Users own their data, says Trai, calls for stricter rules
NEWDELHI:ENTITIES that control or process personal information and data are mere custodians and do not have primary rights over it, the telecom regulator said, suggesting that users be given the right to choose the information they want to share and be forgotten if they so desire.
The existing framework for protection of personal data of telecom consumers is not sufficient and hence all entities that process personal user data should be brought under a data protection framework, the Telecom Regulatory Authority of India (Trai) said in recommendations made public on Monday.
Trai’s suggestions assume significance as a huge chunk of user data is being generated on smartphones. Telecom operators, which control the networks on which information flows, have the ability to analyse the contents. Data collated by mobile applications over a period of time can be utilised to profile people which poses a risk to data privacy.
These recommendations will also act as crucial inputs to the Justice BN Srikrishna committee, set up by the government in July last year. The panel has been tasked with identifying overall data protection issues in India
and recommending methods of addressing them.
“Trai’s suggestions are broadly general. The Srikrishna committee report is awaited for further clarity on how the overall data protection framework will be enacted. However, Trai’s suggestions may have also tied the hands of the committee in case it wanted to take a contradictory position,” said Suneeth Katarki, partner, Induslaw.
User-generated data is integral to the business models of major communication and social media networks as it makes them valuable to advertisers, which in turn use it to help companies target goods and services at consumers. In August 2017, Trai had published a consultation paper to identify the scope and definition of personal data and ownership, and control of user data by telecom service providers. Trai’s suggestions, which are only meant for operators and telecom subscribers, also state that the present definition of personal data be continued till the enactment of specific protection law.
“User should be able to selectively give his/her consent for each purpose separately rather than a blanket consent for all conditions,” Trai has suggested. “The service provider should not deny all the services to user on the pretext that the user has not given blanket consent for all conditions,” it said.