India’s digital economy has witnessed a boom over the past decade. Vast flows of user data are being used extensively across industries such as healthcare, fintech, digital public infrastructure, and, most importantly, in e-commerce. As more and more user data is being collected, it is also raising concerns about its safety and awareness. Companies need to build the required trust with consumers, as it has now become the prerequisite for making any kind of transaction. The companies in India have now realised the value of ‘Privacy by Trust’ as the foundational principle for operating in the global market.
Himanshu Gautam, Founder & CEO, GoTrust
How are enterprises moving from exploitation to protection of data?
As consumers and users, we have always lived in a data-first environment. Companies have functioned on the principle that they need to collect as much user data as possible from the users and think about the compliance processes later. This process has eventually become redundant with the integration of the Digital Personal Data Protection Act (DPDPA). With its introduction, companies have reevaluated their processes and made the required changes. If organizations are making use of the personal data of users in any given manner, they need to follow certain limitations such as data erasure requirements, purpose limitation, and consent-based processing.
This act has brought an important principle to the forefront: data cannot be exploited without any limitations, and it must be protected to safeguard users’ privacy. Even product design needs to fall under this purview, and engineering and design frameworks must comply with user privacy.
Privacy by Design: Explained
Privacy by design is a framework that makes use of privacy considerations in the main design of systems in the very beginning. It does not take this consideration into account later when the project is completed. It functions mainly on the following principles: user-centric control, data minimization, transparency, and proactive risk prevention. At every stage of the product development, the design team makes an intentional decision to protect the privacy of the users. They make decisions about what kind of data is required, who has access to it, the duration of the data to be stored, and whether or not the users can control and delete the data.
If companies can address these questions from the beginning, they can avoid problems such as redesigning of products, failures related to compliance, and damage to the company’s reputation.
Why Is ‘Privacy by Design’ Relevant In India?
Skepticism in the market
Indian users are subject to problems such as misuse, spamming, and breaches of user data. Therefore, they are increasingly losing their trust in companies. Companies that can gain the trust of users will be able to get a competitive advantage in the long run. The users must fully give their consent to the sharing of their personal data. Nowadays, companies are also able to exhibit accountability and transparency by following Privacy by Design. Users only remain loyal when they can understand why their data is being collected and why it will be used later. We are now living in a “permission-based economy”, where consent has become imperative.
Risks of mitigation and compliance
If companies do not adhere to the compliance within the DPDPA framework, they can be subject to strict penalties. There are certain obligations that are imposed on the company, which primarily include reporting of breaches, accountability across the whole vendor ecosystem, and data lifecycle management. ‘Privacy by Design’ has enabled companies to address these complaints at an early stage and avoid potential penalties later on.
Expansion of the digital public infrastructure
India’s digital public infrastructure comprises the following aspects: document platforms, identity systems, and payment networks. As these systems work in tandem, they can lead to a huge intersection of data across various platforms. Therefore, the risks associated with privacy can go beyond minor breaches. They can extend to uncontrolled access to data, fragmented retention policies, and excessive collection of data. The safety and reliability of these systems are ensured through ‘Privacy by Design’, which addresses the challenges at a nascent stage and makes the companies more trustworthy.
Bringing innovation into the mainframe
People have often thought that the expansion of privacy leads to less innovation. ‘Privacy by Design’ addresses this challenge by bringing together privacy and functionality. Companies are not able to get the maximum amount of data without exposing the sensitive information to unreliable sources. They make use of practices such as data encryption, differential privacy, and data anonymisation. As a result, they can bring in more innovation without compromising the trust of the users.
Why do startups need to integrate this framework?
Compliance frameworks are easier to implement by large organizations due to the availability of resources. Startups, on the other hand, might face a lack of both resources and clarity. The compliance requirements are sometimes misinterpreted by certain startups and mid-level organizations, which leads to an increased risk of exposure. Many products that are being designed by these companies lack visibility into the flow of data, fragmented storage of data, and increased access permissions. In the long run, these issues become fundamental rather than architectural. Therefore, “Privacy by Design’ becomes fundamental for such organisations.
Apart from these disadvantages, startups also carry a specific advantage. They do not have to deal with an outdated infrastructure, and they are able to build a privacy-first system from the very beginning. This can serve to be a competitive advantage in the long run.
Final thoughts
The digital journey in India is all set to expand its operations. We have now been presented with a combination of compliance rules and rapid digitization. The coming together of these two aspects has presented us with a number of challenges and opportunities. By integrating ‘Privacy by Design’, we would be able to come up with a blueprint for building products that are both user-friendly and resilient. It will help enhance the trust of the existing users and also make sure that the company avoids heavy penalties in the long run. Our economy has become increasingly trust-driven, and it has become imperative for organizations to embrace this change.
India’s product ecosystem will work only when there is a thorough implementation of ‘Privacy by Design’. It will be able to meet the expectations of the consumers, implement the latest forms of technology, and also fall within the compliance regulations, all at the same time.
-author Himanshu Gautam, Founder & CEO, GoTrust
About The Author
