As far back as 2005, Paris Hilton found herself at the receiving end of a security breach. Among the security questions asked to access her phone data, was the name of her favourite pet. The hacker guessed the password – the name of her Chihuahua at the time. That was all it took to get into her T-Mobile. Overnight, her address book went public and celebrity phone numbers were revealed to the world.
That was over two decades ago, thankfully in the era before smartphones, when banking transactions, private videos, and WhatsApp messages hadn't yet found their way into the palms of our hands. Since then, the evolving digital landscape has resulted in a growing online data economy. This makes all of us vulnerable to compromised data privacy, but women are particularly at the receiving end.
‘Data privacy or information privacy is essentially the proper handling of sensitive data provided by individuals online, in full confidence,” says data analyst Unnikrishnan Menon. ‘This could include personal data, financial data, intellectual property, private emails and so on. Data privacy is often confused with data protection, but the two are technically different. Data protection refers to the process of ensuring that valuable data is not lost, or corrupted. It involves creating backups, proper storage, and maintenance. Websites, social media platforms, and apps, collect data from customers, but not all of them can guarantee privacy. Everyone has the right to privacy, even in the digital world. So, it really should be up to an individual whether they want to share certain data, to what extent and for what purpose.”
Digital rights organisation Privacy International recently conducted a study, which revealed that some menstruation apps in India share data with social media platforms such as Facebook, about women’s menstrual cycles, ovulation, physical symptoms, moods, and so on. This enables Facebook to release targeted and personalised ads. The findings also revealed that women, while facing a greater threat, also had lesser awareness about the downsides of data privacy breaches.
‘Businesses do need some data to provide better service and data-driven growth. However, we need to strike a balance between this, and the right to privacy,” says Unnikrishnan. ‘Until recently, there were no laws in place to regulate any kind of transparency in how data was being used. However, in August 2023, the Digital Personal Data Protection (DPDP) Act was passed in India, which could potentially be a game changer if women know how to use it effectively.’
As per the Ministry of Law and Justice, the DPDP Act is ‘An Act to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto.’
This gives individuals autonomy in deciding how much data they are willing to share online, and also provides transparency about how the data is going to be used or shared. It also covers data fiduciaries or collectors and data processors. Businesses have since been required to rework their digital and data practices in compliance with the Act. However, literacy about data privacy still needs to be addressed, especially among women users. The Act aims to put India on par with global standards of data privacy, and makes provisions similar to the GDPR implemented by the European Union. However, its implementation depends on how businesses and consumers – especially women - respond to it. The penalty for offences can be quite hefty, sometimes going up to ₹250 crores.
Data privacy involves a range of steps – right from guarding data against hackers to preventing digital platforms from passing it onto third parties. How can women equip themselves to ensure data privacy? Dr Shraddha Sharma, LA-based cyber security engineer has some simple pointers:
1. Are you one of those people who simply skip reading the privacy policy because it is a long and laborious endeavour? Perhaps it’s time for you to reconsider – even if you think the company or website is legitimate and beyond reproach. They may be designed to put you off, but it is particularly important to get into the fine print, before signing up for anything.
2. Don’t give out your information unless you are convinced that you really require the app or website, and are assured that they will protect your data. Figure out if they specify upfront what exactly your information will be used for. If they don’t, reach out to them and ask.
3. Limit permissions on apps. You probably do not need to give them access to your photos, videos or location. The same applies to social media accounts. You shouldn’t give out information that could lead to a potential breach.
4. Delete cookies as often as possible, along with your browser history. If you can, then disable cookies completely.
5. Do not open suspicious links from unknown or unfamiliar senders either on your computer or phone. Do not fall for scams that claim you’ve won a million dollars in the lottery or a free safari in Africa.
6. Use strong passwords; your birthday or spouse’s name could be a rather obvious choice, making it easier for someone to access your private data. Keep your phone and laptop password or fingerprint-encrypted always, so that your data is protected even if devices are stolen.
7. Be careful while using the Wi-Fi in public places such as cafes. Your phone data is safer.
8. Use a VPN for added security, to hide your browsing history. I would recommend that every woman does this. Even if you’re simply using your tablet to watch Netflix.
9. Ensure that the platforms you share data with have some security measures in place, such as encryption, access control and/or two-factor authentication.
10. Be regular about renewing your antivirus and updating software. This may seem trivial, but can lead to lapses in keeping information private.
Prevention is better than cure, so tread with caution before sharing your data. If you feel that your privacy has been violated online, keep yourself abreast of your legal rights and reach out to the concerned business. After all, as actor Marlon Brando said, well before data footprint was a thing, ‘Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite.’