expertise lies in collating vast amounts of seemingly disjointed data and connecting them in dots by matching voter profiles and databases. The data, according to Nix, allow CA to identify voting preferences of every voter in a particular area.

According to reports that surfaced recently, the British company accessed personal information of around 50 Mn Facebook users, without authorisation, in early 2014 to create a database of individual US voters, with the aim of targeting their political beliefs through personalised advertisements.

Commenting on the development, a person working closely with the company told The Guardian, “We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.”

The data was collected through an app called thisisyourdigitallife, which was designed by  Aleksandr Kogan, sources have revealed.

In response to the reports of the data breach, Paul Grewal, VP and Deputy General Counsel of Facebook said in a statement, “Like all app developers, Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.”

However, since these reports emerged earlier this week, the social media giant’s stock has dropped by 7% in a single day.

Earlier in January 2018, in response to Supreme Court’s observation that a line has to be drawn between Aadhaar application and people’s right to privacy, the Indian government informed the apex court that a data protection bill was being drafted by a committee of experts. At the time, reports stated that the draft would be ready by the end of this month.

Prior to that, in November 2017, the government released a white paper on the data protection framework. As per the paper, a nuanced approach towards data protection will have to be followed in India, bearing in mind the fact that individual privacy is a fundamental right limited by reasonable restrictions.

Data privacy is increasingly becoming an area of concern in the country, with giants like Facebook, WhatsApp, and Monster India being inspected for allegedly sharing user information with third-party entities.

In September last year, the Supreme Court of India reportedly issued notices to Google and Twitter, in reference to the public interest litigation petition filed against the Internet behemoths over data privacy concerns by Pallav Mongia, an Advocate-on-Record at the Supreme Court.

The petition, according to sources, has raised concerns about the lack of control over information sharing with cross-border corporate entities, which could potentially be a violation of the Indian citizens’ right to privacy.

As digital transactions and Internet penetration in the country increases, it is but inevitable that more such issues around privacy and security of information will spring up. Whether the government takes heed of the concerns raised by privacy advocates, especially in light of the recent Facebook data breach, remains to be seen.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.