May 7th, 2020, Kathmandu, Nepal
The pandemic has forced all of us to rely more on the internet as desperate measures. In fact, internet usage in Nepal has spiked due to the nationwide lockdown. Everyone is either working from home or learning from home.
During such dependency of every major sector of the nation on the internet, what could be the topics that we might be missing out on? To get a better insight into the importance of Cyber Law and data privacy, here’s an exclusive interview with a Data Privacy expert.
Let’s jump right into it!
Interview with Shubha Kayastha, Co-founder/Executive Director at Body and Data
Q. What exactly is ‘Data Privacy’?
A: Before discussing data privacy, I think first we need to untangle the concept of privacy, especially in Nepal. In Nepali society, our socio-cultural practices have their own way of looking at the issue of privacy, where a lot of personal information becomes part of daily conversation and cultural interactions. However, this does not negate the fact that Nepali people value their privacy On the other hand, Nepal is a signatory to the right to privacy.
Coming to data privacy, data can be anything from personal information to other facts or backgrounds. For instance, my phone records and the applications I use can be a sample of my data. So, all these data that have my ownership comes under the concept of data privacy.
With the increase in digitization of information and services and datafication, all my scattered data can be used to make me identifiable which makes it difficult to protect my right to data privacy. Breach of privacy would be using such information without their consent which can be used to purposely harm them. The discourse around data privacy is important because it protects my ownership over my data as well as any unauthorized access to my data.
Q. Why is it important to raise awareness for data privacy?
A: I understand that most people don’t know the concept of data privacy but certainly, they know what privacy is. However, the reason behind the lack of awareness regarding data privacy is the lack of awareness of what is happening with our data and how state and non-state actors are using our data and its benefits and potential harms.
For instance, if I use an iPhone, Apple collects my information based on my use of the smartphone. But it is unknown how the company will use my information. This is exactly why people have very little information regarding data privacy.
Talking about the current pandemic, health-related information is being disclosed maybe with the right intention but it violates the right to privacy. There is an increase in social stigma and hate towards migrant returnees and other marginalized groups either because they are at risk of being exposed to the virus or because of the misinformation spread around.
Currently, researchers are attempting contact-tracing of the infection which is one of the ways to deal with such a public health pandemic. A huge amount of data related to our mobility and health is being used for this purpose. However, there lacks transparency in what is data being used for, who is accessing them, and if the collected information will be deleted after the pandemic is over.
Moreover, the tech companies and concerning bodies that collect the data put health first and privacy second.
I believe there shouldn’t be ‘either’ and ‘or’. Instead, they can focus on implementing both at the same time. So, the argument here is people need not compromise one human right to accept another human right.
Q. How necessary is it to implement online education focusing on data privacy?
A: Before identity and privacy, I think we also need to talk about access to the internet and technology in the case of online education. Firstly, it is important to address affordability and accessibility. Not to mention accessibility in terms of disability, access to time when people especially women would already have other roles to play in their household and for those in remote areas.
Talking about data privacy, it is definitely very important. There is a matter of anonymity of data collection through the online platforms used for e-learning. Security vulnerabilities of the platform need proper review and the institutes must provide students with guidelines to use online platforms safely and securely.
However, it doesn’t mean that we shouldn’t digitize the learning process. Instead, we should explore safer and secure options. Educational institutes must seek advice from experts regarding platform selection and data protection, while also keeping into consideration the social and cultural elements of Nepali societies.
Q. If the data of my service provider is breached and my data gets dumped, how can it affect me and what measures can I take?
A: Firstly, a data breach might not only occur as a result of hacking but could also be because of not understanding what could cause it. We are also aware of data sharing and selling by the private company for profit. Sometimes, the data gets out for whatever purpose with or without our informed consent.
Similarly, the customers should show interest in inquiring about the policy of data privacy and compensation in case of a data breach. Customers can question the services of the company if they suspect the implementation of a proper policy in the company This will force companies to implement proper privacy policies.
Q. What can be the effect of a data leak on individuals?
A: There are cases of targeted hate speech against a woman who tested positive for COVID-19 recently. Data privacy definitely affects every individual but mostly, it generates risks for a certain group of people. For example, talks are going on to collect census data of the third-gender.
These data may or may not be digitized but are most certainly centralized. If the collection of gender diverse data gets leaked, we can be putting these groups in further risks. Similarly, if the data of anonymously working individuals get leaked, it can put their lives at risk.
Q. Any words of suggestion for the general public?
A: There are several strategies to ensure data privacy at an individual level. The first thing is the simple concept of digital hygiene 101. People should maintain passwords in their devices and applications they use and consider using different passwords in different accounts.
Using open and free software is another way to protect yourself. Similarly, you can keep any sensitive or private information in an encrypted form. A simple application or folder lock will do. Also, people can explore the privacy settings of their browser to allow or disallow certain accesses. The same goes for social media platforms like Facebook, Twitter, and even YouTube.
People should also be aware of finding solutions if something goes wrong, for example, in case they forget their password. Likewise, if you notice unwanted activities or unauthorized access on your account, you should know whom to contact and what to do. So, people should know these things before starting to use any platform for their own safety.
Another very essential thing is antivirus. You should have an antivirus or firewall on your device to protect it from malware. Also, make sure to update your applications to ensure stronger security.
The main reason behind all of this is to take autonomy over your own gadgets and data and to protect oneself from potential harm and risk.
Do you think we need to immediately drive our attention to data privacy before implementing online education? Let us know!