In an age of leaks, just lock your data & sell it
Using your data to analyse behaviour trends is also acceptable, if only aggregated, secondary data is made public.
The concept of “information asymmetry” was taught using the well-worn example of a secondhand car salesman who uses his insider’s knowledge to sell a “lemon” (a defective car) to the innocent buyer. The new-age example of information asymmetry relates to data.
Visionary business leaders know that “data is the new oil”. But the average person allows free access to his or her digital data merely in exchange for downloading and using an app, such as Facebook, Google, Twitter, YouTube or Amazon, for free. The asymmetry is that individual data is worth a lot less than data collected at scale. The latter generates enormous value by targeting advertisements and influencing minds. Resolving problems of information asymmetry is a typical regulatory function. But it has been managed lackadaisically in the digital world, at least so far.
A Constitution Bench of India’s Supreme Court had decided on August 24 last year that the right to privacy was a fundamental right for every Indian citizen, akin to the right to life and liberty or the right to freedom of expression. The court had stressed, however, that it was not creating a new right and was not, therefore, judicially amending the Constitution. It was merely enumerating the core components of the pre-existing rights in Article 21 to life and liberty.
Life and liberty are recognised as natural or inalienable right. The State can only restrain them lawfully, going through due process, and then too only in a reasonable manner. The judgment serves well the purpose of guarding individual privacy against intrusion by the State. A problem arises, however, if an individual agrees to sell his or her data, his/her opinions or his/her experiences. Natural rights being inalienable cannot of course be sold. You cannot end your life for money or any other inducement. You cannot also voluntarily revoke your right to liberty and become a slave, no matter how much the reward. Techies, some of whom work 24x7, would be surprised to hear this. Treating privacy as a natural right and yet allowing for its sale with consent will have to be reconciled. There is a long history of the right to sell your privacy, such as in publishing a memoir.
Meanwhile, Big Data is too valuable not to be used by social media and digital search, share, see and sell companies. Explicitly contracting with users to compensate them for using their data is one way forward. The Justice Srikrishna Committee report will likely show the way to legislate the do’s and don’ts on data protection.
In the meantime, the government can help by educating the public about the consequences of clicking the consent button on websites and apps — something that we all do without a thought. Tech companies could also do better. At present, they do inform users about the type of data that they intend to access, but what is less clear is how they intend to use this data. A clear distinction must be made between three types of use.
First, using your private data to target advertisements of products and services that you may want. Second, using private data for generating useful secondary data for sale like analysis of market trends and forecasts. Third, selling raw private data to a third party.
The Aadhaar leaks and the leak by Facebook to Cambridge Analytica of the raw data of 50 million American users are the third type of use, which can only be termed mala fide. Since there was no consent, such leaks should have both criminal and civil consequences — punishing the offenders, including those who leaked, and the collaborators who used the data, and in addition compensating the victims. Mere possession of stolen lists of raw data should be punishable as dealing in stolen goods under the Indian Penal Code. The source of the leak should be booked for theft, or at the very least, for criminal negligence.
Using your data to drive advertisements to you is the least pernicious of the three types of use. You can always choose to not view advertisements. Using your data to analyse behaviour trends is also acceptable, if only aggregated, secondary data is made public.
James Madison, one of the framers of the American Constitution, had put it very well. For him, if there is a right to property, the right itself become property, which can be transacted. Applying this logic, one can make the right to privacy something that can either be enforced or alternatively, sold or gifted, at the will of the owner. This seems to be a practical approach.
Tech companies desirous of being legally in the clear could start compensating customers who explicitly agree to having their data analysed and outed as secondary data, or even given out raw. Paying users through discount coupons on purchases or even by picking up their Internet access charges could generate the underpinnings of consent and contract. If the user remains free to choose any transmission provider, despite the social media site picking up the monthly bill, the Net Neutrality principle, which had killed Free Basics earlier, could also be complied with.
Meanwhile, cryptographed network and analytics tech companies, launching soon, aim to provide a “question and answer” service. Customers could query it about specific markets. “Fetch”, one such tech company, proposes to provide the answers, using primary data from contracted-in data sets of other companies, while ensuring that the primary data is kept secure.
Till now, the government has sensibly regulated technology companies very lightly, in order to avoid killing the spirit of innovation. Those days are now over. The government must ensure the impending privacy legislation is fit for the purpose, but also provides for the potential to monetise private data. Not doing so would be a massive social loss.