This paper attempts to bring up the present scenario of consumer privacy and
protection in India and other parts of the globe. The research reflects the need
and importance of consumer protection in this era of hardcore nail-biting
competition. It throws light on the new consumer privacy act passed in
California in the United States with the help of some real- life cases and
examples. It highlights the consequences, advantages and repercussions of the
new law not only in the United States but also in third countries in this
digital age of growing cybercrimes.
The paper also includes an aspect of how the
General Data Privacy Regulations (GDPR), implemented by the European Union (EU),
is related to the California Consumer Privacy Protection Act (CCPA). In view of
India, the recent amendment in the Consumer Protection Act is of paramount
importance and is a booming success in enabling India to move a step ahead in
meeting the pre-established international standards. The main problem in India
lies with the administration and implementation of laws. The research findings
indicate that there is a dire need of some stringent comprehensive laws to
reclaim the long lost confidence of the consumers in the global market and to
make their online presence secure.
Imagine being stopped at the entrance of a shopping mall and asked to show
identity proof in order to get in. Now imagine, while you are there the
attendant is watching and scrutinizing wherever you go and what all you buy. He
even comes along and starts suggesting and recommending products without you
asking him to help. Not only this, he even tells his co attendants about you and
what you bought at the store, so they all start suggesting products which you
should be buying from their stores.
You check out of the shopping mall and go to
your car only to find pamphlets of future offers on products that you may want
to buy. Isn’t it annoying and creepy? Did you not feel exploited and your
customer experience ruined? This is what exactly these data-hungry big tech
firms do to you online when they store and track your search results and
locations. They bombard you with targeted advertisements on all social media
platforms whenever you search for a product online. How is this possible? They
claim your data to be your own and that they won’t share it with anyone. But
here you are witnessing a flagrant misuse of your data without your consent.
This leads us to a question:
do we, the consumers, really own our data or someone else does?
A consumer is basically a person who purchases and consumes a good or service
being offered for sale by the seller. US President John F Kennedy first traced
the perception of consumer rights in a special message to the congress on
15th March 1962. This day came to widely recognised as the World Consumer
.1 It was on this day that President Kennedy had called for a set of
four basic rights every consumer deserves: the right to safety, the right to be
informed, the right to choose, and the right to be heard2. However, these utopic
rights are hard to be swallowed in this era of cutthroat competition.
Digital Privacy And the Global Response
In particular, there is an issue which calls for everybody’s attention-PRIVACY.
Our personal information is being shared, sold and exploited to such levels that
few could have dreamed of back then. In fact, who could have anticipated that
there would be an instrument like the internet which could provide so much
information, but at the same time put our personal information at stake every
There is a dire need for some concrete regulations to address the
new set of challenges faced by consumers in this growing digital age.
In view of the present situation and its future consequences several US states,
following the general data protection regulation (GDPR), put forth by the
European Union (EU), are shifting and asserting their own protection laws that
bestow GDPR like consumer rights with conspicuous differences. One such
independent state data privacy and protection act is the California Consumer
Privacy Act 2018 (CCPA).
This revolutionary act is stated to become the most
stringent state privacy regulation in the United States today. The CCPA takes in
its purview every single company of any significant size and unwinds the
provisions with regard to processing, maintaining, collecting, and sharing data.
This act, unlike the previously enacted laws, rules and regulations enable the
consumers to pull out of data sharing to third parties and at the same time
warrants a right to remedies in case of a breach, with regard to the provisions
of the act, in the form of handsome penalties imposed by the California Attorney
General’s Office. With this, the silicon valley’s new business game seems to be
finding new baby companies and suing them under the new data protection act.
Breach of Data Protection Laws by Big Techs
A major breach in this regard came into account in May 2018 against Google which
seems to take loops by entering the wrong kinds of headlines. This is presumed
to be a record fine with respect to violation of the provisions of the general
data protection regulation. The case was brought forward by two privacy rights
groups in France one of them being a European campaigner Max schrems. One of the
claims of the case highlight that Google did not have a legal basis to process
data for personalisation for advertisements.
There was a lack of transparency as
Google had not adequately informed the consumers on how it was going to use
their information and the question of consent never came into the picture. The
French data regulator, CNIL, snapped a fine of 50 million euros on Google.
Critics argue that this in no case can be termed as a devil’s bargain for a
company valued at more than a trillion dollars.
Google’s subsidiary YouTube is also trapped in a case of child privacy violation
on the grounds that it acquired personal information from children without the
consent of their parents. Federal Trade Commission (FTC) announced a ground
breaking fine of 170 million dollars on YouTube which is cited to be the largest
civic penalty ever secured by FTC under the Children’s Online Privacy Protection
Act (COPPA).3 Google commented that ‘people expect high standards of
transparency and control from us. We are deeply committed to meeting those
expectations and the consent requirements of the GDPR’.4 This case has certainly
moved the whole tech world with many big tech companies fearing the ripping
consequences of breach of the provisions of the act.
The level of complexity and uncertainty posed by the California Consumer Privacy
Act (CCPA) is a growing and major concern for the tech giants in California, who
now cannot dispose off private information for huge sums. Many critics of the
CCPA argue that the law was originally supposed to be a blow against big techs,
but it is turning out to hit the freshers strongly.
Also, the attempts by
companies like Google to weaken or make useless the provisions of the CCPA
make the censurers question the entire purpose of the law. The CCPA is not just
one of the regulators that can go after you for money, but individual people in
California can also sue you. Surprisingly, you don’t even need to have a breach,
you could just be violating their privacy by showing them an advertisement they
don’t want to see without their consent. Indian companies are at a greater risk
of uncertainty as the provisions of the General Data Protection Regulation are
not only pertinent for EU countries but also third countries like India
acquiring the data of EU residents.
The congress in the United States is
resolute in its determination to come up with a comprehensive data privacy
legislation that can bring consistency and uniformity in what is presently a
mishmash of separate and independent state laws.
India – The Problem and the Solution
India, particularly, currently lacks any comprehensive data protection system.
Our data privacy needs are, as of now, met by the Information Technology Act,
2000 and the information technology rules, 2011. But, these enactments are often
cited to be incompetent in this epoch of bloodthirsty competition. Hence, it
follows that there is a biting need for data protection regulations to address
the growing and myriad burden of vulnerability on the consumers in India.
optimists also assert that India not having a strong data protection regulation
is a myth and that the information technology act actually holds corporates and
companies liable if they fail to protect the data of consumers or employees,
under Section 43 (A), with the penalty being up to 5 crores which the highest
penalty in the legal framework in India per se.
Taking advantage of the lack of awareness, some websites use files called
cookies for acquiring data from the users and marketing them to advertising
agencies. Some of the sites make it impossible for us to access the site unless
we accept the cookies policy.5 Evidently, cookies, proposed for
so-called ‘security purposes’, is of importance to commercial giants but it
carries serious security implications with it.
The recent landmark judgement by
the supreme court of India in Justice Puttaswamy V. Union of India
is a booming
triumph for privacy in India. The judgment was an outcome against a petition
challenging the constitutional validity of the Aadhaar biometric scheme. It was
in this case that the nine judge bench unanimously declared ‘right to
privacy’ to be a part of article 21 of the constitution of India, guaranteeing
life and personal liberty.6 The court at the same time upheld the overall
validity of Aadhaar, however, disallowed the use of Aadhaar numbers by any
private institution as it was found to be in violation of the provisions of the
fundamental right to privacy.
There has been a recent amendment in the decade old consumer protection act,
with the Consumer Protection Act 2019 replacing the Consumer Protection Act
1986. The global supply chain and the consumer markets have undergone radical
changes with rising e-commerce platforms creating new opportunities and at the
same time exposing consumers to much higher degrees of such trade practices like
being constantly traced by advertisers which keep showing the same phone you
bought a week ago, direct selling, growing cybercrime rates, political
influencing, fake news, etc.7
Therefore, it became all the more important to amend the act in view of the
growing concerns of the consumers. The revised act imposes stricter penalties
for unprofessional practices and also constitutes detailed guidelines for
e-commerce providers. The contemporary amendment in the consumer protection act
also proposes the institution of a central consumer protection authority which
will promote and enforce the rights of the consumers and repose the overall
speedy grievance redressal procedure.8 Evidently, when it comes to meeting
international standards laid down by the Consumer’s International and the UN
guidelines on consumer protection, India is not at par. In a country like India
where unemployment, poverty, and illiteracy are at their peak, promoting
awareness on consumer related issues is not a cakewalk.
However, with the
advancement of the economy and the constant efforts by the government, consumers
are becoming more and more aware of their roles in influencing the governance of
society. A balanced society is one whose economic planning is tilted to favour
the ultimate king of the market – the consumer.
In view of this, the operations
of the market are shifting from the principle of ‘caveat emptor’, literally
meaning ‘buyer beware’, to ‘caveat venditor’ which basically means ‘seller
beware’. It is indisputable that in India the main problem lies with the
implementation of laws. The primary task for India, in the present scenario, is
to strengthen the administrative system by providing incentives to public
servants to carry out their duties.9 Consumer education can lead to strides of
favourable outcomes. Though the ministry of public affairs is working hard in
this regard, no concrete results can be sensed.
As quoted by Tim Cook, ‘If you put a key under a mat for the cops, a burglar can
find it too. Criminals are using every technology tool at their disposal to hack
into people’s accounts. If they know there’s a key hidden somewhere, they won’t
stop until they find it.’10 Our privacy is in our hands. We cannot rely on the
police forces alone to protect us. A certain degree of reasonable alertness is
certainly required on our part also. We need to keep our windows closed and
doors locked. Similarly, the responsibility of securing our privacy is a
personal duty. It cannot be entirely left upon the government and the companies.
This is what is the ideal should be situation, but in real scenario many users
don’t even please to keep a proper antivirus in place.
Mahatma Gandhi once said, ‘the customers are the most important visitors on our
premises, they are not dependant on us, we are dependant on them. They are not
an interruption in our work, they are the purpose of it. They are not outsiders
in our business, they are a part of it. We are not doing them a favour by
serving them, they are doing us a favour by giving us an opportunity to do
so.’11 However, unfortunately, little do the profit craving giant firms, in an
advancing society, ponder over such principles. The world is changing its
definition of privacy! Are you ready for it!
- Lawtimesjournal.com the history of consumer protection by Sonika Shekhar
- Huffpost.com article by Jim Guest, consumer advocate, CEO consumer union,
- www.gritdaily.com FTC fines google record $ 170 million after child
privacy violation, but is this meaningless? by Andrew Bossow 14th sept 2019
- thehrdirector.com the google GDPR fine – why this case is significant?
by Karen Holden
- cookies – invading our privacy for marketing, advertising and security
issues by Sowmyan Jegathessan
- Electronic frontier foundation, article by Jyoti Pandey, 28 august 2017
- www.Wired.com, should big tech own your personal data? by Steven Hill
- www.iosrjournals.com comparative study of consumer protection in India as
per UN guidelines by Lalita Dhingra, assistant professor, D.A.V centenary
- www.technopedia.com quote by Tim Cook, CEO, Apple.
- www.Scconline.com – the SCC blog – quote by Mahatma Gandhi