Mumbai: To understand the implications of Digital Personal Data Protection Act (DPDPA) in advertising, the Advertising Standards Council of India (ASCI) in collaboration with legal firm Lexplosion released a whitepaper, titled ‘Privacy & Progress: Pillars of Digital Bharat,” at an event in Mumbai. The whitepaper aims to empower stakeholders with actionable knowledge to thrive in the evolving digital landscape.
To navigate issues such as consent fatigue, and ease of use, and to provide personalised and more meaningful experiences, the white paper suggests that privacy needs to be an integral part of design and advocates for privacy-enhancing technologies to be adopted. This would ensure that advertisers not only comply with regulatory mandates but also cultivate trust and credibility among consumers. The paper highlights the need for an approach that balances privacy and progress, both of which are fundamental to a vibrant and sustainable internet economy.
The White Paper also encapsulates insights on this complex issue, gathered from a cross-section of businesses across sectors including organisations such as HUL, Google, Dream11, Pepsico, MakeMyTrip, White Rivers Media, Pidilite, UB and Leadsquared.
The event also featured panel discussions with experts aimed at addressing the implications of the DPDPA and its impact on businesses, consumers, and the internet ecosystem at large.
The whitepaper articulates the growth and opportunities that the internet has provided for business and individual growth across town class and social strata while reflecting on the growing privacy concerns amongst consumers. The whitepaper is based on insights gleaned from diverse perspectives, and aims to offer a holistic understanding of the DPDP Act’s implications for advertisers.
Advertising it noted is the fuel that allows for low/no-cost internet access and is an integral part of this ecosystem. The paper delves into the aspects of preparedness of Indian advertisers for the new Act and articulates the challenges and opportunities ahead. It provides stakeholders with guidance on navigating the labyrinth of compliance requirements while fostering a culture of privacy-sensitive innovation. The white paper sheds light on the need for consent which is informed, but also meaningful.
Core principles of the DPDPA Act
The principle of purpose limitation (use of personal data only for the purpose specified at the time of obtaining the consent of the data principal).
The principle of storage limitation (storing data only till it is needed for the specified purpose).
The principle of reasonable security safeguards.
The principle of accountability (through adjudication of data breaches and breaches of the provisions of the Act and imposition of penalties for the breaches).
The principle of consented, lawful and transparent use of personal data.
The principle of data minimisation (collection of only as much personal data as is necessary to serve the specified purpose).
While the impact of these provisions will remain to be seen in the days and years to come, there is a possibility that they may curtail the traditional ‘data-driven’ approach to advertising, which often involved extensive profiling and micro-targeting based on personal information.
The principle of data accuracy (ensuring data is correct and updated).
Manisha Kapoor, CEO and Secretary General, ASCI, said, “The DPDP Act is a significant milestone in India’s digital landscape, underlining the critical importance of data protection and consumer rights. For a thriving internet-based economy, advertising is a huge enabler, and we need to provide solutions that respect consumer privacy without creating friction for end users and businesses. All stakeholders need to be in constant dialogue to collaborate on approaches that are native, transparent and fair, even as the internet and its uses rapidly multiply. ASCI is committed to facilitating discussions and providing guidance on advertising-related matters to ensure a fair and vibrant digital future for India.”
Indranil Choudhury, Founder, Lexplosion said “We are delighted to have collaborated with ASCI on bringing this very important and timely whitepaper. We have been working with our clients for the past few months in fine tuning the strategies that go into DPDP compliance. We have shared insights and understanding from our work with various advertisers that can guide the industry in this regard. Such conversations and whitepapers go a long way in building dialogue, supporting compliance, and collaboratively paving a way for the future.”
Consumer Privacy Concerns: Indian consumers the whitepaper noted are increasingly embracing the opportunities provided by the online world. The advantages of personal and professional connections, validation and expression on social media platforms are being discovered. The virtual landscape has not only democratised access to information but has also made it more inclusive through non-text features. The ease of use and intuitive nature of online platforms, from social media to e-commerce sites, have become synonymous with the digital age.
The convenience of one-click solutions and personalised interactions has become a staple in the lives of consumers. The allure of the digital realm lies in its ability to offer unprecedented access to a myriad of online services and personalised recommendations, creating an ecosystem that caters to individual preferences seamlessly.
While consumers revel in the mostly free access to digital services, their access is largely paid for by the advertisement-based economy. The underlying business models involve intricate processes of data collection, processing and sharing.
Consumers today find themselves inundated with requests for consent to share data, without a full understanding of the implications. This is true in both the online and offline worlds. The asymmetry of information and power creates an implicit coerciveness that pressures individuals to say yes without fully understanding the implications. Consumers are usually unaware of the limits of those permissions. It may also be confusing to a lay consumer when some of these permissions may not fully seem logical to them; for example, a music site might ask for permission to access photos or contacts. The boundaries on what is being asked appear not to be evident.
Beyond the digital realm, this is true of documents like credit card agreements and house purchase contracts, where consumers often feel they have little power to negotiate noted the whitepaper.
Companies, bound by legal scrutiny, tend to present consumers with intricate clauses in terms and conditions and data policies, leaving them to decipher the fine print. The impatience and almost necessity to get on to what lies beyond consent usually make consumers click the ‘I agree’ button without reading through heavy-duty legalese. Therefore, while ‘informed consent’ is obtained, one could question whether this needs to give way to ‘meaningful consent’ that acknowledges the inherent asymmetry of power. The shift from informed consent to meaningful consent requires clear explanations of why certain data is requested in a way that is not overwhelming for consumers.
As the law attempts to address these complexities, questions arise about whether it can fully provide the desired protection for consumers.
The evolving landscape of technology often outpaces legal developments, leading to concerns about the true efficacy of legal frameworks in safeguarding individual privacy. While the law must strive to provide meaningful protection that aligns with consumer expectations and fosters a balanced and fair digital ecosystem, the more robust solutions may well lie in a ‘privacy by design’ approach. This would need the cooperation and collaboration of multiple stakeholders and a clear intent to make the system a fair one.
The proliferation of IoT devices introduces an additional layer to the ongoing trade-off between security and convenience. Smart home devices, wearables and connected appliances enhance daily life but also pose potential vulnerabilities, raising privacy concerns. As consumers continue to adopt these technologies, the line between discretionary data sharing and privacy breaches could blur.
The notion of privacy is transforming too, as greater individualisation makes consumers draw sharper boundaries around themselves. In India, there is also a growing anxiety about personal data security on account of the numerous cases of fraud and scams that seem to be occurring with alarming regularity. As this experience increases, the idea of safeguarding personal data takes root. However, the online protection space, rife with complexities such as passwords, OTPs and subtle changes in URLs, becomes a potential blind spot, exploited by scamsters who prey on consumers.
Balancing User Privacy With Digital Experiences And Commerce: The future of the open internet the whitepaper explains hinges on balancing user privacy with digital experiences and commerce explains the whitepaper. It serves as a hub for innovation, education and economic growth, providing democratic access to information and opportunities. In India, it fosters diverse perspectives, empowers individuals and levels the playing field for education and business.
India’s transition into its ‘Digital Decade’ aims for a $1 trillion internet economy by 2030, with digital services integral to the lives of its 700 million internet users. As household consumption doubles, digital commerce will further embed itself in daily routines.
To support India’s digital ambitions, the internet must remain conducive for publishers, developers and businesses to flourish equally, even as it works to protect consumer data. A vital element of this ecosystem is targeted advertising, which creates personalised and tailored experiences for consumers and generates revenue to support free platforms, services and applications. India’s users widely accept being receivers of personalised digital experiences to consume, share and transact without restrictions. However, even as users are becoming increasingly aware of how their data is being collected and utilised, consent fatigue is real as users navigate an ever-expanding barrage of pop-up consent banners.
The whitepaper goes on to explain that Privacy by Design (PbD) is a proactive approach to building privacy protections directly into the planning and development of digital products, services, and internet business practices. It emphasises that privacy should be a core consideration from the start, rather than an afterthought. Modern data protection laws, including the DPDPA, are integrating the concepts of PbD. This means that when collecting and processing personal data, data protection legal requirements must be considered and addressed from inception.
