As Indians, it has been a trend among us that we incautiously share our data to all the apps and websites that ask for it. Call it the need for free access to apps, services, games and whatnot. We do not realise that there is some catch here; for there is no free lunch which is why we are often puzzled as to how the websites providing their services for free, earn.  It is with the help of the data about us (anonymized and pseudonymized) that most of these free upon registration internet companies make their financials skyrocket. It is a common sight, you might have seen those posts with random love calculations, quizzes about your death, predictions about the date of your death and so on. If we look closely, at the time of getting these applications to work, we share a lot of data with developers of such applications. Focusing on spreading their roots, Facebook is being blamed for compromising personal data of more than 87 million users.

What actually happened?

It all began in 2007 when Facebook created a platform for people to log in to apps using Facebook and share their data. In 2013, Kogan, a researcher at Cambridge University, created an app and accessed data of around 300,000 users. In the following year, Facebook restricted the data accessed by apps unless the user had authorized it. It was revealed in 2015 that Kogan had shared the data with Cambridge Analytica without users’ permission. Consequently, Facebook asked Cambridge Analytica to delete the data and certify the same. Cambridge Analytica certified that they have deleted the data but apparently they had not. Facebook is currently facing exodus due to the breach of trust with the users. (The entire incident can be read in detail here)

Facebook is brushing the dust off its shoulders claiming that it has not violated the consent decree, mishandling of data is due to the abuse of policies and procedures by Kogan and Cambridge Analytica. A consent decree is gaining users’ express consent before sharing their personal data beyond the privacy settings. Facebook users willingly allowed Kogan’s app to access their data and the app further passed on the acquired data to Cambridge Analytica. After all the blame game, Facebook CEO, Mark Zuckerberg, has taken the responsibility and apologized for the breach of trust between Facebook and its users. He has also asserted that Facebook will take appropriate steps to address the issue. The damage is already done, and Facebook’s infamy has led to the #deletefacebook movement which is being supported by some very well-known names such as Brian Acton and Elon Musk.

Indian Government’s Response

On March 21, 2018, Mr Ravi Shankar Prasad (Union Minister for Law & Justice as well as Electronics & IT) stated in a press conference that the Central Government supports the idea of free speech and social media platforms, however, any such undesirable activity done to influence the electoral process would be not tolerated. He went on to clarify that if data theft of Indian citizens is done via collusion of Facebook systems, the Government will use appropriate powers under the IT Act to summon Mark Zuckerberg to India. Whether the Information Technology Act, 2000 is strong enough to do so is a question of some other time. Simultaneously, the Central Government sending notices to Facebook & Cambridge Analytica is definitely appreciable. The notice sent to Facebook specifically asks questions such as preventive measures implemented, types of data harvested, etc.

The Cyber Blog India’s take on the issue

Facebook, along with WhatsApp, have cohesively blended into our lives. For an average internet user in India, using Facebook and WhatsApp has become an everyday chore. Considering that India accounts for more than 10% of Facebook users worldwide, this is one market which cannot be disappointed. Even though the understanding, awareness and jurisprudence on privacy are in the nascent stages in India, we do have the Governments, activists, and organizations taking a proactive approach by discussing these issues.

With a prospective user base as large as 135 crores, gone are the times when privacy was labelled as an after-development activity or it was completely ignored. We believe that it is the right time for the companies and developers to implement the concept of privacy by design. Considering that the data is the next big thing and quoting Uncle Ben from Spider-Man, 

With great power comes great responsibility.

We hope that not only Facebook but all organizations dealing with the user data understands this, sooner or later.

(Co-authored by Titiksha Seth & Raj Pagariya)