This paper attempts to bring up the present scenario of consumer privacy and protection in India and other parts of the globe. The research reflects the need and importance of consumer protection in this era of hardcore nail-biting competition. It throws light on the new consumer privacy act passed in California in the United States with the help of some real- life cases and examples. It highlights the consequences, advantages and repercussions of the new law not only in the United States but also in third countries in this digital age of growing cybercrimes.

The paper also includes an aspect of how the General Data Privacy Regulations (GDPR), implemented by the European Union (EU), is related to the California Consumer Privacy Protection Act (CCPA). In view of India, the recent amendment in the Consumer Protection Act is of paramount importance and is a booming success in enabling India to move a step ahead in meeting the pre-established international standards. The main problem in India lies with the administration and implementation of laws. The research findings indicate that there is a dire need of some stringent comprehensive laws to reclaim the long lost confidence of the consumers in the global market and to make their online presence secure.

Introduction
Imagine being stopped at the entrance of a shopping mall and asked to show identity proof in order to get in. Now imagine, while you are there the attendant is watching and scrutinizing wherever you go and what all you buy. He even comes along and starts suggesting and recommending products without you asking him to help. Not only this, he even tells his co attendants about you and what you bought at the store, so they all start suggesting products which you should be buying from their stores.

You check out of the shopping mall and go to your car only to find pamphlets of future offers on products that you may want to buy. Isn’t it annoying and creepy? Did you not feel exploited and your customer experience ruined? This is what exactly these data-hungry big tech firms do to you online when they store and track your search results and locations. They bombard you with targeted advertisements on all social media platforms whenever you search for a product online. How is this possible? They claim your data to be your own and that they won’t share it with anyone. But here you are witnessing a flagrant misuse of your data without your consent.

This leads us to a question:
do we, the consumers, really own our data or someone else does?

A consumer is basically a person who purchases and consumes a good or service being offered for sale by the seller. US President John F Kennedy first traced the perception of consumer rights in a special message to the congress on 15th March 1962. This day came to widely recognised as the World Consumer Rights Day.1 It was on this day that President Kennedy had called for a set of four basic rights every consumer deserves: the right to safety, the right to be informed, the right to choose, and the right to be heard2. However, these utopic rights are hard to be swallowed in this era of cutthroat competition.

Digital Privacy And the Global Response
In particular, there is an issue which calls for everybody’s attention-PRIVACY. Our personal information is being shared, sold and exploited to such levels that few could have dreamed of back then. In fact, who could have anticipated that there would be an instrument like the internet which could provide so much information, but at the same time put our personal information at stake every single day.

There is a dire need for some concrete regulations to address the new set of challenges faced by consumers in this growing digital age.
In view of the present situation and its future consequences several US states, following the general data protection regulation (GDPR), put forth by the European Union (EU), are shifting and asserting their own protection laws that bestow GDPR like consumer rights with conspicuous differences. One such independent state data privacy and protection act is the California Consumer Privacy Act 2018 (CCPA).

This revolutionary act is stated to become the most stringent state privacy regulation in the United States today. The CCPA takes in its purview every single company of any significant size and unwinds the provisions with regard to processing, maintaining, collecting, and sharing data. This act, unlike the previously enacted laws, rules and regulations enable the consumers to pull out of data sharing to third parties and at the same time warrants a right to remedies in case of a breach, with regard to the provisions of the act, in the form of handsome penalties imposed by the California Attorney General’s Office. With this, the silicon valley’s new business game seems to be finding new baby companies and suing them under the new data protection act.

Breach of Data Protection Laws by Big Techs
A major breach in this regard came into account in May 2018 against Google which seems to take loops by entering the wrong kinds of headlines. This is presumed to be a record fine with respect to violation of the provisions of the general data protection regulation. The case was brought forward by two privacy rights groups in France one of them being a European campaigner Max schrems. One of the claims of the case highlight that Google did not have a legal basis to process data for personalisation for advertisements.

There was a lack of transparency as Google had not adequately informed the consumers on how it was going to use their information and the question of consent never came into the picture. The French data regulator, CNIL, snapped a fine of 50 million euros on Google. Critics argue that this in no case can be termed as a devil’s bargain for a company valued at more than a trillion dollars.

Google’s subsidiary YouTube is also trapped in a case of child privacy violation on the grounds that it acquired personal information from children without the consent of their parents. Federal Trade Commission (FTC) announced a ground breaking fine of 170 million dollars on YouTube which is cited to be the largest civic penalty ever secured by FTC under the Children’s Online Privacy Protection Act (COPPA).3 Google commented that ‘people expect high standards of transparency and control from us. We are deeply committed to meeting those expectations and the consent requirements of the GDPR’.4 This case has certainly moved the whole tech world with many big tech companies fearing the ripping consequences of breach of the provisions of the act.

The level of complexity and uncertainty posed by the California Consumer Privacy Act (CCPA) is a growing and major concern for the tech giants in California, who now cannot dispose off private information for huge sums. Many critics of the CCPA argue that the law was originally supposed to be a blow against big techs, but it is turning out to hit the freshers strongly.

Also, the attempts by companies like Google to weaken or make useless the provisions of the CCPA make the censurers question the entire purpose of the law. The CCPA is not just one of the regulators that can go after you for money, but individual people in California can also sue you. Surprisingly, you don’t even need to have a breach, you could just be violating their privacy by showing them an advertisement they don’t want to see without their consent. Indian companies are at a greater risk of uncertainty as the provisions of the General Data Protection Regulation are not only pertinent for EU countries but also third countries like India acquiring the data of EU residents.

The congress in the United States is resolute in its determination to come up with a comprehensive data privacy legislation that can bring consistency and uniformity in what is presently a mishmash of separate and independent state laws.

India – The Problem and the Solution
India, particularly, currently lacks any comprehensive data protection system. Our data privacy needs are, as of now, met by the Information Technology Act, 2000 and the information technology rules, 2011. But, these enactments are often cited to be incompetent in this epoch of bloodthirsty competition. Hence, it follows that there is a biting need for data protection regulations to address the growing and myriad burden of vulnerability on the consumers in India.

Many optimists also assert that India not having a strong data protection regulation is a myth and that the information technology act actually holds corporates and companies liable if they fail to protect the data of consumers or employees, under Section 43 (A), with the penalty being up to 5 crores which the highest penalty in the legal framework in India per se.

Taking advantage of the lack of awareness, some websites use files called cookies for acquiring data from the users and marketing them to advertising agencies. Some of the sites make it impossible for us to access the site unless we accept the cookies policy.5 Evidently, cookies, proposed for so-called ‘security purposes’, is of importance to commercial giants but it carries serious security implications with it.

The recent landmark judgement by the supreme court of India in Justice Puttaswamy V. Union of India is a booming triumph for privacy in India. The judgment was an outcome against a petition challenging the constitutional validity of the Aadhaar biometric scheme. It was in this case that the nine judge bench unanimously declared ‘right to privacy’ to be a part of article 21 of the constitution of India, guaranteeing life and personal liberty.6 The court at the same time upheld the overall validity of Aadhaar, however, disallowed the use of Aadhaar numbers by any private institution as it was found to be in violation of the provisions of the fundamental right to privacy.

There has been a recent amendment in the decade old consumer protection act, with the Consumer Protection Act 2019 replacing the Consumer Protection Act 1986. The global supply chain and the consumer markets have undergone radical changes with rising e-commerce platforms creating new opportunities and at the same time exposing consumers to much higher degrees of such trade practices like being constantly traced by advertisers which keep showing the same phone you bought a week ago, direct selling, growing cybercrime rates, political influencing, fake news, etc.7

Therefore, it became all the more important to amend the act in view of the growing concerns of the consumers. The revised act imposes stricter penalties for unprofessional practices and also constitutes detailed guidelines for e-commerce providers. The contemporary amendment in the consumer protection act also proposes the institution of a central consumer protection authority which will promote and enforce the rights of the consumers and repose the overall speedy grievance redressal procedure.8 Evidently, when it comes to meeting international standards laid down by the Consumer’s International and the UN guidelines on consumer protection, India is not at par. In a country like India where unemployment, poverty, and illiteracy are at their peak, promoting awareness on consumer related issues is not a cakewalk.

However, with the advancement of the economy and the constant efforts by the government, consumers are becoming more and more aware of their roles in influencing the governance of society. A balanced society is one whose economic planning is tilted to favour the ultimate king of the market – the consumer.

In view of this, the operations of the market are shifting from the principle of ‘caveat emptor’, literally meaning ‘buyer beware’, to ‘caveat venditor’ which basically means ‘seller beware’. It is indisputable that in India the main problem lies with the implementation of laws. The primary task for India, in the present scenario, is to strengthen the administrative system by providing incentives to public servants to carry out their duties.9 Consumer education can lead to strides of favourable outcomes. Though the ministry of public affairs is working hard in this regard, no concrete results can be sensed.

Closing Thoughts
As quoted by Tim Cook, ‘If you put a key under a mat for the cops, a burglar can find it too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.’10 Our privacy is in our hands. We cannot rely on the police forces alone to protect us. A certain degree of reasonable alertness is certainly required on our part also. We need to keep our windows closed and doors locked. Similarly, the responsibility of securing our privacy is a personal duty. It cannot be entirely left upon the government and the companies. This is what is the ideal should be situation, but in real scenario many users don’t even please to keep a proper antivirus in place.

Mahatma Gandhi once said, ‘the customers are the most important visitors on our premises, they are not dependant on us, we are dependant on them. They are not an interruption in our work, they are the purpose of it. They are not outsiders in our business, they are a part of it. We are not doing them a favour by serving them, they are doing us a favour by giving us an opportunity to do so.’11 However, unfortunately, little do the profit craving giant firms, in an advancing society, ponder over such principles. The world is changing its definition of privacy! Are you ready for it!

References:

1. Lawtimesjournal.com the history of consumer protection by Sonika Shekhar
2. Huffpost.com article by Jim Guest, consumer advocate, CEO consumer union, publisher
3. www.gritdaily.com FTC fines google record $ 170 million after child privacy violation, but is this meaningless? by Andrew Bossow 14th sept 2019
4. thehrdirector.com the google GDPR fine – why this case is significant? by Karen Holden
5. cookies – invading our privacy for marketing, advertising and security issues by Sowmyan Jegathessan
6. Electronic frontier foundation, article by Jyoti Pandey, 28 august 2017
7. www.Wired.com, should big tech own your personal data? by Steven Hill
8. www.pib.gov.in
9. www.iosrjournals.com comparative study of consumer protection in India as per UN guidelines by Lalita Dhingra, assistant professor, D.A.V centenary college, Faridabad
10. www.technopedia.com quote by Tim Cook, CEO, Apple.
11. www.Scconline.com – the SCC blog – quote by Mahatma Gandhi