Kasana, SumanDr. Srijoni Sen, - Supervisor2022-12-022022-12-022022-12-02https://dans.nls.ac.in/handle/123456789/1125Mobile applications have become an integral part of modern-day life. The business models of these apps are driven by data provided by users. Even though the services or use of these apps is free, there are concerns about the harm caused to users because of ubiquitous data handling practices. Data is being used for product personalisation, app functionality, third-party advertising, advertising or marketing by the developer, and other purposes. As the data handling practices become more and more complex and enhanced due to advancements in technologies such as AI, machine learning, and cloud computing, data breach and privacy concerns become more frequent, and a need is being felt to protect the user and their privacy. The privacy policies of these apps are drawing attention. This dissertation has been dedicated to studying the notion of intrusiveness as an imbalance of closeness and autonomy between the user and the app through a study of privacy policies and industry practices in India. It is a qualitative study that has made use of the disclosures made by the apps as part of the privacy report section on the Apple iOS store. The study found that the users have no or low bargaining power as far as changes to privacy policies are concerned. Users have low autonomy in terms of the data collection and the purpose for which data is being collected. The study did a peer analysis of apps from the same category, for example – Amazon and Flipkart under shopping, and found that there are apps that collect more data and use a large number of datasets for the same purpose than their counterparts. This indicates that there are no standards on how much data can an app collect and the type of datasets that can be used for a particular purpose by apps in a particular category. In addition to this, users do not have the choice to renegotiate the terms of use of their data, apps can share or sell user data to different groups. Industry practices such as the existence of clickwrap agreements, bundled consent, and take it or leave it terms deprive the user of the choice and autonomy to meaningfully engage with the privacy policies – contract of the digital world between the user and the app, terms of use and service and related policies. While apps declare that access to the app and handling of children’s data is done based on consent from the parent or legal guardian, they do not provide any information in regards to age verification at present. Cut-off age to be considered a minor also varies across apps. The regulatory response needs to consider these findings to ensure robust transparency and accountability frameworks for data protection and privacy.enMobile applications; Machine learning; Artificial intelligence; Data breach and privacyThesis