News

Google, Meta, Amazon, Others May Face Penalty For Data Sharing Without Customer Consent

Google, Mata, Amazon, Others May Face Penalty For Data Sharing Without Customer Consent
SUMMARY

Under the Consumer Protection Act, 2019, the consumer affairs department can take action and issue directions to such firms

If the consumer feels that their data is being shared amongst firms without their express consent, they are free to approach us under the Consumer Protection Act: Senior Official

The Digital Personal Data Protection Bill (DPDPB) in India is yet to be finalised

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

Big tech firms such as Google, Meta, Amazon and other ecommerce platforms can face penalties for data sharing amongst them if such instances are flagged by consumers.

Under the Consumer Protection Act, 2019, the consumer affairs department can take action and issue directions to such firms, FE reported citing a senior official.

“Since the data belongs to a consumer, if the consumer feels that their data is being shared amongst firms without their express consent, they are free to approach us under the Consumer Protection Act,” the official said as quoted in the report.

A typical case of customer data sharing happens when a particular search related feed appears on Facebook matching what the consumer searched on Google. This indicates that user data is being shared by big tech firms, the official explained.

Users can approach the consumer affairs department if the data sharing is done without the user consent. “The Consumer Protection Act and Central Consumer Protection Authority are empowered to act on such complaints,” the official added.

The department of consumer affairs is vested with powers to penalise such companies for misleading advertisements and unfair trade practices under the Consumer Protection Act. In case of any unfair or restrictive trade practices or unscrupulous exploitation of consumers, consumers have the right to seek redressal.

While the approach to utilise user data is being debated globally, the Digital Personal Data Protection Bill (DPDPB) in India is yet to be finalised.

The DPDP Bill was published in November 2022 and proposed a number of reforms to govern the Indian digital ecosystem. It proposed the concept of data fiduciary and had mandated new changes, including the right of a user to give, manage, and withdraw consent for sharing information.

In case of non-compliance with the provisions of the Bill, a penalty of up to INR 500 Cr may be imposed.

However, there have been several controversies around the Bill. After IT Minister Ashwini Vaishnaw said last week that the Parliamentary panel gave ‘big thumbs up’ to the draft Bill, Member of Parliament (MP) Karti Chidambaram refuted the Centre’s claims. He added that the panel, during the preliminary discussion on the Bill in December last year, had flagged a slew of issues.

Justice BN Srikrishna, who led the Srikrishna Committee that submitted a draft of the now-sidelined Personal Data Protection Bill in 2018, also told Inc42 a few months back that the draft does little to protect the fundamental right to privacy.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

Recommended Stories for You