Online “consent” is, therefore, a false choice for most Indians. However, consent is also the fulcrum of India’s fast-growing data ecosystem. The Data Protection Bill under consideration by Parliament lists consent as a legal ground for data processing. It also requires that consent be freely given, specific, informed, unambiguous and revocable — all legally-sound objectives, but difficult to achieve in practice. Last year, NITI Aayog sought public comments on the Data Empowerment and Protection Architecture (DEPA), a system that will connect an individual’s financial, health, telecom and other data so that it can be moved from one provider to another. DEPA intends to use consent to ensure that users remain in control of their data.
Through DEPA and other similar initiatives, India is poised to accelerate its innovation economy by using data to create innovative products. But consent is broken, and relying on it to enable responsible data sharing seems inadequate. Which is why we need new ideas to give users greater control over their digital destinies.
Second, regulatory bodies need to step in to guide customers. Consumers do not have the time or knowledge to go through privacy policies. It would also be unfair to expect them to. In other sectors, regulatory bodies step in to bridge this information gap. The food regulator’s food safety certifications and the Bureau of Energy Efficiency (BEE)’s rating guides have become part of our everyday lives. Similarly, a “privacy rating” for apps can help individuals make more informed choices about their data. Such “rule of thumbs” can help them cut through the jargon, trust businesses more and share more data. In Ashoka University’s experiments, users shared more data with apps that had a higher privacy rating.
Third, governments and industry associations can play an enabling role by running innovative awareness campaigns that leverage local contexts, and relatable narrative styles. In early 2020, BigFM ran a 10-episode radio show called Zindagi Mobile, where storyteller Neelesh Mishra weaved privacy-related messages into fictional stories of everyday Indians. This included messages like logging off from public computers, and not sharing phone numbers easily. The show reached 140 million Indians in five languages, achieving the number 1 slot in Mumbai, Kolkata and Bengaluru. An independent impact evaluation of the show found that it led to greater privacy-consciousness among listeners, and better online behaviour, such as checking the veracity of information before forwarding it.
Despite these promising innovations, the “burden of proof” on privacy should rest with providers rather than consumers. Businesses should act as fiduciaries of user data and act in the best interest of the user than simply maximising profits. Regulators can create a new class of intermediaries that warn consumers about dangerous practices, represent them, and seek recourse on their behalf. By educating and empowering every Indian, we will enable her to participate fully in India’s digital economy, and thereby create a meaningful digital life for every Indian. Only then will the true potential of Digital India be realised.
This article first appeared in the print edition on January 18, 2021, under the title “Before Clicking ‘I Agree’”. The writers work at Omidyar Network India, an investment firm