If you've hit the 'allow' button on any app, there's not much you can do

The data sharing scandal involving Facebook and UK-based Cambridge Analytica last month has people thinking about whether or not to press the “allow” button while downloading an app.

The data breach has created an air of uncertainty among the average person with access to a smartphone. But how are you affected when you allow an app to access your data?

“We are trading our privacy for convenience,” according to Ritesh Bhatia, a data privacy consultant, who specializes in the privacy and protection of sensitive data. “When one is not the consumer, one becomes the product.”

“Everything is being recorded,” he points out. Major technology companies in the world keep seem to track of whatever a person browses and the content consumed, what is shared and what is purchased online.

While most of the apps and the content that we download and consume are free, Bhatia suggests that there are no free lunches. “We are giving all our information to these people, which is being stored or sold to to other parties.”

A person can use a financial services app to keep track of their assets. The app would be free, but the person would have to view advertisements on the app.

With the help of cookies, an activity log is created where activities performed on the app are logged. This can be a potential indicator of the users interest in various financial instruments 'such as equity, commodities or even cryptocurrencies.

In the worst case scenario, a rouge employee or a hacker can access your data and wipe it away from the server where it is stored in. While your data can also be mined and sold to third party entities. If a buyer finds out that the person has a healthy portfolio, they could become a potential customer for a loan or similar products.

“There is not a single day when finance companies do not call me for a loans,” Bhatia said. "Earlier, I used to get two to three spam calls in a month. Now I get two to three such calls in a day.”

Bhatia further explained that if a person has access to the activity on your food-ordering apps, they will have an idea of your eating habits. If the trend of your orders steers towards the unhealthy side, this sort of data is sold to insurance companies, and your premiums could be hiked.

The more nefarious side to this can be seen on social media apps. Speaking about the concept of micro targeting, Bhatia stressed that any person will better “understand very specific things about you.”

When people express their political views and opinions on social media, opposing political parties try and influence your opinions.

“When five different people come and tell you that something is fake, you will believe it.”

Bhatia continued that even taking up an alternate identity online will not help, as the mandatory Aadhaar linkage can help track a person’s real identity.  Even something as benign as sending a WhatsApp forward is enough to get a person's IP address.

So, what can a person do to safely navigate the digital space, without sharing personal details?

“There is not much we can do about it. There is no solution,” Bhatia noted. He stressed that no matter how much we keep tweaking our privacy settings, the next update of the app brings about a change in the settings.

“We also don’t have a data protection law. We have a law that protects sensitive data. Many people aren’t aware of it.”

However, in the European Union, companies are preparing as the General Data Protection Regulation (GDPR) will come into effect on May 25. The GDPR is part of EU's legislation, which has been designed to protect the personal data of the masses.

Also read: What is GDPR? 10 key points on the new EU law for data protection

A key feature of the law makes it mandatory for companies to notify their data protection authority about a data breach within 72 hours of it being detected. Failing to comply with this could result in a fine up to 4 per cent of global turnover of the company or €20 million.

While such laws are yet to be implemented in India, Bhatia suggests that we can safeguard our data to an extent. When we install an app, and it asks for permissions for things it might not need to function, we can put the phone in flight mode, and disallow the permission requests, before turning on the data once again.

Bhatia also suggests to “keep your personal and professional profile as low as possible.”

“I feel user awareness is the most important. This is not a place to post about your good or bad days, or vent out. This is a place that will multiply your thoughts or misinterpret it. Do nothing. Let your friends know about the same.”