By: Rajarshi Dhar, Industry Analyst, Digital Transformation (ICT) Practice, Frost & Sullivan
Protection of Data and Role of General Data Protection Regulation (GDPR)
Facebook – one of the world’s largest social networking sites is also one of the largest data houses, hence is an attractive destination for 3rd party application developers. These 3rd party application developers bank on the users’ data from these sites. When this data is on sale (for 3rd party apps) the revenue for the social networking sites is much higher. Hence, this is not just a Facebook issue but something which is very common among most other social networking sites. The concern arises when this data collected from social networking sites is misused, hence there is a need to protect such data. We at Frost & Sullivan believe GDPR should help control such misuse of data.
GDPR is a European Union (EU) regulation on data protection and privacy for all individuals within the EU, which is likely be enforced soon. The GDPR aims to bring in restriction and mandate on “Consent & The Right to be Forgotten” for businesses or customers based in Europe. This means, the law would enforce restrictions on data capture and data erasure which in a nutshell would help protect consumer data on a larger context. The word ‘consent’ within the law would have specific definition of what it means to the company and the data owner.
Apart from the law, social networking sites also need to limit the data access for 3rd party applications using these sites, in order to prevent any misuse by them.
Impact on India
India has already become the largest user base for Facebook globally beating its closest contender, the USA. Government of India has sent out a clear message that it won’t tolerate any data theft rising out of Facebook business processes. However, given the large consumer base of the country, it becomes an attractive destination for 3rd party app developers, marketers and data harvesters. This is even more concerning as India lacks strict data privacy laws, and tracking misuse of people’s data is a challenge.
How should Users avoid a Data Breach?
Frost & Sullivan strongly advocates that users should put in minimum personal information on their account profiles that could be used by these data scraping apps as marketing agents for products up for sale. For the sake of getting more hits, likes or shares, users should not take a chance and reveal a lot of personal data, and hence should play intelligently with profile settings. License agreements should be read thoroughly keeping in mind the allowance or restrictions that would be followed by social media companies. Account passwords need to be changed on regular intervals and linking up of email ids and password with multiple 3rd party apps should be avoided. To summarize, till there is a formal regulation in place in India, like the GDPR, consumers need to take ownership of every bit of data shared and take control of their privacy.
The Facebook – Cambridge Analytica controversy should be seen as a warning for the country’s relatively weak data security framework, and strict protection and privacy laws need to be put in place having minimum loopholes. Social networking sites operating in India could take ideas from Apple (creators of iPhone) while providing data access to 3rdparty developers as Apple restricts data access for the app developers. In the current digital and tech savvy world “Data is the new Oil”, hence it is crucial that the data from social networking sites is being used for the right purpose and with the knowledge and consent of the people, otherwise this data could end up falling in the wrong hands and misused.