Sriram Viswanathan

Music, Software, Privacy, Poetry and more...

Privacy - 1 - Awareness

Let’s start with a hypothetical situation -

You are craving ice-cream and it’s midnight. You open your phone and go to Zomato or whatever app to order your ice-cream and to your amazement, the app shows the ice-cream shop as “not available to order”. You can click on this text to get more information - it says “Your latest health report says that you are type-II diabetic and should not be eating ice-cream. If you want to override this behaviour, please talk with our customer care”.

For the app to arrive at this conclusion of preventing you from ordering the ice-cream you so badly want, it needs/should have access to your -

  • Identity - Aadhaar or something universal that links you across systems
  • Your consent - that you agree for this app to use the data about you from different systems - electronic health records to start with

Everyone (almost everyone) in India has an Aadhaar card and number (similar to SSN in the United States or a national id number in any country for its citizens) which ties to your biometric data (retina scan, fingerprint), address/location, your gender, your date of birth and your parents name.

This number represents YOU (as far as any digital system is concerned) amongst more than a billion people and ties you (or will eventually do) to - financial systems (Banks, Insurance Companies, Payment Wallets, Securities), health systems (Hospitals, Clinics, Laboratories), educational systems (Schools, Colleges), private employers, legal systems (Courts).

Now let’s come to consent - as per dictionary - “permission for something to happen or agreement to do something”.

For e.g. if your neighbour asks you if they can borrow some tea cups from your house (maybe because they suddenly have too many guests), you can “yes, please go ahead”.

You are giving your ‘consent’ for your neighbour to ‘borrow’ some tea cups and expect them to ‘return’ them in the same condition (clean and tidy).

This is a very clear and concise agreement to which you have given your consent - you know exactly “what you are consenting to” and also “what you expect to happen to the object/item that you have given consent to” so that when it is returned, you know how to “verify that the agreement for the initial consent was adhered to”.

Let’s break this down into parts -

  • What you are consenting to - an agreement of sorts
  • What you expect to happen to the object/item you’ve given consent to - to what use will it be put to
  • Lastly, verify that the agreement for the initial consent was adhered to on return

If you have been on the internet (which is a really stupid question to ask since you are reading it on the INTERNETS!), you’ll have seen a few forms of these ‘consents’ floating around whenever you visit a website or use an app -

  • Cookie Consent
  • Privacy Policy
  • App Permissions
  • Aadhaar card TOTP/OTP - unlocking biometric data or your identity for provisioning of services

Without going into details of these forms of ‘consents’, just go back to the previous points that were listed and see if you can answer those points -

Category/Check What are you consenting to ? To what use will it be put to ? Verify that agreement was adhered to ?
Cookie Consent ? ? ?
Privacy Policy ? ? ?
App Permissions ? ? ?
Aadhar Consent ? ? ?

I’ve left the table blank with question marks intentionally - no lay person (including me) is in a position to read through those super tiny font statements that are presented to you (in paper format or digital format) and have a checkbox which says “Yes, I agree to all that’s written here”. All of us (including me again) check this or there might be a button which says “Agree to Everything!” and I happily click on that button and move on.

Ok, now that we have agreed to something which we have no idea about and given away our identity to be put to use for something which we have no idea about and do not even know who it will be shared with further and for what, we happily continue with surfing the awesome website or playing whatever game we were playing.

You must be thinking now - why is this person wasting my time with the same old things which people have been repeating all this time and say “I don’t care”. Well and good. When you say that you don’t care, I believe it’s more like “I do want to care but only if someone could make it understandable enough”.

        Awareness is the key to understanding something.

This series of diary entries is my way of trying to explain some of these things.

Coming up next -

  1. “Right To Privacy” - what is it? Is it a fundamental right ? “Personal Data Protection Bill 2019” - what does it say ?
  2. What data is being collected about YOU and what tools can you use to prevent or reduce misuse.