Cyber Security – CERTs, Policy, etc

New ideas needed for online privacy policies


From UPSC perspective, the following things are important :

Prelims level : Data Protection Bill provisions

Mains level : Paper 3- Issues of informed consent to the online privacy policies

The article discusses challenges posed by online privacy policies and suggests some ideas to make them more user friendly.

Issues with online privacy policies

  • Such policies are not designed for easy reading.
  • These policies are full of legal jargon and most are difficult to read.
  • Most policies are exclusively in English, which is clearly inadequate in a country where no more than 12 per cent are comfortable with the language.
  • A human-centric study across India found that even people who couldn’t read or write, when made aware of what they were consenting to, cared deeply about it.
  • Online consent is, therefore, a false choice for most Indians.

Importance of consent in data ecosystem

  • Consent is also the fulcrum of India’s fast-growing data ecosystem.
  • The Data Protection Bill under consideration by Parliament lists consent as a legal ground for data processing.
  • Last year, NITI Aayog sought public comments on the Data Empowerment and Protection Architecture (DEPA), a system that will connect an individual’s financial, health, telecom and other data so that it can be moved from one provider to another.
  • DEPA intends to use consent to ensure that users remain in control of their data.

New ideas needed to give users greater control

1) Business as steward of consumer trust

  • Businesses need to become more responsible stewards of consumer trust.
  • Experiments suggest that making consumers read privacy policies by getting them to stay on the “privacy policy” page for a few minutes, led to increased trust in businesses and greater data sharing.
  • Businesses can adopt such ideas to make users trust them more.

2) Regulatory bodies need to guide consumers

  • Consumers do not have the time or knowledge to go through privacy policies.
  • The food regulator’s food safety certifications and the Bureau of Energy Efficiency (BEE)’s rating guides have become part of our everyday lives.
  • Similarly, a “privacy rating” for apps can help individuals make more informed choices about their data.
  • Such “rule of thumbs” can help them cut through the jargon, trust businesses more and share more data.

3) Running awareness campaign

  • Governments and industry associations can play an enabling role by running innovative awareness campaigns that leverage local contexts, and relatable narrative styles.
  • The campaign should include awareness about messages logging off from public computers, and not sharing phone numbers easily.

4) Some other ideas

  • The “burden of proof” on privacy should rest with providers rather than consumers.
  • Businesses should act as fiduciaries of user data and act in the best interest of the user than simply maximising profits.
  • Regulators can create a new class of intermediaries that warn consumers about dangerous practices, represent them, and seek recourse on their behalf.

Consider the question “What are the issues with the consent to the online privacy policies? Suggest the measures to give users greater control over their digital destinies.


By educating and empowering every Indian, we will enable her to participate fully in India’s digital economy, and thereby create a meaningful digital life for every Indian. Only then will the true potential of Digital India be realised.

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now

Notify of
Inline Feedbacks
View all comments


Join us across Social Media platforms.

💥FREE for 24 Hours Prelims Notes
This is default text for notification bar