Mozilla, the company best known for the popular Firefox browser and one of the key players in the privacy debate across the world, does not think it is right to suggest Indian companies are unaware of the risks when it comes to data privacy or do not know of laws in other parts of world.
Urmika Shah, Lead Product and Data Counsel at Mozilla, who was part of a round-table discussion on privacy matters last month with some of India’s biggest online companies, says the group was very knowledgeable about the laws, including in other places like the GDPR, and the upcoming law over here. “A lot of these companies are already on their own initiatives thinking about privacy and have taken a lot of measures within their services that are more privacy or security protective,” Shah told indianexpress.com on her observations from the discussions.
The discussion saw participation from companies like Zomato, Ola, Practo, Ibibo, Zeotap and others to look into the issue of data privacy and security. The closed-door discussion is part of a larger Mozilla initiative to initiate a discussion around data privacy with internet companies across the world. Mozilla also launched its own Lean Data Practice website this year as a public resource for organisations trying on how to work with data privacy, security of user data, and prepare security breaches.
In a telephonic interaction Shah explained that the company has been conducting such workshops in the US as well, and in countries in the European Union.
Amba Kak, Mozilla’s Public Policy Advisor in India, says the company has been actively participating in the privacy law discussions and already made submissions to the government of India.
One of the points of discussion was around user data and controlling access, especially when it came to their own employees. “How do you ensure what employees have visibility into what user data…you know making sure that it is not the wild wild West. The companies also recognised that such protections for data control are essential once you reach a certain size,” Kak says.
But one of the challenges in India remains that the user base does not realise the privacy risks at hand. Still many companies have realised that this should be taken to mean that users do not care about privacy at all.
But what about companies going lean on data, which cannot be easy, considering many have business models which relies on collecting this?
“I think the tension around this topic was acknowledged. I think that what the recognition was there are ways like anonymisation, there are ways of going back and looking at whether you still need this kind of data. Companies were talking about whether they need more innovative ways to manage large data sets so that the values can still be extracted, but the risk is reduced. No one was opposed to that,” Mozilla’s Data Counsel adds.
One challenge to lean data though comes from companies relying on more machine learning techniques, where more data is needed to improve the training models.
“For folks trying to really leverage their business on machine learning techniques, for them, the conflict is a little more stark. But I think like there is always an opportunity to do a data audit and say, ‘What are the data categories we need, so we still need them after a year,’ Kak says.
Kak says lean data means you know what you have. “So then if you know that there’s a category of say, sensitive, then you can scrutinise it and check whether you still need it. Otherwise it becomes a risk on your books.”
On the upcoming Indian law on data privacy, Kak says there was an acceptance that a law is useful in this space, and at these baseline standards are here to stay. Another key concern raised was around police requests, which can often be very broad in India.
“Companies are worried about police requests. They see these requests coming in, and they feel that they’re very overly broad and they’re compelled to respond. So that if there was legislation to address that would be better, not only for end users but also for the companies,” Shah adds.
“We at Mozilla have been advocating for this. We also face it as a company, where you don’t want to compromise your own user privacy because of a overbroad request.”