How safe is your Data online ?
“This is it.
Today, our EU #DataProtection rules enter into application, putting the Europeans back in control of their data.
Europe asserts its digital sovereignty and gets ready for the digital age.”
— Europe Commision.
The recent Data Protection Regulation by the EU have succeeded in bringing back the interests of people around the subject of Data Privacy.
What is it that is so dangerous with such big companies like Facebook and Google, that we need to be so concerned with.
Staying in India, Data Privacy has never been the primary concern for us with the larger problem being that of staying economically afloat and try to compete with other growing economies. However with changing times where the shift has happened from Physical to Digital, it is time we as custodians of our property ask for our rights and not let anyone misuse and profit from such personal instruments.
At the face of it we have ready access to information and services at the touch of a button or at the voice to a microphone. Seemingly it does feel liberating and like we as Humans have evolved to a stage where these services seem much like resources from Nature, like air and water; it’s there, for everyone, unlimited in supply, take as much as u may.
But is Google or a Facebook = Nature ?
Like everything that is too good to be true,the caveat : your identity.
We willingly hand our identity over to these tech giants. Which is fine. If it is used in the correct manner. The question remains would you to trust them without knowing what happens to your Data?
Let’s delve further :
The one App which appalled me was Practo, which has again become many people’s goto App for their health requirements. Locating and Booking appointments with Medical Practitioners and maintaining health records have never been simpler. At the cost of what ? Let’s explore.
Dealing with such sensitive information as our Health records, we should expect the company has proper measures in place, to prevent its misuse; so it shows, on their website, ensuring users of the best security measures in place.
3.1.3All the information provided to Practo by a User, including Personal Information or any Sensitive Personal Data or Information, is voluntary. You understand that Practo may use certain information of yours, which has been designated as Personal Information or ‘Sensitive Personal Data or Information’ under the SPI Rules, (a) for the purpose of providing you the Services, (b) for commercial purposes and in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, (c) for sale or transfer of such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates (d) for communication purpose so as to provide You a better way of booking appointments and for obtaining feedback in relation to the Practitioners and their practice, (e) debugging customer support related issues.. Practo also reserves the right to use information provided by or about the End-User for the following purposes:
- Publishing such information on the Website.
- Contacting End-Users for offering new products or services.
- Contacting End-Users for taking product and Service feedback.
- Analyzing software usage patterns for improving product design and utility.
- Analyzing anonymized practice information for commercial use.
All the time and energy saved using Practo at the expense of what ?
What was it that we just let become, no longer private and sensitive information ?
Practo defines the following as Personal Information & Sensitive Personal Information:
- contact data (such as your email address and phone number);
- demographic data (such as your gender, your date of birth and your pin code);
- data regarding your usage of the services and history of the appointments made by or with you through the use of Services;
- insurance data (such as your insurance carrier and insurance plan);
- other information that you voluntarily choose to provide to us (such as information shared by you with us through emails or letters.
Sensitive Personal Information
- financial information such as bank accounts, credit and debit card details or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- biometric information;
- information received by body corporate under lawful contract or otherwise;
- visitor details as provided at the time of registration or thereafter; and
- call data records.
Yes, you just agreed to allow Practo to sell all of this for “ Commercial Purposes” !
Also, Practo can for some strange reason apparently list all of this data on their website. Crazy? Read on.
Why on Earth does Practo need access to your “call data records” ?
So now you want to delete the App, close your account , stop all associations with Practo ? No you can’t.
3.1.6There may be circumstances where Practo will not correct, delete or update your Personal Data, including (a) where the Personal Data is opinion data that is kept solely for evaluative purpose
3.1.7 If you wish to cancel your account or request that we no longer use your information to provide you Services, contact us through firstname.lastname@example.org . We will retain your information for as long as your account with the Services is active and as needed to provide you the Services. We shall not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymized and aggregated, and then may be held by us as long as necessary for us to provide our Services effectively, but our use of the anonymized data will be solely for analytic purposes.
Again the tricks of the lawyer to present in a manner which the average user would not understand even if he/she at all takes the pain of going through. In simple terms what it implies is, Data once given to Practo, becomes their property.
All these unscrupulous policies not only apply to the end users of Practo, but also to the Practitioners on Practo.
Practo also admits to storing the given information ( which include your personal health records) in Physical or Offline form.
4.1Your Personal Information is maintained by Practo in electronic form on its equipment, and on the equipment of its employees. Such information may also be converted to physical form from time to time.
You might think your Personal Health Records are somehow just going to the concerned Doctor you are dealing with, however it is not so. The point below blatantly acknowledges that your Personal Health records are being given/sold to other Doctors/authorities.
4.4Part of the functionality of Practo is assisting the doctors to maintain and organise such information. Practo may, therefore, retain and submit all such records to the appropriate authorities, or to doctors who request access to such information.
Considering the extremely private nature of Health Related Information, imagine the adverse consequences one would have to face if such companies are allowed to operate, to whom your data is nothing but a simple money making instrument.