Tuesday 31 May 2016

Privacy laws and your Gadgets

Trust lawyers to make even most interesting of things seem boring. While there are hundreds of articles on the internet titled "Your Drawing Room is listening", "Your Smart TV is spying on You".

I decided to break it down into what these noisy articles mean, legally and as a consumer. 

An average adult will be using three to four devices per day by 2018. Most of us use upwards of two already. With almost every website collecting your data (sign in using Google, email id or Facebook) to using sophisticated and not-so-sophisticated tools to track your web-movements, there's hardly anything you can keep personal anymore. 

In India, even the government is collecting data of it's people in the form of Aadhar Cards under UIDAI. 

So, what exactly is Private/Personal Data and how can you protect it?

There are various laws and interpretation defining private data. Take for instance, 

According to Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 of India, 

Sensitive personal data or information of a person means such personal information which consists of information relating to

(i) password; 
(ii) financial information such as Bank account or credit card or debit card or other payment instrument details ; 
(iii) physical, physiological and mental health condition; 
(iv) sexual orientation;
(v) medical records and history; 
(vi) Biometric information; 
(vii) any detail relating to the above clauses as provided to body corporate for providing service; and 
(viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: 

provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules. 

And According to the Privacy Protection Bill, 2013,

Personal Data is any data, which relates to a natural person if that person can, whether directly or indirectly in conjunction with any other data, be identified from it and includes sensitive personal data. Sensitive personal data are the personal data as to the data subject's:

(i) Biometric data;
(ii) Deoxyribonucleic acid data;
(iii) Sexual preferences and practices;
(iv) Medical history and health;
(v) Political affiliation;
(vi) Commission, or alleged commission, of any offence;
(vii) Ethnicity, religion, race or caste; and
(viii) Financial and credit information.

However, Financial and Credit information as well as data about commission of offences might be available in public domain and should be within reasonable limits to divulge. 

What should the Consumers do to protect their privacy online?

Check Privacy Policy: To give our readers a sense of how privacy policies can tell you a lot about your device,  I am sharing the following example

"By enabling Interactive and Interest Based marketing features, you may make the content and advertising that you receive on your Smart TV and other devices when you are watching Smart TV more interactive and in tune with your viewing preferences. TV programming providers or advertisers can enhance video programs by providing interactive content, such as in-program trivia, show insights, games, and promotions, on your Smart TV or other devices. Similarly, advertisers can enhance their ads by enabling users to take immediate action (e.g., downloading a coupon or app) in response to an ad.
To make these kinds of enhancements and interest based marketing available, we collect video or audio snippets of the program you’re watching and use this information in order to return content or advertising “synched” to what you’re watching. Viewing history will also include information about your device (e.g., its IP address and device identifiers) and your interactions with the content and advertising they provide. You may disable these interactive interest based marketing features at any time by visiting the “settings” menu. The choices you make with respect to interactive marketing features will not affect whether you receive other types of ads and marketing on your Smart TV."
This policy enables Samsung TV not only to record the program you are watching but also your personal identifiable features like  IP address, identity of your device.

How can Samsung use this data?

It can provide your data, in encrypted or un-encrypted version to any third party interested in marketing to you. The third party might  be able to profile you on the basis of the shows you watch, the commands you give to the TV or the advertisements you interact with and send you targeted advertisements.

However, if Samsung or any third party do not take reasonable precautions in saving  your data from potential hacks, there might be some serious repercussions


"We may create a profile of your use of our products, services, and websites based on information we have collected from you and your Motorola products. We use the profile to provide services and support and to make improvements to our offerings.

  • Providing Motorola Experiences functionality. Some Motorola Experiences need access to information in order to function. They may keep the information locally on your Motorola products or they may transfer it to Motorola or a third party. This information may include personal information like the location of your device, contextual data collected from sensors that describes what you may be doing at the time, and user generated content like app data, calendar entries, contacts, call history, and SMS and MMS messages, and photos, videos, and documents. Some Motorola Experiences may work with companion products like Bluetooth accessories, NFC tags, and other hardware or downloadable software. Motorola Experiences will only access your information if you specifically choose to use them.
    You can choose whether you want to Help Improve Motorola Products or Get Enhanced Support by visiting the Motorola Privacy settings on your Motorola products and turning these options on or off."

The default policy of the device is to track you. Motorola tracks each and every way your device is being used by you. You will have to 'Opt-Out" if you are uninterested in the campaign.


Well, that Apple has a great snob value is a given. However, the company's Privacy Policy is a reward for sore eyes. It is so clear and concise that anyone can understand it. 

"Our business model is very straightforward: we sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t “monetise” the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.
One very small part of our business does serve advertisers, and that’s iAd. We built an advertising network because some app developers depend on that business model, and we want to support them as well as a free iTunes Radio service. iAd sticks to the same privacy policy that applies to every other Apple product. It doesn’t get data from Health and HomeKit, Maps, Siri, iMessage, your call history, or any iCloud service like Contacts or Mail, and you can always just opt out altogether.
Finally, I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will."

Though Fitbit claims that it will never sell your data to third parties, Terms and Conditions apply. Look closely
"Fitbit uses your data to provide you with the best experience possible, to help you make the most of your fitness, and to improve and protect the Fitbit Service. Here are some examples:

  • Height, weight, gender and age are used to estimate the number of calories you burn.
  • Contact information is used to send you notifications, allow other Fitbit users to add you as a friend, and to inform you about new features or products we think you would be interested in. Please see “Can I Opt-out Of Receiving Fitbit Emails?” for information on how you can opt-out of future communications.
  • Data and logs are used in research to understand and improve the Fitbit Device and Fitbit Service; to troubleshoot the Fitbit Service; to detect and protect against error, fraud or other criminal activity; and to enforce the Fitbit Terms of Service.
Fitbit may share or sell aggregated, de-identified data that does not identify you, with partners and the public in a variety of ways, such as by providing research or reports about health and fitness or as part of our Premium membership. When we provide this information, we perform appropriate procedures so that the data does not identify you and we contractually prohibit recipients of the data from re-identifying it back to you."

However, it's policy limits the usage of the data to only "de-identified" which means your device id, passwords, social security numbers are not shared.

Should you opt out?

Opting out is a personal decision. Some of you might not mind your data being shared. Don't we all at some point have or had willingly put our vacation details, photos of babies or private details on the internet?

No comments:

Post a Comment