Aparna Pathak Shaping a Privacy-Friendly World
Embracing Privacy in a Digital World
In the fantastical realm of cinematic fiction like X Man and 14, robots have emotions and can predict human actions. We've now advanced to a point where this is not far from our everyday reality. Hello, I'm Perna Pathak from the Global Privacy Office at Tata Consultancy Services. Today, we delve into the questions on everyone's mind: Why do we need a privacy-friendly world, and how can we achieve it?
Is Our Data Safe?
One might wonder: with the rapid rise of mobile apps and website usage, is our data safe? Unfortunately, personal data breaches have become a worrying trend. For instance, recently, the personal data of over half a billion Facebook users got exposed online due to a cyberattack. Similarly, companies like Clubhouse and Bo Cooper also faced major data leaks. Such breaches offer a chilling realization: without robust security measures, our sensitive information can quickly become vulnerable to misuse.
Security Vs. Privacy
There's often confusion about the terms 'security' and 'privacy.' While security is about safeguarding data from malicious attacks, privacy revolves around protecting user identity. It's crucial to underline that security is a prerequisite for maintaining privacy.
The Growing Need for Privacy
Privacy regulations across the globe are strengthening in the face of these challenges. Countries everywhere emphasize privacy as a fundamental right, ensuring hefty penalties for violations. The question is – how will these ever-evolving regulations affect our technology-reliant future?
Technology and Privacy: A Complicated Relationship?
Surprisingly, the interplay between technology and privacy can be a double-edged sword. Extracting personal data, making predictions based on it, and serving customized recommendations are common features of many technologies like facial recognition, virtual assistants like Alexa, fitness trackers like Fitbit, and more. These advancements surely simplify our lives, but we must question at what cost?
Building a Privacy-Friendly Future
So, what does a privacy-friendly future look like? Central to this vision is the control and rights individuals have over their data, coupled with robust security measures.
Companies, on their part, need to adopt certain practices to facilitate this privacy-friendly future. This involves:
- Implementing reliable security measures.
- Being transparent about data processes.
- Adopting Privacy by Design solutions.
- Ensuring visibility and transparency to build users' trust.
- Keeping user-centricity at the forefront.
AI and Privacy
Artificial Intelligence (AI) is an all-pervasive technology, making decision-making more efficient across sectors. Yet, AI's dependency on data could pose a significant challenge for privacy. AI developers need to ensure their data is diverse, synthetic, anonymous when possible, and tested for inherent bias.
Conclusion
As we progressively rely on technology, the need to uphold privacy becomes more paramount. Today's digital world might be edging towards the 'Internet of Behaviours,' but it's crucial for us to change this narrative. Privacy is, after all, our fundamental right. Therefore, we need to take control, make informed decisions, and most importantly, demand transparency from technology and its purveyors.
Remember, compliance might be expensive, but the cost of non-compliance could be far higher. Advocate for privacy, not just for yourself but also to ensure a safer, more private digital world for generations to come.
Video Transcription
Hello and welcome everyone in the movie X Man and 14. You would have seen a humanoid, a humanoid who had feelings, who could predict what the next person is going to say. We are not far apart apart from that. And now it's a reality here.I am a Perna Pathak, uh from Tata Consultancy services. I work in the global privacy office. Uh Ensuring that everything we do is a privacy complaint. So welcome again to our topic of sharing a privacy friendly world before we get into why we need a world that is privacy friendly and what we need to do to achieve that. Let's take a poll. It's a simple one. We'll have 30 seconds. You can answer the chat in the chat. What is your preferred mode of shopping? Yes. In pandemic. Uh, I know everybody is online but still it is interesting to know what is your preferred mode? Let's put 30 seconds and you can start typing in your answers. I see the answers are coming. Wonderful. Anybody else? Ok. We'll just give a few more seconds. I still love mom and pop shops. But, uh, that's a different story. All right. So here the time is up. So I don't see most of you are putting the mobile apps websites and uh I think one person says mom and pop shops because of the pandemic and the way technology has evolved, we see more and more websites are coming up.
You don't need to pay to use those services. But your data is getting captured with these uh multiple, multiple apps and websites. But why they are free because you are the product because your information is the payment that they are getting. So if you're not paying for the website or the mobile app, you are the product. I'm just going to go through a few of the news that have uh I've heard recently and these are, you know, just the last couple of months, personal data of 5 33 million Facebook users across 100 plus countries was posted online reason, a cyberattack similarly for clubhouse database of 1.3 million users was cut again.
A popular hacker was using it. The next one is Bo Cooper operation where they disclose that they had a ransomware attack. Now all these attacks are to capture your personal information. It's your mobile number, your, it's your email address. What are your preferences, how you interact on a day to day basis through all these websites and mobiles is this only security? Maybe you can say it's a security barriers has uh uh claimed that cybercrime is estimated to cost about 10.5 trillion annually. And it's a huge amount, but security is one area which is protecting your information. And when it is hacked, your personal information gets stolen and people can misuse it to give you more advertisement to misuse that, you know, have your identity recreated. So let's understand what is the difference between security and privacy. So security is always safeguarding your data. That means nobody should hack into my system. It is always protected, it is always encrypted. Whereas privacy is safeguarding identity, I as an upper and a pa my data is protected.
So my identity is protected obviously without security, uh there will not be any privacy. So for privacy to have we need strong security while there are other things which doesn't impact on security side uh to privacy, but privacy can stand alone also have an impact. You may have the best in class security systems, but you are using data for some other purpose. Then it is a privacy violation. And that is one of the reason why we need to have more control on our data. Let's again, have a poll. Again, 30 seconds you have, there are three statements, by some way, will you be able to identify any individual person? You can just write in 12 or three? And let's see if these statements can help you identify an individual. So again, putting 30 seconds, uh please feel free to put uh your answers in the chat anybody? OK. 33, just a few more seconds. All right. Thank you everyone. So yes, the last statement is capturing your profession, your gender and your location. And if in one room, we have very few people or maybe 100 people, but there is only one woman, you can identify that person. So similarly, if your data is there on the internet or in the cloud, you can assume how people can link the information and identify for the first two cases.
If my sample size is smaller, I can still identify and hence personal data or personal identity of an individual becomes very important. This particular map is showing you how the privacy regulations across the world are changing. Right? From California to Australia, you will see this map becoming more red, be in GDPR or be it uh in Brazil at GP D or the upcoming India regulation. Every country says privacy is a fundamental right. That means every individual can claim for their privacy and hence all across the world are giving extreme importance to privacy and regulations are uh giving fines to all the uh other organizations where they fine, but it is not following the regulation. And this is the impact that we see on the technology. Also the technology will grow. And this is a recent example of how technology is helping us to have a better future, which is very obvious. But facial recognition in Singapore is your credit card so that every verification will happen from your ID scan to your expressions, to your bone structure, to everything else. And that yes, it gives me a higher security. It allows me that it cannot be impersonated but still at the same time, my unique facial impression is stored in the database and assume if that has some implications or it has been used differently, the have multiple privacy implications.
Second example is on Alexa, everybody must be having Alexa at home and without a vague word, hi, Alexa, it might still be listening to you. It might be predicting what you may want. Ok, I want to go to a movie next week. It might already give you options, what movies are there. So it is trying to listen to you understand what are your unspoken needs and then giving that information to ad agencies and they will target you. This still has a lot of help in technology, but we need to look at how it is impacting an individual and Alexa is at a home so that everybody in the family will have an impact. I hate doctors. But when I used to go to doctor, he will take my pulse and only he will know what was my pulse. But now with Fitbit, you really get those instant messages that you haven't walked. You are not having hard steps. So your every move, every step is tracked, your any high heartbeat will be monitored and you will get bombarded with uh so many messages saying you should go and join the gym, you should uh run the marathon or you should see a doctor, right? So this is the technology, how everything is changing in this world. It's helping us and it's making us more dependent on the technology. At the same time, it's uh very, very risky.
Now, if you look at how the future innovations will be, be it the smartphones devices, most of it is already there. Some of them are in pipeline instead of you uh walking to the switchboard to switch off the light, which fitbit says that you should walk. You are being asked to use a switch in your hand to switch off. That means at one side, you have been prompted to walk a lot and other side, you have been prompted just to use your fingers. This is changing the way humans have behaved uh so long. Is this bad? No, obviously not. It will have very important help to people who are not able to move like us, but it will also have impact of how much somebody uh person like a bad actor can gain this information and misuse it. Conversation airs. We did talk about Alexa but then I might be talking in my local language and that natural language processing how uh high can mean or by can mean will depend on how these chatbots are going to interpret your conversations. The way I see that I am not feeling good. It might be predicted because it's, the weather is bad or it can be, I'm feeling excited because I had something good to eat. So all those things, the chatbot is going to process and link it and predict the next one is a hybrid workforce. Yes, this is the one that we are all kind of worried if a bot can do everything.
If bot can think what I'm thinking, then what is it that I need to do? Probably I need to create another bot itself. So hybrid workforce management has been looked at from higher productivity as well as uh putting in more mundane and uh leg work to the pot. This is going to help us, but then the bot is going to replicate my thought process and probably like in ex Machina, they will change the way I want to do work. So these are the things that we see in the future. The world is going in all these directions to make our lives better in the one side. But the regulations on other sites are restricting us saying you need to ensure that data is protected. Let's see this poll again. And it's an interesting one. Would you allow technology to read your thoughts to predict and serve your unspoken needs? Not that I want to go and buy something, but my refrigerator will say no, you need fruits. So again, 30 seconds guys uh let me know what your thoughts are. 23. OK. Any more? Ok. Right. A few more seconds. All right. So yes, interesting. I did not see anybody saying yes, it's may be or no, no, no is negative side of it saying, you know, we don't want yes, that is your choice. But when we say maybe then what is that? Maybe when I would allow and when I would not allow. Ok. so let's see what this privacy friendly future look like. I as a data subject or an individual have control over my data.
That means I can say, OK, you can read my thoughts in this scenario, but you cannot read it in that scenario. That is I control, I exactly know how my data is used, be it Alexa or be it. Uh you know, smart devices, anything I know exactly what they are doing, how they are processing and where they are sharing, sharing, right? My data is always protected. Security is of very high importance here. And I have rights over my data. I want to delete it, I should delete it. I want to know where you send it. I should uh be allowed to do that. That is how the privacy friendly future will look like. This is from me as an individual perspective. Now, let's see how the organizations should look at this in a different way. Security measures. We have already spoken about it. It's the pillar of uh the future. The next one is transparency in the processing. You would have seen many apps when you download it will throw a lengthy privacy notice or it will say you have to give a consent. But at the end of the day in a legal language, it's it gives you a transparency. See this is how I use your data. I will use it for so and so reasons and this is how I will send I will send it out of Europe, out of India anywhere else, right?
So that's the transparency which we will have to ensure that it is available. So organizations need to build a framework where every data processing is given transparent information and it should be not in a legal, legal big language but in a user-friendly language. Even a kid when he's using a app or even an elderly person who has never used any application, they both should understand how the data is used. Third one is on the privacy by design solutions. This is the most important one. It is very, very principle based but how you design the solution depends here. So let's look at uh the seven principles by Doctor Anne Kian. The privacy needs to be built in each phase requirements to decommission everywhere. You need to ensure that it is in built. It has to be proactive, you cannot keep privacy towards the end of everything saying I have developed it now, I'll implement privacy you need to anticipate how the users are going to react, how a criminal is going to look at cybercrime has to be looking at, right. So all those things you have to predict and be proactive, keeping privacy as default setting. If I have been given choices that I want only email to be sent, but not as an S MS. You don't use my mobile number. Those settings have to be turned off by default only. I should be able to select for what purpose I need information and how I should be using it. So keep privacy as a default setting and consume the minimum information, use it only for the balance. Third one.
It's obvious that it needs to be part of your complete design wherein I should know if somebody wants to delete their data, what can be deleted and what cannot be deleted. Otherwise, if you don't design it in the way, uh it is required you will have to change a complete solution because of the regulations demanded and you cannot have many people asking you to delete the data. So every stage has to be embedded into the design. The next one is give a full functionality, not kind of, you know, you have to do this. You have to give me this data then only I'll give you this functionality. There cannot be any trade off, there cannot be trade off of saying if you give me this, then I'll give you this security. If you don't give me this data, I will not give you the security so that we do not want, we really want a win win situation for users as well as for companies enter an encryption. I'll not go in details of it. Uh Security is a separate topic altogether, but it's a very important one. Visibility and transparency. We touched upon it. The trust gets built when you are transparent to the user.
When I'm sharing the data, I know that I will get these emails but I will not get other uh promotional emails. I'm OK. I will have the trust built uh by the organization. Keep it user centric every time you design anything look at how and how a user is going to process that information. What is it that user will look at it? So keeping user centric is about respecting their individuality and their privacy. So keep user at the center of everything as I was giving example of a machine now. So whenever the artificial intelligence software is developed, we see today, many decisions are done by artificial intelligence. The data that is used to test this A I is very important if I have used the data which is biased in nature or maybe I have used only female or the only male in the sample. My A I solution will be biased. So ensure that your data is diverse as long as possible. Don't use actual data because again, you're using it for some other purpose. So keep it synthetic, keep it anonymous if you cannot have synthetic. And it's very important that you should test for the bias that is inbuilt test how it is changing the behavior.
And please ensure that you don't do automated decision making because the regulation says if something goes wrong and if the decision made by uh the A I tool is wrong, a human should be intervening it. And then giving that reason of why such decision was made. So keeping human in the loop is very important. The next privacy is a fundamental right. It is your data, your choice and your right, you need to own it. Compliance is expensive but non compliance can be even more costly. Internet of behaviors is just here. But now it's time we change the behavior of the internet. Thank you so much. Everybody, if you have any questions, I can take them, I see a lot of chats that have come up here. Thank you so much. Everyone. Infographic on privacy terms is I think we will have to implement that. I have not seen any organization coming up with that. Yes, whatsapp. Also it is individual's responsibility to verify. But then uh as an organization, I should enable users to verify the settings correctly.
Thank you so much. Everybody. Thanks a lot for joining this session. Stay safe.