Data privacy and concerns around the use of consumer data are all the rage now, as governments around the world try to reign in the industry practices of the tech companies so embedded in our daily personal and professional lives. With laws addressing everything from consumer privacy to competition between big tech, and all the issues that lie in between, one might be tempted to think that, apart from the occasional bad actor, our digital lives are secure, or at least as secure as they can be.
Allow us to disillusion you and open your eyes to privacy washing. Privacy washing refers to digital players deceptively portraying themselves as guardians of online privacy and digital safety, while failing to adequately protect user data, and in many cases, misleading digital consumers as to just how well (or not) their information and data is protected.ma
Front Load
As Sanjeev Jasani, COO, Cheil India remarks, “Data privacy is a hot-button issue, and rightly so. For me, ‘privacy washing’ boils down to a lack of transparency and control. People should know exactly how their data is being used, and have a clear way to opt out if they choose. I believe it’s not long before we have stringent industry standards and control like the western world.”
Anil Suryavamshi, Associate Vice President, Digital Planning, Carat India, says it is challenging to quantify the exact prevalence of privacy washing, but it appears to be a significant issue in the digital ecosystem. “Many companies, particularly those heavily reliant on data collection for targeted advertising or other purposes, may engage in privacy washing to maintain consumer trust and avoid regulatory scrutiny while maximizing data collection and usage.”
Privacy washing undermines trust between users and digital platforms by misleading consumers about the level of privacy protection provided. It also signifies a disconnect between a company's public image as a privacy-conscious entity and its actual data practices, potentially leading to privacy breaches, data misuse, and erosion of user trust.
“For end users, privacy is an ever-increasing concern. From OTP and KYC scams to data leakage including personal information - the average internet user is now getting aware of downsides of sharing information unnecessarily online. Banks, RBI and Internet companies are doing their bit in spreading awareness as well. Many have been personally impacted or know friends and family who are,” says Siddharth Devnani, Co-Founder and Director, SoCheers.
In this environment, while many companies are genuinely upgrading their practices to respect personal information with extra care and security, others are merely talking about, without implementing stringent measures till stronger regulations come into play i.e. till they are forced to.
“This base is pretty significant. In fact, freelancers, smaller companies may not have the bandwidth to do this heavy lift. However, to suit the optics as investors, clients and users are keenly watching, many will make a big deal of small or insignificant initiatives which do not have an impact on actual security,” says Devnani.
User’s Guide
Suryavamshi says addressing concerns related to privacy washing requires a multi-faceted approach involving collaboration between regulators, industry stakeholders, consumers, and technology experts. “By promoting transparency, accountability, and ethical data practices, digital players can build trust and credibility with users while fostering a safer and more privacy-respecting digital ecosystem.”
Some of these measures include an increased focus on transparency and accountability, meaning digital players should be transparent about their data practices, clearly communicating how user data is collected, used, and protected; they should also implement mechanisms for users to easily access and control their privacy settings and preferences.
But the biggest means to address these issues is consumer awareness and education. “The momentum set for awareness should continue. There should also be parallel initiatives for B2B awareness, not just for end users. In many cases, the breach starts with unintentional loose ends, before malicious players come into play. Showing the industry a roadmap to doing better will go miles in improving the situation,” says Devnani.
“I truly believe most players are getting by with minimal effort and rather focussing on growing their business and profitability. They do not have the means to implement stringent measures, nor the awareness of the grave downsides if they don’t - but neither do they have any intent to misuse the data. This is the largest pool of industry players that need to be addressed. After the awareness is built, any initiatives that make it easy and cheap will go a long way in improving the situation,” he adds.
Experts also agree there should be mechanisms to address and enforce regulatory compliance, as well as independent audits and certifications. And given that we live in a so-called golden age of technology, there is an urgent need to develop and implement privacy-enhancing technologies, such as encryption, anonymization, and differential privacy, to protect user data while still enabling valuable data analysis. Service providers need to invest in research and development of tools that empower users to control and protect their personal information online.
“Ultimately, it’s about building trust with consumers. They need to feel like their privacy is respected, and that their data is being used responsibly. That's how we create a sustainable digital ecosystem that benefits everyone,” says Jasani.