The Telecom Regulatory Authority of India (TRAI) has made it’s stand very clear about the ‘user data privacy’ debate in the latest recommendations. Simply put, you and I are the owners of the data that we share with any entity in the telecom sector, and they are simply temporary “custodians”. If these recommendations considered for implementation, telecom companies could be mandated to ensure stricter privacy and protection for user data.
The views of the telecom regulator come ahead of the Justice B N Srikrishna committee’s recommendations on data privacy, which could have a huge bearing eventually on how the tech giants such as Apple, Google, Amazon and Facebook, as well as Indian internet companies, handle your data.
Also Read: This US Woman Dropped her iPhone From a 1000 Feet Mid-Air And Then Found it in a Perfect Condition
The TRAI recommendation states, “In respect of the ownership of personal data, the Authority is of the view that the individual must be the primary right holder qua his/ her data. While the right to privacy should not be treated solely as a property right, it must be recognized that controllers of personal data are mere custodians without any primary rights over the same.” This simply means that any data that you share with any company still belongs to you, and the companies don’t have any ownership or the right to use that without your permission.
But what constitutes as personal data that companies have no ownership over? According to the Sensitive Personal Data and Information Rules 2011, financial information such as bank account or credit card or debit card or other payment instrument details, physical, physiological and mental health condition, sexual orientation, medical records and biometric information are considered as “sensitive personal data or information”.
Also Read: Oppo A3s vs Xiaomi Redmi Y2 vs Moto E5 Plus vs Oppo Realme 1 vs Asus Zenfone Max Pro (M1): Spec Comaprision
The recommendations, in section 2.46, also suggests that “Customer should have the right to stop the services along with the right to be forgotten by seeking the deletion of all the information, which an entity/individual has stored previously. The entities should not store and use the personal information of their customers once they stop using the services/products of that entity, beyond the mandated period under the law.” This means that companies will have to mandatorily delete your data if you sign out of any of the services or products that you use.
The recommendations also state that “Foreign companies establishing their businesses (Content and App services, Device Manufacturing, Browser, OS etc) in India that connects with users through TSPs must ensure that their local entities adhere to the relevant Indian laws governing data privacy and secrecy.” Any company operating on Indian soil, should have to adhere to these rules of data deletion. There should also be no “pre-ticked” boxes making information collection mandatory without giving the user any option of accepting or denying sharing specific information.
These recommendations come just after the Department of Telecom gave their acceptance of net neutrality regulations—these are based on the TRAI’s recommendations. The fact that soon after that, TRAI has leaned in on data privacy and protection, could have a huge bearing on the upcoming Justice BN Srikrishna committee report, which would look at data security and privacy on a much wider scale.
Comments
0 comment