Privacy policies online are illegible and 'consent' is broken. New ideas are needed
Photo credit: PCMag India
By Varad Pande and Shubhashish Bhadra.
The last time you used an app, did you read its privacy policy before clicking "I Agree? If not, don't worry" such policies are not designed for easy reading. With reams of legal jargon, most are as difficult to read as the Harvard Law Review. A survey of 155 college students in Delhi found that even law students could understand only about half the clauses. Most policies are exclusively in English, which is clearly inadequate in a country where no more than 12 per cent are comfortable with the language. A human-centric study across India found that even people who couldn't read or write, when made aware of what they were consenting to, cared deeply about it. They wanted a square chance to assess trade-offs, but felt they didn't usually have such a choice.
Online “consent” is, therefore, a false choice for most Indians. However, consent is also the fulcrum of India’s fast-growing data ecosystem. The Data Protection Bill under consideration by Parliament lists consent as a legal ground for data processing. It also requires that consent be freely given, specific, informed, unambiguous and revocable — all legally-sound objectives, but difficult to achieve in practice. Last year, NITI Aayog sought public comments on the Data Empowerment and Protection Architecture (DEPA), a system that will connect an individual’s financial, health, telecom and other data so that it can be moved from one provider to another. DEPA intends to use consent to ensure that users remain in control of their data.
To know more, read the full article here.