Facebook, reportedly, has no plan to incorporate the provisions of the European Union law, called General Data Protection Regulation (GDPR), in all geographies. It will just take measures on similar lines. India will have to formulate its own data privacy law that is stringent, instead of relying on Facebook to mend things.
Section 43A of the (Indian) Information Technology Act, 2000, is not equipped to manage issues related to data breach and privacy. With reports confirming that political parties in India, too, sought the services of data analytics firm Cambridge Analytica to manipulate public opinion in their favour, the need for a digital privacy to protect Indian citizens has never been more pressing.
The regulatory bodies in India can take a leaf out of the model laws from GDPR to draft their own digital privacy framework. Prasanth Sugathan, Technology Lawyer and Counsel at Software Freedom Law Center, India, emphasises the importance of 'meaningful consent'. Currently, most apps ask for blanket consent to their terms and conditions, which are vague and verbose. He says it should be clear and precise what exactly the consent is being asked for. "If consent is given for one specific task, this doesn't authorise the platform to use it for another purpose," Sugathan says. Another related but key aspect is clarifying the purpose for which the data will be used.
The laws should be able to empower users to take control of their digital footprint. Along with the right to access their data stored on social media platforms, there should be a mechanism for users to delete it, too.
The formulation of laws means little if not implemented rigorously. The EU laws, for instance, come down heavily on companies in case of non-compliance. It is mandatory for companies to report the breach so users can take measures to secure the data and their account. There are also strict penalty provisions - 20 million euro (about $24.5 million) or 4 per cent of global annual revenue of the previous financial year, whichever is higher.
While laws have their importance, cautiousness on the part of social networks and users can go a long way. Puneet Bhasin, Founder of Cyberjure Legal Consulting, puts the onus on companies and government bodies to teach people how to share and what to share. She says there have been several child kidnappings due to tracking software that get installed in phones during downloads and occurrences of theft when people post when and where they are on a holiday.