Relevance

 

Data Privacy Day, observed annually on January 28, is a crucial reminder to protect our personal information in an increasingly digital world.


This year, as we commemorate this day, we consider how advancements in artificial intelligence ('AI'), machine learning ('ML'), privacy-enhancing technologies ('PET')s and Internet of Things ('IoT') based devices are increasingly influencing our daily lives. In this thought leadership piece, we will explore how our dependence on technology is expected to grow even more in 2025. However, this increased reliance also raises significant data security risks that need to be addressed, as a consequence of the following:


  • Increasing cyber threats | Sophisticated cyber-attacks through ransomware, phishing and identity theft are on the rise.


  • Exploitation of personal data | Enhanced usage of personal data for illegal, unapproved or profit-driven purposes.


  • International regulations | Governments around the world are enforcing stricter data privacy laws, such as the CCPA in California, the GDPR in Europe and DPDP in India.

Let's take a granular look at the invisible web of data collection


Data tracking is the process of collecting information about an individual's online activity. From the websites we visit and searches we perform, to the products we browse and the content we engage with on social media, our data is constantly collected through various methods - often without our explicit awareness or understanding.


The ensuing summary raises the awareness of the main means of data collection.

1. Cookies: These small text files are stored on our devices by websites we visit. They serve various purposes:

2. Web beacons: These tiny, often invisible images (1x1 pixel) embedded in websites, emails, and online ads act as beacons.
  • First-party cookies: Set by the website you are directly visiting, they remember login details, shopping cart items, and other site-specific preferences.
  • Third-party cookies: Third-party domains, often advertising networks, set these cookies to monitor your activity across multiple websites, building a profile of your browsing behavior for targeted advertising purposes.
  • Session cookies: Temporary cookies that expire when you close your browser.
  • Persistent cookies: Remain on your device for a specified period, even after you close your browser.
  • When you load a webpage or open an email containing a web beacon, your browser or email client sends a request to the server hosting the image, notifying the tracker of your activity.
  • This allows advertisers and website owners to track (a) Email open rate, (b) Website page views & (c) Ad impressions.

3. Browser fingerprinting: This sophisticated technique goes beyond cookies. It collects information about your browser and device configuration to create a unique "fingerprint."

4. Location tracking: Your location can be tracked using various technologies.

The data points used include:

  • User-agent string (browser name and version).
  • Screen resolution.
  • Installed fonts.
  • Browser plugins and extensions.
  • Operating system.
  • Time zone.
  • GPS (Global Positioning System): Highly accurate location data from satellites.
  • Wi-Fi positioning: Uses the location of nearby Wi-Fi networks to estimate your position.
  • IP address geolocation: Your IP address reveals your approximate location (city or region).
  • Cell tower triangulation: Mobile networks can triangulate your location based on the signal strength from nearby cell towers.

5. Mobile app tracking: Mobile apps often request access to various device features and data.

6. Third-party trackers & scripts: Many websites and apps embed scripts and code from third-party companies, primarily for advertising and analytics.
  • Contacts: Access to your address book.
  • Location: Access to your GPS location.
  • Camera and Microphone: Access to your device's camera and microphone.
  • Usage Data: Information about how you use the app. This data is often shared with third-party advertising networks and analytics providers.

These trackers can collect data about your activity on that site/app and often across other sites/apps as well.

Retrieving control | Practical steps for enhanced privacy


While it is impossible to completely eliminate data tracking, set out below is a summary of some measures we can take to minimize its impact and regain some control over our personal information.


  • Use a privacy-focused browser.
  • Install privacy extensions.
  • Adjust browser settings.
  • Use a VPN.
  • Be mindful of App permissions.
  • Use search engines that don't track.
  • Support privacy regulations.
  • Educate yourself and others.

The evolving landscape | Emerging trends in privacy

AI & ML

IoT

Zero-party Data

Blockchain & decentralized technologies

PETs

AI and ML algorithms analyze vast amounts of data to create detailed user profiles, raising concerns such as bias and discrimination, where algorithms can amplify existing biases, lack of transparency due to the complexity of decision-making processes, and the impact of automated decision-making in critical areas like loans, employment, and criminal justice.

The rise of connected devices, including smart homes, wearables, and connected cars, has created a network of continuous data collection. Concerns include data security, as IoT devices are vulnerable to breaches, data aggregation, where multiple device inputs create detailed personal profiles, and lack of standardization, which leads to inconsistent security and privacy practices.

This approach prioritizes transparency and user control by directly soliciting data from users with clear explanations of its purpose and benefits. This fosters trust and enables users to make informed decisions about their data.

Blockchain offers decentralized data management, giving users more control over their personal information. Its features, like encryption and immutability, enhance data security and privacy.

PETs aim to minimize data exposure while enabling analysis. Examples include differential privacy, which protects individual data by adding noise to datasets, federated learning, which trains models on decentralized data without centralizing it, and homomorphic encryption, which allows computations on encrypted data without decrypting the same.

Takeaway | A call for transparency & empowerment

 

The uncomfortable reality is that a majority of those who have access to our personal information do not require it, and hence we should be blocking access to it. Anyone who is "on the grid," that is, who uses any type of digital device for any purpose and believes that firewalls and spam software are protecting their data, should take note of this day.


This is a good time to examine our practices and make progress toward improved privacy, which is not a privilege but a fundamental right (in India) that must be upheld in the digital era.


Data Privacy Day serves as a reminder to handle personal data with the same care as cash. We must safeguard it as though our lives rely on it because, in certain cases, they do!


Should you require assistance in safeguarding your organization's digital privacy, please do not hesitate to contact us at contactus@mgcglobal.co.in.


Warm regards,

Markets Team

MGC Global Risk Advisory

About MGC Global Risk Advisory 

Recognized as one of the '10 most promising risk advisory services firms' in 2017, as the 'Company of the Year' in 2018 &, 2019 (both in the category of risk advisory services), one of the 'Top Exceptional Companies to Work For' in 2020, amongst the 'Top 25 Customer Centric Companies' in 2020, 'The Consultant of the year' in 2021 (in the category of risk advisory services), 'Top Exceptional Leaders in Risk Advisory Services' in 2023 and 'Best place to work' in 2024; MGC Global is an independent member firm of Allinial Global.

 

MGC Global provides services in the areas of enterprise-wide risk management, forensic, internal audits, control assessments (SOC, IFCR & SOX), process re-engineering, governance frameworks, privacy & data protection (including GDPR & DPDP), IT risk advisory, GDPR, VAPT, ISO readiness, cyber security, vCISO, VCFO, accounting advisory, forensic, ESG & CSR services.

 

Our firm has the capabilities to service its clients through its offices in Bengaluru, Mumbai, NCR; and has service arrangements with associate firms in all major cities in India.

About Allinial Global

Allinial Global (formerly PKF North America) is currently the world's second-largest member-based association. With collective revenues to the tune of approximately US$ 6 billion, Allinial Global has dedicated itself to the success of independent accounting and consulting firms since its founding in 1969. 



It currently has member firms in over 105 countries, who have over 28,000 professional staff and over 6,000 partners operating from nearly 700 offices across the globe.

 

Allinial Global provides its member firms with a broad array of resources and support that benefit both its member firms and their clients in the key impact areas of learning & development, human resources, international outreach, technical support, knowledge-sharing through its specialized communities of practice, information technology and practice management.

MGC Global Risk Advisory LLP | MGC Global House, No. 1 Cariappa Marg Sainik Farms | New Delhi, DL 110 062 IN

Unsubscribe | Update Profile | Constant Contact Data Notice

Constant Contact