You could have sued Facebook and won over Rs 3 lakh if there was proper privacy law in India
Facebook is facing a class action suit in the US where it may be asked to pay each Facebook user in that country up to $5000 (a little over Rs 3 lakh) if the social media company is found guilty. The case has been filed against Facebook for using face recognition feature in photos uploaded on the social media site without taking the required permission from users. Now, if only there was a proper privacy law in India, it was possible that you could have sued Facebook too and won damages.
A Federal judge in the US has ruled that the social media giant must face a class action lawsuit for violating a privacy law of Illinois that asks a company or any private entity to not "collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information" without the consent.
The lawsuit is against Facebook Tag Suggestions tool that identifies you in any photograph and automatically suggests that you tag yourself. Plaintiffs are Facebook users from Illinois who challenge social media tag suggestion feature alleging that Facebook collects and stores their biometric data of its users without their consent, thus, violating Illinois' Biometric Information Privacy Act (BIPA) that orders a private entity to ask for user's consent before collecting or storing their biometric data.
So here is a suggestion to the Indian government and IT Minister Ravi Shankar Prasad: Instead of summoning Facebook CEO Mark Zuckerberg over the Cambridge Analytica scandal, may be bring a proper privacy law in India that safeguards users and force technology companies to abide by it.
If Facebook is found in violation of BIPA, it could be asked to pay all Facebook users living in Illinois a fine between $1,000 to $5,000 each time someone's image was used without their consent. Basically, Facebook may end up paying billions of dollars in fine.
The lawsuit in the US again highlights just how poor is the privacy regulation in India. Had there been a stricter data protection law in India like Illinois, every Indian could sue Facebook over the same feature and win over Rs 3 lakh. May be.
Illinois has BIPA, China has Internet Security law, Russia has Federal Law on Personal Data, India that currently is in the debate over the privacy issues related to Aadhaar card scheme still lacks a stricter data privacy law. Right to privacy is a fundamental right but a country like India that serves as the second biggest market for Internet users, this is not enough.
The same concern was recently also expressed by Paytm's chief operating officer Kiran Vasireddy who said India lacks a privacy law and there's no regulation to corporate who is using the data.
India has the second highest number of internet users and second most populated country after China but it lacks a legal framework to ensure data protection. According to the Indian law, the recent data breach that amassed personal data of over 80 million FB users without their consent, is unethical but not illegal.
"If you take Cambridge Analytica as an example, what they have done is mining of data and purchase of data with the consent of users by tricking them into giving their consent and taking off their data. So you may call this entire practice of data collection and data harvesting immoral and unethical, but according to Indian laws, it is not illegal. It is not against the law of the land," a cyber-security expert Jiten Jain told PTI in a report that talks about the inadequacy of Indian laws to deal with data theft.