Perceptions of online data protection & individual privacy in India

Perceptions on online data & user privacy in India

With the growth of internet access driven by cheaper connectivity across geographies and affordable but powerful mobile devices, the # of web users in India are rising by the millions each month. Popular activities online include emails, chats, social media interactions and online purchases from ecommerce stores.

All of these require sharing of personal information – email IDs, passwords, age, gender, city, personal interests, IP address, personal information shared in emails & chat sessions, etc. While the internet users in India understand privacy issues at a high level, especially with the recent disclosures on NSA’s global data  snooping, many users are still unaware of how their data is captured and not confident that these will remain strictly private.

It is imperative that we understand the practical issues involved in educating users about data privacy, while looking to enforce stricter privacy controls via legal means.

1.A recent study (conducted August 2013) by EMC Privacy Index revealed that Indians ranked first among 15 countries for their willingness to trade privacy for online convenience.

Online Privacy - India Vs The World

EMC Privacy Index Survey of Online Privacy Issues


These are indexed numbers – higher the value greater is the willingness to trade privacy for convenience.

2.The survey also indicated that 57 % of Indian consumers are willing to trade their privacy for convenience – significantly above the global average of 29%.

%ge of India Users willing to trade Privacy for Convenience

EMC Privacy Index Survey of Online Privacy Issues


3.The netizens of India felt privacy is an area of huge concern for them today and expect to be so over the next five years.

Future expectation of managing online privacy concerns in India

EMC Privacy Index Survey of Online Privacy Issues


4.While there is willingness to share private information for convenience and an ongoing concern about protection of privacy, a significant %ge are not acting even at a personal level.

Pro-active management of online privacy issues by Indian internet users

EMC Privacy Index Survey of Online Privacy Issues – 2014


5.At the same time there is no overwhelming confidence among the online users that the government or the online businesses they transact with will genuinely protect their private information. Also compare this with global perceptions and the Indians seem over optimistic.

Perception of third parties in protecting online data

EMC Privacy Index Survey of Online Privacy Issues – 2014


6.To sum up

– Indians are willing to trade online privacy for convenience, while at the same time extremely concerned about their personal data
– However a significant %ge are not acting to take personal safeguards, even when it is easy & effective
– Indian online users expect the government to legislate laws protecting their online personal data. They also expect online merchants / organizations to manage the personal data collected, under strict privacy considerations.
– However they do not have overwhelming confidence in the capabilities of the government / online organizations – on both skills & ethics fronts.

8.India’s internet base is growing and is expected to touch 500 Million internet data subscribers in the next four years. In the above context, it is easy to notice a huge & widening gap in online privacy protection of personal data.

9. Today no specific legislation exists in India (in contrast to the EU or Brazil) clearly mandating online privacy policies. It is essential to address the following, to accelerate ecommerce growth in the country.

a. What data is collected
b. How it is collected
c. Is only relevant data collected
d. Any explicit “opt out” mechanism available
e. how this data is used / shared with 3rd parties
f. how long is the data stored
g. Is the data destroyed after use
h. Is the owner allowed to edit his / her data
i. Infrastructure used to manage and protect private data
j. an independent body to approach in case of failures (individual / organizational)

j. an independent body to approach in case of failures (individual / organizational)
While the Information Technology Act (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules – 2011 provides a basis for the above, it is still insufficient.

The rules need to improve on many growing needs, including

– scope of personal / sensitive data (cookies / personally identifiable Information)
– protection for electronically transmitted data (including emails, chat, search history)
– comprehensively cover all online organizations (today many governmental agencies seem to be out of this scope)
– disclosure norms with prior consent for data management & sharing (especially under what “law in force” can this be shared)

by Harikrishnan Srinivasan

Leave a Reply

Your email address will not be published. Required fields are marked *