Governance & Risk Management , Privacy
Facebook Controversy: India Raises Privacy Concerns
IT Minister Has Harsh Words for Social Media CompanyThe IT minister of India, where Facebook has 250 million users, is using harsh language to warn the U.S.-based social media company to protect users' privacy in the wake of the Cambridge Analytica scandal.
See Also: From Metadata Bottlenecks to On-Demand Insights
The personal information of tens of millions of Facebook users was leaked to London-based Cambridge Analytica, a voter-profiling firm that was hired by the campaign of U.S. President Donald Trump (see Facebook and Cambridge Analytica: Data Scandal Intensifies ).
Meanwhile, some security and privacy practitioners say the incident could be a catalyst for tougher privacy laws in India (see: Right to Privacy is a Fundamental Right, says Supreme Court).
India's information technology minister, Ravi Shankar Prasad, in a statement issued on March 22, declared that violations of privacy by social media companies are unacceptable.
"If any data theft of Indians is done with the collusion of the Facebook system, this shall not be tolerated," he said. "We have got stringent power under Information Technology Act. We shall use it, including summoning you in India."
Prasad also noted: "In the wake of recent data theft from Facebook, let my stern warning be heard across the Atlantic, far away in California. Any covert or overt attempt to misuse social media, including Facebook, to influence India's electoral process through undesirable means will neither be tolerated, nor be permitted."
Security Pros React
The Facebook scandal could prove to be a catalyst for change, some security professionals predict.
"Governments need to ensure they have adequate laws and regulations in place and are implemented strictly," says Shivangi Nadkarni, CEO at Arrka Consulting, a security consulting firm. "This incident will probably give Asia the necessary impetus to speed up the many measures that are already in place or are being rolled out."
Social media companies and those in other sectors need to make privacy protection a top priority, Nadkarni says. "This understanding needs to be propagated throughout the organization," he says. "Boards and senior management need to be made aware of the implications and formal programs need to be rolled out on privacy."
Implementing stricter privacy controls pays off in the long run, stresses Singapore-based Aloysius Cheang, CEO at an IoT and Smart City startup initiative that's in stealth mode. "There is no way to defer security because the costs of repairing it is going to be much higher than the cost of putting it in place," he says.
Unfortunately, however, too many companies don't see privacy protections as a good investment, Cheang says.
"Despite the potential high costs and serious repercussions [of a privacy violation], such as reputational loss ... and the mounting pressure from regulators, companies are mostly resistant because investment into data protection has no direct role in the companies' first and foremost objective - to generate revenue that ensure good profit margins," Cheang says.
The Facebook incident involved misuse of data by a third party. Nadkarni says preventing such incidents requires diligent monitoring, not just the use of security technology. She offers this example: "A bank outsources some activity to an external party while at the same time it makes sure the external party keeps it safe. But if the external party shares the data without telling the bank, technology can do little to control this."
Vaishali Bhagwat, a cyber law and privacy expert, contends that social media companies, including Facebook, need to be more closely overseen by a regulatory authority.
Not only regulation but a fast, cheap and an effective implementation mechanism is required to guarantee data privacy.#CambridgeAnalytics #privacy #dataprivacy #analytics #dataharvesting
— vaishali bhagwat (@vabhagwat) March 23, 2018
But balancing the right to privacy vs. technical innovation is tricky, some experts say.
"We have a long way to go to get this magic potion of balancing potential of digital innovation with individual data privacy," says Rama Vedashree, CEO at Data Security Council of India, a not-for-profit, industry body on data protection in India. "We can't afford to lock out the potential of digital and social media for an extreme rigid position on individual privacy and a highly regulated regime."