Facebook breach: Privacy advocates in India seek stronger data laws
Privacy advocates in India underlined the urgent need for stronger data privacy laws in India with the debate coming under focus after reports alleged that British data analysis firm Cambridge Analytica had tapped into the profiles of more than 50 million Facebook users, without their permission, during the last US elections.
The article by Surabhi Agarwal and Devina Sengupta was published in the Economic Times on March 20, 2018. Pranesh Prakash was quoted.
Advocates of data privacy told ET that even in India — where issues around data privacy have been on the boil — voter opinion may be targeted by using their personal information without their approval. “The government has not moved with necessary pace on data protection,” said advocate Apar Gupta.
“Election commission (EC) has not taken up this issue of data protection for regulatory scrutiny. EC has in the past issued guidelines to protect election integrity and restrained exit polls and also required candidates to disclose social media handles. However, much more needs to be done,” he added.
His concerns around India’s voting process being potentially vulnerable to similar influence like in the US come amid a “case study” on the Cambridge Analytica website said the company had worked for Indian political parties as well.
It said that the British firm was “contracted to undertake an indepth electorate analysis for the Bihar Assembly Election in 2010…Our client achieved a landslide victory, with over 90% of total seats targeted by CA being won”.
Media reports quoted sources at Cambridge Analytica, and its Indian partner, Oveleno Business Intelligence, as saying that the local company was in talks with leading Indian political parties for a pact for their 2019 parliamentary poll campaigns.
“This shows integrity of elections and voter trust may be undermined through data analytics and target voters on the basis of their personal data,” said Gupta Pranesh Prakash, policy director at Center for Internet and Society, said India urgently needs a strong data protection regulation, that require companies to have oversight and pin liabilities on them if they fail to have oversight over data they transact with.
“So, in this case for instance, the companies that provided Cambridge Analytica DATA are seriously culpable and Facebook --right now it is unclear if under any current law it is culpable --there are some discussions in the US etc. Regardless of it, they should be required to exercise greater diligence when it comes to personable data that they have taken consent for,” said Prakash.
“Protecting people’s information is at the heart of everything we do, and we require the same from people who operate apps on Facebook. If these reports are true, it's a serious abuse of our rules.
All parties involved — including the SCL Group/Cambridge Analytica, Christopher Wylie and Aleksandr Kogan — certified to us that they destroyed the data in question. In light of new reports that the data was not destroyed, we are suspending these three parties from Facebook, pending further information. We will take whatever steps are required to see that the data in question is deleted once and for all —and take action against all offending parties.”
In a statement to ET, Facebook said there was no breach of its data base and that protecting people’s information was core to the company. “Like all app developers, Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked,” Paul Grewal, VP & Deputy General Counsel, Facebook said.