Governance
TRAI Says Users Own their Data, Calls for Stricter Security Rules
- 17 Jul 2018
- 4 min read
In its recommendations on ‘Privacy, Security and Ownership of the Data in the Telecom Sector’, the Telecom Regulatory Authority of India (TRAI) declared that each user owned his or her data collected by or stored with the entities in the digital ecosystem that includes devices and applications.
Key Highlights
- Data controllers and processors are mere custodians and do not have primary rights over user data.
- Entities which control or process personal user data should be brought under a data protection framework.
- Data controllers should be prohibited from using pre-ticked boxes to gain user consent.
- The right to choice, consent, data portability, and the right to be forgotten ought to be given to consumers. Users should have the right to delete past data, subject to certain restrictions.
- Multilingual, easy to understand, short templates of agreements or terms and conditions should be made mandatory and these should be accompanied with consumer awareness programmes.
- Device manufacturers should incorporate provisions so that users can delete pre-installed applications if they so decide.
- The personal data of telecom consumers should be encrypted during the motion as well as during the storage in the digital ecosystem.
- The Department of Telecommunication should re-examine the encryption standards, stipulated in the licence conditions for the TSPs.
- A common platform is to be created for the sharing of information related to data security breach incidents in the digital ecosystem.
- Further, to ensure the privacy of users, the National Policy for encryption of personal data, generated and collected in the digital ecosystem, should be notified by the government at the earliest.
Significance
- The recommendations made by TRAI extol the view that the individual must be the primary right holder of his/ her data.
- If the recommendations are accepted by the government, digital service providers; application developers; and device-makers along with telecom operators will have to make sure that users’ data can be collected only with their explicit consent.
- Once collected, the user data can be used only for the limited purpose of providing the service for which the user has signed up.
- The suggestions assume significance as a huge chunk of user data is being generated on Smartphones.
- Telecom operators, who control the networks on which information flows, have the ability to analyze the content.
- User-generated data is integral to business models of major communications and social media networks as it makes them valuable to advertisers, who in turn use this to help companies target goods and services at consumers.
- However, data collated by mobile applications over a period of time can be used to profile people, which pose a risk to data privacy.
- These recommendations will also act as crucial inputs to the Justice B.N. Srikrishna committee that has been tasked with identifying overall data protection issues in India and recommending ways to address them.