Read on Twitter
It's an absolute shame that Facebook is not notifying users that their data has been breached. This impacts 500 million users worldwide, and from what I've read and an estimated 6.1 million in India.
1/n
1/n
Frankly it's ridiculous that Facebook can even choose not to notify users that their data can be breached. Should be illegal. It shouldn't be their choice. It's not their data.
You & I might read the news & know abt the breach. We might know how to find sites that help us
2/n
You & I might read the news & know abt the breach. We might know how to find sites that help us
2/n
Out whether our data has been leaked (mine hasn't). Millions of people do not. They deserve to know.
It is Facebook's responsibility to inform users. Even if passwords haven't been scraped. This data can be used with other data. Users need to be warned of risks
3/n
It is Facebook's responsibility to inform users. Even if passwords haven't been scraped. This data can be used with other data. Users need to be warned of risks
3/n
Facebook might not know of all the users whose data has been breached here but some users have checked their data via some of these sites, like the one by @troyhunt. Why can't facebook inform at least those people that these sites know about? Best efforts basis?
4/n
4/n
India does not have a data protection law, but if the draft bill were the law how would that work?
It would still not be a users right to know. Under the draft bill, when there is a breach, the company has to inform the data protection authority, who has the final say
5/n
It would still not be a users right to know. Under the draft bill, when there is a breach, the company has to inform the data protection authority, who has the final say
5/n
regarding whether users should be informed. This approach is also problematic.
The only reason for not informing users about their data breach is to protect the reputation of someone, either a company or a government department. Worst case scenario:the vulnerability has not
6/n
The only reason for not informing users about their data breach is to protect the reputation of someone, either a company or a government department. Worst case scenario:the vulnerability has not
6/n
addressed yet. There can be norms for timelines,but to not make it mandatory to inform users is to rob them of their right to know, & protect themselves.
We saw this with UIDAI. Aadhaar data of millions of people was published online by govt depatments, but Indian govt
7/n
We saw this with UIDAI. Aadhaar data of millions of people was published online by govt depatments, but Indian govt
7/n
refused to even acknowledge that data had been compromised. They hid behind statements like "biometric data is still safe", even though other data had been compromised. This kind of irresponsible behaviour cannot be allowed when privacy is a fundamental right.
We need to know.
We need to know.
