S. Swaminathan is a Co-Founder & CEO of Hansa Cequity.
Data privacy and protection is a fundamental foundation for an emerging data-driven economy like India. Permission marketing will be the next battleground brands or marketers will have to take cognisance of, as India transforms from a data-poor economy to a data-rich economy. Permission marketing, a word coined by marketing expert Seth Godin in a book by the same name, is a non-traditional marketing technique that advertises goods and services when advance consent is given.
Let’s look at some trends on how the Indian economy is moving towards being more and more data driven. At the last count, India has claimed first place across the world with 270 million Facebook users followed by the US which has 240 million Facebook users. Indians are leaving behind so much private data and information on this social media platform which is accessible to the world. The number of mobile wallet users in India is already over 250 million with Paytm having more than 100 million users and growing at a rapid pace. India, not China, is the world’s fastest growing mobile payment market. The number of mobile wallet transactions is expected to surge to Rs 1 trillion in 2018. By 2025, digital transactions are expected to reach $1 trillion with four out of five transactions done digitally. There is little wonder then that the Reserve Bank of India (RBI), the country's central bank, has promulgated Know Your Customer (KYC) norms for wallet companies. The amount of privacy data that is being left behind with wallet companies is also enormous.
The number of mobile phone users in India is inching over 750 million consumers with smartphone users expected to reach 490 million by 2022. This will lead to a lot of mobile data usage and, therefore, personal data and information becoming available in the public domain. India’s demographic dividend is also driving this change as it is estimated that India has about 390 million millennials and about 440 million generation Z, the generation that follows millennials. The Gen Z generation processes information faster and uses a lot of mobile applications like Snapchat, Vine and so on, apart from the usual popular social media apps. Therefore, the amount of personal data that will be at play – personal, behavioural, attitudinal and financial – so data privacy will be of paramount importance to protect the i-generation and citizens.
Poor data protection culture in India
In the past, very little attention has been paid in India to personal data and privacy. It’s not uncommon for consumers here to share their personal information with different companies and entities – PAN card, Aadhaar card, mobile number, email id, address, phone numbers – are easily doled out. Personal data is constantly misused by different companies or service providers. Data theft or selling data is very common but it needs to stop. When a data breach happens, the business, entity or individual responsible for the breach should be penalised.
Today, businesses pay very little heed to the privacy of the Indian consumer. If caught constantly calling or using customers' personal data to solicit business without their permission or consent, they should also be pulled up and penalised.
Data confidentiality and privacy is a primary right. Indian customers need to learn to exercise this right as the economy becomes digitally driven.
Getting the data and usage definition right
Before talking about data privacy, defining its elements clearly is critical » What is personal data? What kind of information constitutes personal data must be clearly defined.
» Often, a business doesn't take consent of the customer before using personal data. The definition of valid consent within the Indian jurisdiction then becomes very important.
» Collection – There needs to be clarity on why data is being collected, for what purpose, and requires clear articulation.
Nowadays, a lot of data is requested by different companies or entities in the enrollment or purchase form, invoices and payments or when while registering for online subscription. However, its purpose is not defined.
» Permission to process – It is important to give the consumer a right to influence or grant permission to process the data. Also, they should be allowed to give or withdraw the right to companies to rectify, add or access this data.
To access any kind of personal data, collection, access, permission to use this information by different companies must be made mandatory by a data regulator or a data protection authority. Also, a clear data protection law will ensure that whenever there is a handshake of Personal Identifiable Information by companies for various reasons across channels and service providers, confidentiality and hence privacy is maintained.
As India gets data mature over the years, a clear enforcement model will be necessary, during a breach of personal data. Setting standards, privacy exchange platform and monitoring data will become vital and there will be a huge need to improve awareness amongst Indian consumers and businesses.
Non-compliance and misuse of personal data and breach of privacy should attract strong penalty.
Data protection and privacy act with common standards across the country to protect the fundamental right to privacy of every Indian will go a long way.
As urban and rural Indians become digital natives, in the future, they will be uncompromising of brands or businesses that don't respect their personal data and privacy. The Indian data protection framework under consideration needs to be comprehensive across offline and digital ecosystems and should consider how the Indian consumer of tomorrow will live, shop and work.
The author is a Co-Founder & CEO of Hansa Cequity, a leading customer & data-driven marketing company out of India.