Hacking of email accounts, stealing of personal details of credit and debit card holders and corrupting the data on someone’s laptop are some of the evils that have crept up in the modern day world of digitisation. Some incidents like stealing money from the bank accounts of individuals do not have a far reaching impact on the lives of people around the globe. But mass harvesting of data from the social networking platforms and using the same personal details of the users on large scale has been a matter of concern for everybody. Since the digital world has reduced the entire planet into a global village, the data protection of individuals has become a subject of study that calls for robust data protection. Moreover, questions have been raised over the safety of data, which has been used by some firms for ulterior motives. The people around the world have just learned how a data analytics firm, Cambridge Analytica, collected the data of 50 million Facebook users and used that information to feed strategies such as ‘behavioural microtargeting’ and ‘psychographic messaging’ for Donald Trump’s presidential campaign in the US. Chris Wylie, a former CA employee-turned-whistle-blower, set off a storm with revelations of how the firm had unleashed a ‘psychological warfare’ tool for alt-right media guru Steve Bannon to try to sway the election in Donald Trump’s favour. The Cambridge Analytica chief executive Alexander Nix, suspended a few days ago following an undercover report by a British TV broadcaster, said the firm has used other dubious methods in projects worldwide – including honey-traps to discredit clients’ opponents. The combination of using personal data without consent and tailoring slander campaigns, fake news and propaganda to already identified preferences of voters is a potent and corrosive cocktail. The Facebook owner has said its policies in 2014, when a personality profiling Application was run on its platform, permitted the developer to scrape data not only from those who downloaded the Application but also from the details of their FB ‘friends’. Yet it did not make sure the data were destroyed by the Application’s developer Aleksandr Kogan, a Cambridge University academic, nor by CA itself when it came to light that the developer had sold the data to a third party. Facebook founder and CEO Mark Zuckerberg has offered an apology and expressed willingness to cooperate with inquiries and open up Facebook to regulation. He has also gone to the extent of assuring that he was also open to corrections so far as the data protection of the users is concerned besides checking the Applications on their platform. The recent turn of events has brought to light several issues that need to be addressed by all the stakeholders. Firstly, the multi-national companies have been collecting data and tailoring marketing strategies accordingly. The issue in this case is particularly serious because politics and elections are involved not in one countries but many around the world. Secondly, regardless of whether what Facebook and CA did was legal or not, something is broken in a policy environment in which the data of millions is taken and used when only a fraction of the users knowingly or unknowingly consented. Thirdly, technology is evolving at such a rapid pace, raising the question whether laws need to be reframed mandating an opt-out approach universally rather than an opt-in approach. Many individuals often share their data without being aware of it or understanding the implications of privacy terms and conditions. Fourthly, there must be clear laws on the ownership of data and what data need to be protected. Individuals must own it, have a right to know what companies and governments know about them and, in most cases, i.e., when there are no legitimate security or public interest reasons, have the right to have their data destroyed. The CA issue is a wake-up call for India; the government is still dragging its feet on framing a comprehensive and robust data protection law. This is particularly required when questions have been raised over collection of data of individual Indian citizens by way of touted digitisation through Aadhaar Card and its linkage with bank accounts and several government schemes for getting concessions for social welfare. These issues need serious consideration and should be addressed before the data is stolen by some companies and put to use for ulterior purposes within and outside India.