At 462.12 million, India has the second highest number of internet users in the world after China but lacks the legal framework to ensure data protection and privacy with current laws inadequate for the rapidly-evolving sector, say cyber security experts.
The Facebook issue India connection
As data theft becomes the political buzzword pitching the ruling BJP against the opposition Congress, recent revelations on the issue have forced people to re-examine their everyday social media browsing habits, particularly on Facebook.
It started mid-March with international media reports claiming that the profiles of 50 million Facebook users were harvested by UK-based analytics firm Cambridge Analytica (CA) to influence the US presidential election and the pro-Brexit campaign as well as polls in other countries.
The resulting storm engulfed India too, with former CA employee-turned-whistleblower Christopher Wylie claiming the firm extensively operated in the country and had served political parties, including the Congress and the Janata Dal (United).
Indian laws inadequate
Beyond the global impact of the biggest-ever data breaches and the social media behemoth Facebook, the scandal brought to the fore the shortcoming of India’s laws to deal with ever advancing issues of online privacy and data theft in the country, say experts.
“India has the second highest number of internet users globally. However, India’s Information Technology Act, 2000 and its amendments—2008 and 2011—are not well suited to deal with social media and internet related cyber-crimes,” said Jaspreet Singh, partner, Cyber Security, Ernst & Young.
According to figures by Internet World Stats, a website featuring data on global internet usage, China had highest number of internet users at 738.5 million till 31 December 2017. India was second and the US third with 286.94 million users.
India does not have a dedicated law on data protection and privacy, said Singh. “Consequently, the third-party transfers and cross border movement of personal data, the entire sharing ecosystem, is not adequately dealt with under the Indian IT Act.
If any organisation is disclosing the personal information to third parties in India for data profiling or other such marketing and business purposes, there is no effective legal solution that is available,” he added.
Immoral not illegal according to Indian laws
Going by Indian law, the data breach episode, which has attracted a probe by regulators and governments in several countries and also triggered panic amongst millions of internet users, is at best “immoral or unethical” but not illegal.
“If you take Cambridge Analytica as an example, what they have done is mining of data and purchase of data with the consent of users by tricking them into giving their consent and taking off their data.
So, you may call this entire practice of data collection and data harvesting immoral and unethical, but according to Indian laws it is not illegal.
(Adapted from Livemint)