Digital data is users’ right, says TRAI

• Taking a leaf out of the General Data Protection Regulation (GDPR) rulebook drawn up by the European Union, the telecom regulator on Monday proposed strong data protection laws aimed at ensuring that Indian telecom users have the right to their own digital data.

• If the recommendations are accepted by the Centre, digital service providers such as Google and Facebook, application developers like WhatsApp, government entities like UIDAI, device-makers such as Xiaomi along with telecom operators will have to make sure that users’ data can be collected only with their explicit consent.

• Once collected, the user data can be used only for the limited purpose of providing the service for which the user has signed up.

• The proposed rules also have provisions for revoking the consent at a later date. A user will also have the right to be forgotten, which means that the service provider will be mandated to erase all personal data related to that consumer.

• The regulator has also questioned the practice of pre-loaded applications on mobile phone and application developers seeking unnecessary permissions from users as a pre-condition.

• Pushing for the ‘Privacy by design’ principle, the TRAI said a framework, on the basis of the electronic consent framework developed by Ministry of Electronics and IT (MeitY) and the master direction for data fiduciary (account aggregator) issued by the Reserve Bank of India, should be notified for the telecommunication sector also. The rules proposed by the TRAI come at a time when questions have been raised on the lack of data protection for Indian users of digital services.

• It has been found through recent data breaches on platforms like Facebook that the user is forced to part with his personal data with very little information about the scenarios/uses that his personal data would be put to.

• While the US and Europe have enacted robust data protection laws, Indian policymakers have so far moved slow on this aspect. A white paper on data protection across all sectors by a high-level government committee headed by Justice B N Srikrishna was released in November 2017, but there has been no significant movement towards bringing in a comprehensive policy.

Share article