People should have rights over their data; firms mere custodians: TRAI
The Telecom Regulatory Authority of India (TRAI) on Monday said that the firms collecting user data do not have a right over it. In significant recommendations concerning privacy, it emphasised that consent of the consumers should be mandatory and that they should also be given the ‘Right to be Forgotten’.
In a set of recommendations to Department of Telecom (DoT), TRAI termed the existing data protection framework as inadequate. The companies should not use meta-data to identify users and should disclose any data breaches, it said.
Entities controlling and processing user data are ‘mere custodians’ and all of them should be brought under a data protection framework, said TRAI. Each user owns their personal data and the information submitted to any entity, it added.
The government, it said, must notify policy framework to regulate devices, operating systems, browsers and applications.
Batting for telecom consumers, TRAI in its recommendation to DoT said that users be granted the right to choice, consent and to be forgotten to safeguard privacy.
It suggested that all entities in the digital ecosystem be brought under a data protection framework to guard against the misuse of personal data of telecom consumers.
This is first time 'Right to be Forgotten' has been given weightage by an Indian authority. It empowers users to delete past data that they may feel is unimportant or detrimental to their present position.
Past data could be in terms of photographs, call records, video clippings and so on which could potentially harm the reputation of the consumer.
However, the regulator added that the right to data portability and right to be forgotten are restricted rights and the same should be subject to applicable laws in this regard.
It suggested that the existing rules applicable to telecom operators for protection of users' privacy be made applicable to all the entities in the digital ecosystem, till a general data protection law is notified by the government.
"For this purpose, the government should notify the policy framework for regulation of devices, operating systems, browsers and applications," TRAI recommended.
TRAI had floated its discussion paper on the data privacy and security for telecom sector last year and had followed it up with an open house discussion in February this year.
The recommendations assume significance as issues around data protection have come into the spotlight, and privacy concerns have amplified in the wake of the recent Facebook data leak fiasco.
