Tale of consent: Preventing exploitation of private data

As we move towards the epitome of a capitalist economy, an odd pattern has emerged among some of the largest commercial corporations. The agencies that an individual is surrounded by, Google and Facebook, in particular, provide users with ‘free’ products.

How do these companies make so much money without selling anything directly to their users? As we begin to answer this question, we uncover a shocking truth. Users might not pay for these services in terms of money, but they surrender their personal information to these companies. This gives us an idea of the value attached to one’s information in the digital world and makes us realize the importance of preventing exploitation of this information.

Beneath the super-convenient interfaces that we find ourselves using every day are a complex network for data collection mechanisms. With our activity being logged at every instant, our social media footprint, our search queries and our shopping preferences all offer a window into our personal lives. On top of that, every financial transaction we make is tracked and correlated in ways beyond our comprehension.

There has been a lot of regulatory interest and awareness about data privacy, not just in India but worldwide. The EU General Data Protection Regulation (GDPR) is one of the prime examples. In light of these developments, it is crucial to identify and provide solutions to the concerns around data in the digital world. Privacy might be a fundamental right, but these companies continue to function within legal bounds because consumers provide their consent to the use of their data. However, whether this consent is an informed one or a coerced one is a distinction that needs to be made.

The contracts that a digital consumer agrees to are dense and complex, making it difficult, if not impossible, to effectively assess the implications of agreeing to their terms. Further, combined with the sheer number of contracts we end up signing, there seems to be a diminished consent as it becomes impossible for us to actually understand the extent of the implications of our consent on our privacy. In the context of consent infrastructure, Sumant Srivathsan of the Publicis Groupe said that the primary problem is that “it’s obfuscating language, and when the language is designed to either confuse or obfuscate the person from whom consent is being acquired, that’s bad faith.”

Therefore, contracts assigning consent to user information ought to be made more accessible to the consumers. A possible solution to the problem of diminishing consent is a shift in the presentation of the terms and conditions to a real-time structure, allowing the user a perceivable awareness of the information transactions at every point of one’s usage.

There also seems to be a deeply embedded power imbalance between the two parties leading to a form of coerced consent with data subjects having no other pragmatic option but to consent to privacy policies and terms dictated by these companies. Consumers develop a dependence on services like Facebook, Instagram and WhatsApp given their reach and the importance they hold in interpersonal and business relationships.

Consequently, withholding consent would have a significant negative impact on consumers. They stand to lose significantly in an ‘all or nothing’ scenario, where they must either agree to the privacy policy or forfeit the use of the service altogether. The absence of any alternatives further enhances the dependency on such services, undermining the genuineness in the individual’s choices and bringing forth a clear element of a coerced consent.

Google, having received an adverse reaction over the amounts of user data it gathers has presented its new privacy features at I/O 2019. By extending the “incognito” feature across all of its platforms, Google will allow its users to deny access to private information without compromising the usability of the service.

Such an unconditional access remains to be a dream in the context of India with the threat to coerced consent manifesting in extreme forms. Government identification platforms like Aadhar make it mandatory for citizens to give up their biometric information and not doing so would entail significant disruptions to one’s daily interactions. To offer an uncompromised access as the one Google promises to provide, legislations ought to be put into place to ensure consumers are provided with an alternative to using the same service without being coerced into giving consent to their private data. The following strategies can be adopted to give better access to the consumers about the terms and conditions –

1) A clear, simplified and easy to understand Terms and Conditions (T&C) needs to be placed to the consumers before letting them access to any online services,

2) Consumers should be well-aware of the usage and consumption of their personal data upfront before accessing the services,

3) a periodic notification needs to be sent to the consumers to let them know how their personal data has been used so far, any change in the T&C that might affect the end-users, etc.,

4) in fact, a separate team needs to be involved from the service provides to examine if some unconscious actions or promises given by the consumers may lead to further disruption such as private data thieving, browser behaviour tracking, etc.

After all, the data generated by the consumers is no less worthy than any financial asset to the service providers, and who is better than them to understand how to protect their own asset well!

By Tanmoy Chakraborty, Assistant Professor (CSE), Indraprastha Institute of Information Technology- Delhi