Explainer: CoWIN data leak - here's why data privacy should matter to us
In India, we don’t blink twice to freely share a few personal details about ourselves online. We brush aside any qualms chanting the self-righteous mantra: ‘I have nothing to hide’.
At the back of our minds, we are only too aware companies are mining the information we have shared on a portal to offer suggestions on entertainment programmes, attractive bank schemes, restaurants, shopping sites and holiday destinations and more.
The recent revelation about a data breach in the Indian health ministry-run CoWIN portal, which is a repository of vaccination data of the people of the country, is disturbing as the site contains personal details such as citizen’s phone number, gender, ID card information, date of birth, last four digits of Aadhaar and vaccination details.
This is not the first time. In 2018, the world’s largest ID database Aadhaar was breached, exposing information on more than 1.1 billion Indian citizens, including names, addresses, photographs, phone numbers, and emails, as well as biometric data like fingerprints and iris scans.
With malicious actors on the prowl for precious personal information, it has become crucial for individuals to safeguard their personal data or what is now being considered as data privacy. Here’s why data privacy should matter to us:
So, what is data privacy?
Data privacy is giving people control over how one’s personal data and how it is accessed, shared or used. Personal data can be defined as that which makes a person identifiable by or in relation to such data. This personal data involves not just name, age and contact information but an individual’s vehicle number, location data, employee code, bank account information, online activity or similar information.
Also read: Explained: The 3-layered EC-led probe into Bengaluru voter data theft
Why should it matter to us?
When personal data falls into the wrong hands, it can harm people, businesses, and organisations. If a student loses his or her identity card, it can be used by criminals to commit identify theft. The information is used to create a fake identity in the student’s name. Student ID cards and medical insurance sell like hotcakes in India, say IT experts.
A person may not like to share their medical data with their employers or their salary income with friends but if a hospital data storage is breached, this kind of information is likely to become available. And, while we blithely click on ‘I agree’ before reading a privacy policy on a website, the same aggregators of personal data can use it to discriminate a person in terms of education, employment and housing by not offering you services or opportunities.
Why this argument of ‘nothing to hide’ rings hollow
When ex-Google CEO Eric Schmidt was asked about users’ privacy concerns, he famously said: “If you’re doing something you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” He made this comment to drive home the point that if one is not doing anything wrong they should not be afraid to share information. Later, when CNET Magazine published an article containing private info about his income, his neighborhood, and his political donations, he condemned the site for invading his privacy.
Why you need to worry about the data you shared
Every search word you make on Google is stored. Your IP address is assigned a random string of numbers that companies can use to track you and serve customised ads based on your browsing habits. Companies build on your browsing, purchasing history, and social media activity, to build an extensive profile on your habits and behaviors. They scour through your social media profiles to get more information on you.
This information can be misused. For example, based on the information they have about their consumers, a travel site charged Mac users more for hotel options than PC users.
Some years ago, a bank employee filed a complaint in Delhi high court under the ‘right to be forgotten’ plea to remove details about a police complaint filed by his wife (who he later reconciled with) since it was appearing on the top of the Google search list. Since this kind of information was affecting his chances of bagging a job. This complaint may have been uploaded online by the authorities as a matter of course but it is an example of how such private matters online can impact a person’s life and his career.
Also read: Cambridge Analytica, Global Science Research booked for FB data theft
What should you do to protect your data?
The country is on the verge of having a Digital Personal Data Protection law. This will strengthen people’s efforts to protect their personal data.
Under this law, individuals will have a right to know whether personal data about them is being processed by a company and if so, how it is being processed. The individual can also ask for where the information was shared, a summary of the data, and they can correct, update or erase wrong data they don’t want in the public domain. As a consumer, you should also choose services that protect your data privacy.
