Whose data is it anyway?

Srikanth Rajagopalan

Updated on Jul 5, 2022

We Indians spend a lot of time on our smartphones. A study in 2021 revealed that an average Indian spends almost 5 hours on mobile apps, which is the fourth highest in the world. Most of this time is spent on free apps like social media. Who doesn’t want free stuff? A different study pointed out that we Indians spent 4684 million hours on social media apps in the year 2019.  

Now, think about this for a second. All those 4684 million hours on social media, we watched millions of videos, chatted on messenger with friends and family, followed our favourite creators, and so on. For this huge volume of content that we consumed, we did not have to pay any money. It’s all for free! All you have to do is endure a few ads here, a few pop-ups there. That’s all. Beautiful, right? Sounds like an excellent deal. But it’s not that simple.  

We actually do pay a lot for using the apps. It only seems like we don’t. As usual, the reality is slightly more complicated than it appears to us. As we continue to use these apps, we generate a sizeable amount of data, which pertains to our location, the devices we use, what we are searching for online, usage patterns, financial information from emails & text messages, etc. All this data can be handed over to the highest bidder. While we signed up for these apps, we also agreed to share this data with the companies who built the apps. That is the price you pay for the “free” services: your data. In case you are wondering why you don’t recall agreeing to any of this, let’s refresh your memory. Remember the “I Agree” button you clicked on, at the bottom of a seemingly endless list of “Terms & Conditions”? These terms were hidden somewhere in that opaque and massive jumble of words.  

Most people readily click on the agree button, since it would have taken them really long to go through all points. How long, you ask? Check this out: 


App/Service  TOS 

Word Count 

Minutes to read (240 wpm) 
Microsoft  15,260  63.5 
Spotify  8,600  35.8 
TikTok  7,459  31.4 
Apple  7,314  30.5 
Zoom  6,891  28.7 
Tinder  6,215  25.9 
Slack  5,782  24.1 
Uber  5,658  23.6 
Twitter  5,633  23.5 
Snapchat  4,935  20.6 
Linkedin  4,346  18.1 
Facebook  4,132  17.2 
Google  3,459  14.4 
Amazon  3,416  14.2 
YouTube  3,308  13.7 
Reddit  3,267  13.6 
Dropbox  2,704  11.3 
Netflix  2,628  11.0 
Instagram  2,451  9.7 


Source: Visual Capitalist, 2020 

Who would go through each of these lines meticulously before they hit “I Agree” and move on? Nobody, right? 

One of our clients, a distributor for consumer loans, ran a survey amongst their customers and asked a simple question: “You have a bank account. Who owns the data in that bank account – transactions, balances, etc.?” 

Less than 53% of the respondents said “Me” 

Clearly, even the most digitally literate consumers are unaware of a simple fact: that they own their data. The fact that we are the owners of our own data is so deceptively simple that not everyone grasps it so easily. But it is important to know that it is indeed our data, and it is being used by these service providers. But this practice, while seemingly harmless, can cause a lot of damage to the user.  

What could go wrong? 

 As long as the annoyance was limited to ads and spam messages, it was okay. However, recently, we’ve seen some alarming instances, well reported in the press: 

  1. Malicious lending apps that collect data from lenders’ phones and social media accounts, and harass them and their family members for collection. There have even been unfortunate instances of customers taking their lives, unable to bear the harassment. 
  2. PAN numbers used without permission, to apply for loans in other people’s names 
  3. Loans created as part of a purchase process, where the customer is unaware that her “EMI plan” is actually a loan repayment with a bank or NBFC. If she’s unhappy with the product she bought and returns it, chances are high that the loan is not closed immediately, and she continues to be liable to repay those EMIs. 

All because we don’t know our rights over our own data and don’t know where it’s being shared.

Author Name: Srikanth Rajagopalan

Designation: CEO, Perfios Account Aggregation Services Pvt. Ltd.

Subscribe for Updates

We have a Data Protection Law. Now what?

Aug 24, 23 3 minute read

Accelerating Lending to MSMEs: Harnessing Bank Statements and GST Data through Anumati

Aug 03, 23 3 minute read

Light the spark with Anumati Imagine an all too real scenario at your mid-to-large size financial institution

Jun 15, 23 2 minute read