Tracking individuals online, even in an ostensible bid to guard against theft, can have unintended consequences, as the recent suit filed against Apple Inc. indicates. An 18-year-old US college student filed a $1-billion lawsuit against Apple on 22 April, claiming its facial recognition software falsely linked him to thefts at several stores. In his suit, the student alleged that Apple’s software “negligently" tied his name “with the wrong face" and gave him “no recourse to correct the error". The matter will be decided by a court of justice, but the fact remains that protecting an individual’s privacy in today’s increasingly digital world is not just a challenging task, but an imperative. Data analysis done with sophisticated tools of analytics can lay an individual bare to companies and governments alike. Several countries have rules that require telecom services providers to retain traffic and location data generated by mobile and landline phones, as also fax and email messages, ostensibly to tackle crime and terrorism. India’s data localization rules also mandate that all data generated in India must be stored in the digital memory of servers within the country. However, nothing can stop the government from accessing this data under the garb of keeping the nation secure.
Indeed, the Constitution does guarantee a fundamental right to privacy, a right that was upheld by a decision of a nine-judge constitutional bench of the Supreme Court in August 2017, but “reasonable restrictions" can be imposed in the “interest of the sovereignty and integrity of India". Tracking individuals has become all the more easy with Artificial Intelligence (AI) technologies, especially machine learning, deep learning, computer vision, natural language processing and face recognition. On their part, users of networked devices should understand that there is no free lunch when it comes to sharing personal data such as images, posts and preferences (likes, dislikes, and so on) on social network platforms. While your smart phone and its apps can make you a lively socializer and an efficient employee, they do so with the aid of all the information they collect as a trade-off. Apps, for instance, can read your “status" and identity, pin your approximate location, take pictures and video clips, record sounds around you, call phone numbers directly, and scan, modify or even delete the contents of your memory card. It’s not that we have much of an option, since we are denied access to key features of an app or website unless we agree to part with our personal data. Besides, reading the privacy policies of most apps involves an endless scroll-down of text, so most of us simply skip the details and sign up blindly.
It is unfair to shrug the issue off by saying “user beware". For us to trust companies that mine data, they should not shirk their responsibility of safeguarding our personal details from third-party apps and other entities that could harm us. They should have privacy as our default option, by design, with opt-in consent obtained for using specific stuff needed to offer us special services. Legislation could push the cause along. The European Union’s General Data Protection Regulation system is being studied globally as a model for data protection. It imposes heavy fines on businesses that do not comply with this law. The US, Canada and Thailand have similar—if less stringent—laws. There’s no reason why India can’t tighten its privacy provisions.