There is a lot of publicity about misuse of customer data by Internet-based services companies. Regulatory agencies and the government should do their work and reduce risks to citizens. I have some suggestions:
1) An App demanding blanket access to customers’ contacts, photographs, etc. should not be allowed. They cannot harvest your contacts and bother all those in those contacts with commercial solicitation. The App could ask for limited access, such as the email address of a person in my contacts when I ask the App to send him an email. The service provider should not misuse his email address to solicit business from him.
2) Terms and Conditions for online apps should not exceed 200 words and should be in simple English. The T & C are not for obfuscation.
3) For Indian customers, the legal jurisdiction should always be local Indian courts according to the customer’s location.
4) Irrelevant information should not be demanded. It is no business of the email provider whether the customer is male or female, and what the customer’s age is.
5) No credit card or debit card of the customer should be stored by the online service provider. The customer can always provide them for one-time use, whenever required, directly to the payment gateway.
6) No customer data should be taken beyond the Indian border. If an Indian customer goes abroad, his customer data should continue to stay in India and not be migrated abroad.
7) Selling of customer data should not be allowed.
8) The government should consider encouraging Indian companies to provide Internet-based services provided they offer greater privacy and security to Indian customers.
Online services do provide free services and earn their costs and profits through advertising. The indirect costs to the customer of being spied upon all the time and having one's privacy violated should be considered in this context.