There are 7.7 billion people in the world, producing over 2,500,000 terabytes of data every single day. We can also say that, on an average, every person living in Bangladesh is currently creating 13.5 MB of data every hour. The number of internet subscribers in Bangladesh as of April 2018 was at 86 million, and with the current government in pursuit of Vision 2021, this number is only expected to go up. Given these astonishing data and in the era of IOT (Internet of Things), where does Bangladesh stand when it comes to protection of data?
With the help of the internet, almost all products and services are simply a click away. Any transactions as such require us providing information like our name, address, contact number, email address, credit/debit card numbers, etc. to organizations engaged in e-commerce. We as consumers are not always aware of how this plethora of information will be used by these organizations. Sometimes the intention is as obvious as using the data to track sales, build relationships with customers, or design marketing campaigns targeting them. However, at times for the ease of collection of data, organizations store them in insecure locations, share with third parties, or if the worst comes to the worst, even sell them for their own benefits.
Concerns about how much data is collected, for what purpose, privacy losses, security risks, and other consequences have been growing worldwide. This is also true for the brands themselves. A research undertaken by data management specialist Ensighten this year has revealed that close to half of all enterprise brands believe they have a probable (or greater) risk of a website data breach. And they should be concerned because data breach also affects their own reputation in the market. According to a study done by Ping Identity across the US, UK, France, and Germany, around 50% of consumers will not sign up or use an online service or application that has experienced a data breach.
In September 2018, around 380,000 transactions in the British Airways website were exposed to hackers who may have stolen names, addresses, email addresses, card numbers, expiry dates, and even CVV security codes, which gives an extra layer of protection for online transactions. The brand’s ‘impression score’, which measures whether someone has a positive or negative impression of the brand, fell significantly after the incident. However, some of the damage was contained by British Airways by acknowledging the data breach, apologizing to the public, and contacting all affecting customers via email immediately after they realized it. The Ponemon Institute, in its “Cost of Data Breach” (2013) study found out that a single data breach, on average, costs over USD$500,000 for companies.
With all these statistics at hand, let us analyze the situation in Bangladesh. The e-commerce business has been expanding at a rapid rate, crossing $110 million (around 900 crore taka) in 2018, growing from $65-70 million in 2016. The market size is expected to reach the 70 billion Tk mark by 2021. There are around 100 formal e-commerce players in the market, while it is being flooded by the “informal” f-commerce platform which now contains 10,000 – 15,000 companies. Although there have been only a few incidents of data breaches, the recent accusation against the ride-sharing app Pathao has made headlines and caused much clamor on social media. Pathao is the most successful ride-sharing Bangladeshi brand valued at over $100 million and had recently received an investment of more than $10 million from Indonesian firm Go-Jek. Today the organization has 50,000 motorbikes in its network and a team of 500 users with its operations in three cities in the country.
In November 2018, a young systems analyst based in Dhaka released findings from his investigation about the app’s access to user data and mentioned that Pathao is “stealing information and storing it in a server” without informed consent from its users. He mentioned that from the consumers’ end, there is a general lack of understanding of the significance of allowing an app to access other apps and functionalities of the smartphone. He then compared the app with its competition Uber which only asks for user’s location at the time of installation. He demonstrated his findings through an on-hand evaluation of the app on a video, which went viral in social media. The brand acknowledged that they had been collecting SMS and contact lists from the users but claimed that the information is safe and secure with them. They also released an update of the app within a day changing its installation policies. However, many users abandoned the app claiming that they do not trust the brand anymore.
Data protection laws are also globally rising in numbers, the recent comprehensive law being the EU’s General Data Protection Regulation (GDPR) which came into effect in May 2018, strengthening the consumer rights and hold businesses more accountable to the people whose data they collect. Even our neighbor India enacted specific Data Protection Rules and a consolidated Privacy Bill namely the Personal Data Protection Bill 2018 has been proposed, prescribing how the organizations should collect, process, and store consumer data, making individual’s informed consent central to data sharing. According to the United Nations Conference on Trade and Development (UNCTAD) report on Data Protection Regulations (2016), there are around 108 countries with either comprehensive data protection laws or partial data protection laws. Unfortunately, Bangladesh is not one of them.
There has been a growing demand for enacting data protection laws to ensure the safety of digital personal data collected by e-commerce platforms in Bangladesh. The government has approved the draft of a digital commerce policy to make e-commerce and digital transactions safer and easier with the aim to protect the interests of traders and consumers. While complying with policies like this can mean more work for the brands, it will also sow benefits for them in the form of trust of the consumers.
The truth is consumers want and will be desiring more control over personal data. It is important for the brands involved with e-commerce to recognize this growing need and be on board. The marketers often make the mistake of recognizing trust as one of the many factors that affect consumer decision. However, it is sometimes simpler than that. Sometimes, mistrust can be the single thing that makes a consumer turn away from a brand.
Collecting and protecting consumer data more carefully and with transparency can boost a brand’s reputation and increase brand love and loyalty. This can be done by giving the consumers full control over the types of data they share, explaining to the consumers what they will be receiving by sharing their personal data, and providing them with tools that easily allow customers to edit their privacy settings.
Building a safer digital world for all of us is extremely important; how fast and effectively we can do that is the question we should ask the government, policymakers, private sectors, and tech experts. Because a mammoth task like securing zillions of data for the greater good cannot be done without everyone’s concerted effort.