Whatever be our work, profession, hobby or food preference, one thing that binds us all is that we are consumers. Of products, services, entertainment, and of course advertising. We pay, with our money. And increasingly with our personal data. Recently, I enlisted to be a part of DigiYatra while flying. It has made my flying experience quite smooth. No more standing in a queue for 15-20 minutes to just enter the airport. The convenience of payments, and the thrill of online commerce, are, after all, the new monuments of Digital Bharat.
For these conveniences, I have traded some of my data. Facial recognition, linked to my Adhar card, and credit card details. Do I understand fully the consequences of doing so? Possibly not. Right now, I am thrilled to save time at entry and security checks at airports. For most of us, this is what our data journeys look like. We yearn to get to the other side, where exciting and useful things await. Where we save time, where we connect with the world. And we all know that there is no such thing as a free lunch. But what’s a reasonable price, and do we understand how this pricing works?
Indian consumers are increasingly embracing the opportunities provided by the online world. The advantages of personal and professional connections, validation and expression on social media platforms are being discovered. The virtual landscape has not only democratised access to information but has also made it more inclusive through non-text features. The ease of use and intuitive nature of online platforms, from social media to e-commerce sites, have become synonymous with the digital age. The convenience of one-click solutions and personalised interactions has become a staple in the lives of consumers. The allure of the digital realm lies in its ability to offer unprecedented access to a myriad of online services and personalised recommendations, creating an ecosystem that caters to individual preferences seamlessly.
While consumers revel in the mostly free access to digital services, their access is largely paid for by the advertisement-based economy. The underlying business models involve intricate processes of data collection, processing and sharing.
Consumers today find themselves already inundated with requests for consent to share data, without a full understanding of the implications. This is true in both the online and offline worlds. The asymmetry of information and power creates an implicit coerciveness that pressures individuals to say yes without fully understanding the implications. Consumers are usually unaware of the limits of those permissions. It may also be confusing to a lay consumer when some of these permissions may not fully seem logical to them; for example, a music site might ask for permission to access photos or contacts. The boundaries on what is being asked appear not to be evident. Beyond the digital realm, this is true of documents like credit card agreements and house purchase contracts, where consumers often feel they have little power to negotiate.
Companies, bound by legal scrutiny, tend to present consumers with intricate clauses in terms and conditions and data policies, leaving them to decipher the fine print. The impatience and almost necessity to get on to what lies beyond consent usually make consumers click the ‘I agree’ button without reading through heavy-duty legalese. Therefore, while ‘informed consent’ is obtained, one could question whether this needs to give way to ‘meaningful consent’ that acknowledges the inherent asymmetry of power. The shift from informed consent to meaningful consent requires clear explanations of why certain data is requested in a way that is not overwhelming for consumers.
The proliferation of IoT devices introduces an additional layer to the ongoing trade-off between security and convenience. Smart home devices, wearables and connected appliances enhance daily life but also pose potential vulnerabilities, raising privacy concerns. As consumers continue to adopt these technologies, the line between discretionary data sharing and privacy breaches could blur.
The notion of privacy is transforming too, as greater individualisation makes consumers draw sharper boundaries around themselves. In India, there is also a growing anxiety about personal data security on account of the numerous cases of fraud and scams that seem to be occurring with alarming regularity. As this experience increases, the idea of safeguarding personal data takes root. However, the online protection space, rife with complexities such as passwords, OTPs and subtle changes in URLs, becomes a potential blind spot, exploited by scamsters who prey on consumers.
As the law attempts to address these complexities, questions arise about whether it can fully provide the desired protection for consumers. The evolving landscape of technology often outpaces legal developments, leading to concerns about the true efficacy of legal frameworks in safeguarding individual privacy. While the law must strive to provide meaningful protection that aligns with consumer expectations and fosters a balanced and fair digital ecosystem, the more robust solutions may well lie in a ‘privacy by design’ approach. Rather than cumbersome and clumsy layers of consent-seeking, there is a need to embed consent in simplified ways in the hands of the consumers. Technologies to manage consent at a device or browser level are already being tested. Brands and companies that can resolve consent meaningfully for consumers have the opportunity to gain greater trust in a privacy-seeking market. Informed consent, after all, is the minimum requirement of the law, but meaningful consent is what can build brand trust.
This article is penned by Manisha Kapoor, CEO and Secretary General, of ASCI.
Disclaimer: The article features the opinion of the author and does not necessarily reflect the stance of the publication.