Trai Floats Pa­per on Data Se­cu­rity of Mo­bile Users

Op­er­a­tors ques­tion reg­u­la­tor’s ju­ris­dic­tion over an is­sue that flows be­yond tel­cos

The Economic Times - - Companies: Pursuit Of Profit - Our Bureau

New Delhi: The tele­com reg­u­la­tor has started a con­sul­ta­tion process to as­sess whether the data rights of mo­bile phone users are ad­e­quately pro­tected, a move that car­ri­ers said would lead to over­reg­u­la­tion. They also ques­tioned the watch­dog’s ju­ris­dic­tion on an is­sue that ex­tends be­yond tel­cos.

Through a con­sul­ta­tion pa­per is­sued on Wed­nes­day, the Tele­com Reg­u­la­tory Author­ity of In­dia said it aimed to iden­tify key is­sues per­tain­ing to data pro­tec­tion in re­la­tion to de­liv­ery of dig­i­tal ser­vices, in­clud­ing tele­com and data ser­vices, as well as de­vices, net­works and ap­pli­ca­tions that col­lect and con­trol data gen­er­ated by users through tel­cos. The reg­u­la­tor wants to know if there should be greater par­ity in data pro­tec­tion norms ap­pli­ca­ble to car­ri­ers and In­ter­net-based voice and mes­sag­ing ser­vices. In­ter­net-based mes­sag­ing ser­vices in­clude What­sApp and Hike.

In the pa­per ti­tled, ‘Pri­vacy, Se­cu­rity and Own­er­ship of the Data in the Tele­com Sec­tor,’ Trai de­scribed data pro­tec­tion as ‘the abil­ity of in­di­vid­u­als to un­der­stand and con­trol the man­ner in which in­for­ma­tion per­tain­ing to them can be ac­cessed and used by oth­ers.’

ET was the first to re­port in its edi­tion on Wed­nes­day that Trai would come out with a con­sul­ta­tion pa­per on data se­cu­rity. Com­ments on the pa­per, which has a dozen ques­tions aimed at iden­ti­fy­ing the scope and def­i­ni­tion of per­sonal data, own­er­ship and con­trol of data of users of tele­com ser­vices and as­sess­ing the ad­e­quacy and ef­fi­ciency of data pro­tec­tion mea­sures cur­rently in place, have been sought by Septem­ber 8 and counter-com­ments by Septem­ber 22. The reg­u­la­tor will then hold open­house dis­cus­sions, fol­low­ing which it will make recom­men-

a need to cre­ate a tech-en­abled ar­chi­tec­ture for au­dit­ing use of per­sonal data, and associated con­sent? strengthen, pre­serve safety & se­cu­rity of tele­com in­fra, dig­i­tal ecosys­tem? da­tions to the tele­com de­part­ment, which will take a fi­nal call on im­ple­men­ta­tion.

Tel­cos ques­tioned whether data own­er­ship, se­cu­rity and pri­vacy fall un­der the reg­u­la­tor’s am­bit, not­ing that the watch­dog “may bite off more than it can chew” while is­su­ing a con­sul­ta­tion pa­per on a sub­ject that also in­volves en­ti­ties that are not tele­com li­cence hold­ers.

“The ques­tions posed by the Trai pa­per are very broad and the risk is that of over-reg­u­lat­ing an in­dus­try where tech­no­log­i­cal changes and in­no­va­tion can rapidly make any reg­u­la­tion out­dated,” said Ra­jan Mathews, di­rec­tor gen­eral of the Cel­lu­lar Op­er­a­tors As­so­ci­a­tion of In­dia (COAI), a group­ing of op­er­a­tors in­clud­ing Bharti Air­tel, Voda­fone In­dia, Idea Cel­lu­lar and Re­liance Jio In­fo­comm. “There are also ques­tions of ju­ris­dic­tion that need to be an­swered.”

Tel­cos ar­gued that reg­u­lat­ing data through tele­com op­er­a­tors alone, which fall un­der the purview of Trai, and ex­clud­ing en­ti­ties that are not li­censees may cre­ate an ar­bi­trage that may be detri­men­tal to car­ri­ers.

“Why is Trai look­ing at data

to be taken for en­cour­ag­ing new data-based busi­nesses con­sis­tent with frame­work of data pro­tec­tion? be the ex­cep­tions to data pro­tec­tion needs?

ET was the first to re­port in its edi­tion on

that Trai would come out with a con­sul­ta­tion pa­per on data se­cu­rity pro­tec­tion/us­age out­side tele­com ecosys­tem? It gov­erns car­riage, not con­tent/data. Look­ing at data col­lec­tion and con­sent mech­a­nism is a min­istry of IT role, not that or min­istry of com­mu­ni­ca­tions, and not Trai,” said Nikhil Pahwa, a pro­po­nent of net neu­tral­ity in In­dia.

In the pa­per, Trai said it is “of the view that the users should be em­pow­ered in re­spect of own­er­ship and con­trol of his/her per­sonal data and to en­sure this, all the play­ers in the ecosys­tem are bound to fol­low cer­tain safe­guards while col­lect­ing, stor­ing and us­ing the data per­tain­ing to their sub­scribers.”

“What are the key is­sues of data pro­tec­tion per­tain­ing to the col­lec­tion and use of data by var­i­ous other stake­hold­ers in the dig­i­tal ecosys­tem, in­clud­ing con­tent and ap­pli­ca­tion ser­vice providers, de­vice man­u­fac- tur­ers, oper­at­ing sys­tems, browsers, etc?” Trai asked.

The reg­u­la­tor said ra­tio­nale for gov­ern­ment in­ter­ven­tion in data pro­tec­tion and own­er­ship arises for pre­vent­ing “harm to con­sumers.” Con­sumers typ­i­cally un­der­es­ti­mate the value of per­sonal data and the im­pact of agree­ing to share it, while ser­vice providers ben­e­fit by ac­quir­ing and hold­ing such data, it said. Trai asked if there should be le­git­i­mate ex­cep­tions to the data pro­tec­tion re­quire­ments im­posed on dig­i­tal ser­vice providers.

It also in­tro­duced the con­cept of data con­trollers — de­fined as ‘any or­gan­i­sa­tion that de­ter­mines the pur­poses and means of pro­cess­ing the per­sonal in­for­ma­tion of users’ — and sought com­ments on their rights, re­spon­si­bil­i­ties and whether their rights su­per­sede those of an in­di­vid­ual over per­sonal data. It also sought views on new ca­pa­bil­i­ties to be granted to con­sumers over the use of per­sonal data.

The reg­u­la­tor noted that many mo­bile apps sought ac­cess to a user’s call records, de­vice mi­cro­phone and pic­ture li­brary, which may not be needed to pro­vide the ser­vice.

“In light of re­cent ad­vances in tech­nol­ogy, what changes, if any, are rec­om­mended to the def­i­ni­tion of per­sonal data? Should the user’s con­sent be taken be­fore shar­ing his/ her per­sonal data for com­mer­cial pur­poses?” the reg­u­la­tor asked.

Trai’s con­sul­ta­tion pa­per ap­pears to be trig­gered by iPhone maker Ap­ple, which is yet to al­low the reg­u­la­tor’s DoNot-Dis­turb app to be listed on its App Store. Trai chair­man RS Sharma said Ap­ple is act­ing like a “data coloniser” and is be­ing “anti-con­sumer.”

Trai wants to know if there should be greater par­ity in data pro­tec­tion norms ap­pli­ca­ble to car­ri­ers and net-based voice and mes­sag­ing ser­vices

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.