Privacy is one of those things we don’t talk about a lot in India. Every now and then there’s a small debate in some corner of the social web, where concerned citizens get together and discuss how our privacy is shit. It’s clear by now that we don’t have any major privacy laws in the country.
Things will only get worse from here. More people are signing up for internet access, the government itself wants to promote the vision of a digital India, and more internet connectivity is exploding thanks to the current 4G LTE wave. You’d imagine by now we would have a serious discussion regarding our privacy. But no.
All of us are up for sale on the internet. If you have ever purchased anything online, chances are you are very likely to be on some sort of database that’s up for grabs. These databases sell for anywhere between Rs.5,000-Rs.15,000 depending on the weight. The details include names, addresses, primary cell phone numbers, preferred mode of payment, and even mode of transaction with amount.
That’s a lot of sensitive information. Sometimes that’s all you need to break into someone’s account using basic social engineering skills. Now the question is who is leaking all these details? It could be the e-commerce companies, logistics partners, or third-party service providers to e-commerce companies. The points of leaks can be endless.
Local e-commerce companies treat your personal data like it doesn’t matter. Someone I knew in the industry, who worked in marketing, was regularly given dumps of customer data for manual segmentation. There was nothing in place to prevent him to take home all this sensitive information, and sell outside. Then there are logistics partners which ask for customer details like phone numbers during delivery.
Last year a market research firm reached out to me, saying they were doing a survey for Paytm. On being asked if Paytm shared my personal details with them, the person on the other end politely declined. I don’t even know what’s going on anymore.
The offline world isn’t any better. Most offline retail stores now ask for a phone number while checking out. They do this to send you text messages every now and then. Then there are loyalty programs at retail stores, petrol pumps, and all across. All this data finds its way into databases that are up for grabs.
Once the spamming begins there’s no DND (do not disturb) in the world to make it stop. These spammers find loopholes there too. Another area where this information gets misused is to steal users’ identity. Getting personal information makes it super easy for just about anyone to break into your personal accounts, be it a social networking website or a financial entity.
With the government expanding its coverage of Aadhaar, it’s only obvious for them to come up with privacy laws. Apart from protecting the rights of its citizens, it can also help instil a level of confidence amongst everyone for government projects like UID.
The same problems exist with privacy regarding Aadhaar. The ways in which both government and non-government entities are collecting Aadhaar numbers and putting them up on the web makes it a nightmare for everyone. Some educational institutions also go to the extent of uploading highly sensitive information like phone numbers, bank account numbers, Aadhaar number, etc. It’s only a matter of time before Aadhaar based databases go up on sale.
Privacy is shit, no doubt. What can one do about it? Not much. You can ensure you don’t buy online on shady websites. You could give out fake numbers at retail stores. But all this isn’t really bulletproof. One way or the other you’re likely to fall into their trap because nothing is keeping these guys scared from doing what they do.