We hear much conflicting information about what we should and shouldn’t be posting online. It’s confusing and unnerving not to know what we can do to protect ourselves.

Individual responsibility is important, but we are at a stage where it is not sufficient. The problem is much larger than any one individual’s ability to control their personal information, because there are so many new ways every week or every month in which we can be tracked or things can be inferred about us. It’s absolutely unreasonable to expect consumers and citizens, who are all engaged in so many other activities, to also have the ability to continuously update their knowledge about what new tracking method the industry has discovered and to be able to fend it off.

Right now in India it’s essentially the case that when you post information online, you give up control of it. So there are terms of service which are mandatory under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 that regulate the sites you use, like on Facebook and Twitter and Pinterest — though those can change — but even within those, you’re essentially handing control of your data over to the companies and implementation of those rules are far fetched. And they can kind of do what they want with it, within reason. You don’t have the legal right to request that data be deleted, to change it, to refuse to allow companies to use it. Some companies may give you that right, but you don’t have a natural, legal right to control your personal data. So if a company decides they want to sell it or market it or release it or change your privacy settings, they can do that.

According to the rules mentioned above, Sensitive personal data or information of a person means such personal information which consists of information relating to;—

  1. (i) password;

  2. (ii) financial information such as Bank account or credit card or debit card or

    other payment instrument details ;

  3. (iii) physical, physiological and mental health condition;

  4. (iv) sexual orientation;

  5. (v) medical records and history;

  6. (vi) Biometric information;

  7. (vii) any detail relating to the above clauses as provided to body corporate for

    providing service; and

(viii) any of the information received under above clauses by body corporate for

processing, stored or processed under lawful contract or otherwise:

In Europe, users have more of a right to their data, and recently there was a decision in Spain where a man had sued Google because when people searched for him, it was coming up with information about financial problems that he had had a long time ago.

So in Europe users have legal right over their data in a certain way, but its not the scenario in many of the countries. There should be more stringent rules regulating this thin line where companies are using user data for their profit.

People should be made more aware about the kind of information they share and the information which is going to form part of the database by the companies for their profits. Now a days one just cannot foresee that who, when and where his information is going to be used and for what purpose. It is advisable to think 10 times before putting out any information on the internet, because once it is there it is beyond your control.

This information we give out is going to get into the hands of companies, governments, and could potentially be used in evil ways. I don’t think not using the services provided by the intermediaries (Body Corporates) is the solution to that. The only solution is a legal one where people have control over how their data is used and there are limitations and real regulation on data brokers and other companies that have this data, we need the amendment which regulates every minute aspect of information and we need it fast.

If an intermediary fails to protect your Sensitive personal data/information then you have a remedy in the form of a Complaint before the Hon'ble Adjudicating Officer of the respective state.

Website - www.netlawgic.com

LinkedIn - in.linkedin.com/in/rajaspingle/

Facebook - https://www.facebook.com/pages/Cyber-Crime-Awareness/246665595391183?sk=timeline

Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for education and awareness purpose and merely a possible interpretation of the law. Image copyrights are with the respective owner.