MillenniumPost
Home > Sunday Post > In Retrospect > A ticking time bomb
In Retrospect

A ticking time bomb

BY MPost15 Jun 2024 7:15 PM IST
A ticking time bomb
X

Data is the new currency — a tool that is enabling information exchange, facilitating transactions at record speeds and flowing across borders, touching lives and businesses alike.

While its role in nation-building is unequivocal, the associated risks to privacy and security have also amplified calls for states to protect the constitutional rights and welfare of their citizens. The Indian government has enacted data localisation measures — such as enforcing a data replica to be retained locally or restricting cross-border data flows — in various jurisdictions to hold big tech companies accountable for misappropriating sensitive data.

India is a rapidly rising digital power but leans on technological self-reliance through protectionist data measures in favour of domestic firms and encourages indigenous technological innovation to boost its overall digital economy. India prefers to behave like a custodian of its citizens’ data while seeking to become a global data centre hub.

Geopolitical issues such as foreign surveillance and information warfare intersecting with India’s core strategic interests have also recently intensified domestic debates on securitisation dynamics involving data. As a conservative state, India’s data policies are anything but laissez-faire. A 2018 report released by the Srikrishna Committee flagged that, without adequate safeguards on public databases and systems, critical data comprising health, infrastructure and government services could be compromised by foreign nationals or potential treasonous actors.

The issue of location tracking goes beyond just privacy. It’s about protecting our fundamental rights in today’s digital world. To navigate this, one must stay informed, push for stronger regulations, and take steps to safeguard our data and privacy. This includes being aware of evolving technology and its impact on online privacy.

The latter is a multifaceted topic but location tracking stands out for its straightforward implications amidst the complexities. Imagine a map showing the detailed locations of your movements, laying bare your habits, relationships, and even vulnerabilities in times of crisis. It’s clearly a breach of privacy that strikes at the core of our personal autonomy.

The market for location data is a staggering USD 12 billion plus annually. However, it has its privacy pitfalls. Location data can encompass a wide array of details, from medical visits and shelter stays to religious practices and even our children’s whereabouts. The precise location is particularly concerning among the trove of personal data brokers collect. We’re talking pinpoint accuracy, sometimes down to a car length. State laws are starting to catch up, labeling this as “sensitive personal information” and mandating explicit consent before collection.

Most of us carry smartphones with GPS capabilities, allowing apps and services to pinpoint our whereabouts with remarkable accuracy. Consider, for instance, the plethora of apps on your smartphone that request access to your location. While some requests are legitimate and necessary for the app’s functionality, others may have more dubious intentions. It’s not uncommon for apps to collect location data for purposes unrelated to their primary function, such as targeted advertising or selling to third-party data brokers. And once it’s in the hands of a data broker, it’s entirely out of your control.

Furthermore, the rise of Internet of Things (IoT) devices has expanded the scope of location tracking beyond smartphones. Smart home devices, wearable fitness trackers, and even modern vehicles are equipped with GPS technology, constantly generating data about our movements and activities.

While this technology has undoubtedly improved convenience in various aspects of our lives, it raises significant concerns regarding privacy and security.

While many companies claim to obtain user consent before collecting location data, the reality is often more complicated. Lengthy terms of service agreements filled with legal jargon make it challenging for users to fully understand what they’re agreeing to. Additionally, the opt-out mechanisms provided by many services are often buried deep within settings menus, making them difficult to find and use.

Despite these challenges, there are steps that individuals can take to protect their privacy in an increasingly surveilled world. Simple measures such as reviewing app permissions, disabling location services for non-essential apps, and using virtual private networks (VPNs) can help mitigate the risks associated with location tracking. Only allow location sharing when necessary, check who has access to your information, and consider using privacy tools like Apple’s Private Relay. Also, ensure the companies you interact with are transparent about handling your data. We can create a safer digital environment by understanding privacy policies, managing permissions on devices and apps, and supporting privacy-conscious companies. Additionally, advocating for stronger privacy regulations and holding companies responsible for their data practices can help address systemic problems in the industry.

For companies engaging third parties, know who they are and utilise contract controls. Outline the permitted data uses and prohibit the sale or transfer of precise geolocation data. Educating developers on data usage limits is crucial, too. Try to limit the amount of third-party code implemented on your platforms. Identify which third parties use geolocation data. Make sure that prompts are enabled to ask users to consent to location data sharing.

It’s so ingrained in our day-to-day lives that even car companies are collecting our personal details and sharing them with third parties for financial gains.

Smart technologies built into new Toyota cars are collecting personal data and potentially sharing it with insurance companies and other groups, consumer advocate group Choice has found recently.

Toyota has insisted it takes customer privacy “extremely seriously”, but has acknowledged the data communication module (DCM) – known as the “Connected Services” feature – can only be disabled but not removed from its cars, or else drivers could void their warranty and render Bluetooth and speakers non-functional.

Following an investigation, Choice has found Toyota’s “Connected Services” feature “collects information such as vehicle location, driving data, fuel levels, and even phone numbers and email addresses”.

Privacy problems are becoming a widespread concern with cars, as just about every new vehicle seems to have a ‘smart’ connection installed. People shouldn’t have to give up their privacy rights in order to purchase a new car!

To add to our plight, there are more such examples.

In 2022, Google paid USD 400 million to settle a lawsuit for continuing to track people’s location data even after users opted out of such tracking by disabling the company’s “location history” feature.

In 2020, Facebook acknowledged similarly deceptive behaviour in response to congressional queries.

A 2019 study of a million free mobile apps revealed that the majority are simply conduits for funnelling personal data — including location — to third parties and that such practices are mostly undisclosed.

In the broader perspective, sectoral regulators have taken the first step by further developing the existing sector-specific data protection obligations. In the recent past, regulators such as the Insurance Regulatory and Development Authority of India (IRDAI), Securities and Exchange Board of India (SEBI) and the Reserve Bank of India (RBI) have issued guidelines to their respective sectors, which inter alia also require regulated entities in the respective industries to undertake higher security measures for storage of data, privacy and confidentiality. Lately, the regulators have focused on the key impact areas, including cybersecurity and data storage on cloud services. These developments reflect the general interest of the government in equipping itself for sectoral data privacy issues — a domain that requires immediate attention and supervision.

So, next time, if you don’t want to let anyone know where you are or where you’ve been, you could try turning off your phone’s GPS or uninstalling prying apps. But rest assured, this will not keep your location data private. The level of control we have over our location data is a lot more limited than most people think.

You can disable GPS, but that won’t stop third parties from tracking you. As long as a person’s phone is on, their location can be traced, whether through their IP address, Wi-Fi networks or cell towers.

Location data provides a skeleton key into all aspects of someone’s life. To find out who someone is, just look at where they go.

Interestingly, by itself, location data is of greater value to data vendors, marketers, government agencies and law enforcement than all other categories of personally identifying information (like name, address, phone number, email address, etc.) combined.

The disconnect between privacy protection laws and modern technologies is getting harder to ignore. Legacy laws covering older methods of privacy invasion cannot account for the myriad ways modern technology can remove a person’s right to be a private individual. More so, in today’s AI age!

Views expressed are personal.

MPost

MPost


Next Story
Share it
X