New Delhi: The Telecom Regulatory Authority of India declared that a user “owns” his personal information and Google, Facebook and Twitter, among others, are only custodians and don’t have primary rights over their data.
In its recommendations on “Privacy, Security and Ownership of Data in the Telecom Sector”, Trai said all entities in the digital ecosystem, which control or process data, must be restrained from using metadata to identify individual users. It said consumers must have the right to choice, consent and to be forgotten in order to safeguard their privacy.
Trai said the existing framework for protection of the personal information of telecom consumers in India was not sufficient. To protect telecom consumers against the misuse of their personal data, it said such companies should be brought under a data protection framework.
The Trai recommendations comes at a time when there are concerns worldwide over the privacy of Internet users and how personal data is used by app developers. In the United States, Cambridge Analytica is facing an investigation over allegations that it stole 50 million Facebook users’ data to help its clients around the world to win elections, including US President Donald Trump.
In its recommendations, Trai said that till a general data protection law is notified by the government, all existing rules applicable to telecom operators for the protection of users’ privacy be made applicable to all the entities in the digital ecosystem.
For this, the government should notify the policy framework for regulation of devices, operating systems, browsers and applications.
“The right to choice, notice, consent, data portability, and the right to be forgotten should be conferred upon telecoinmunication consumers,” Trai said. However, it also added that the “right to data portability” and the “right to be forgotten” are restricted rights, and these should be subjected to the applicable restrictions due to the prevalent laws.
Trai said that multilingual, easy-to-understand, unbiased, short templates of agreements/terms and conditions be made mandatory for all entities in the digital ecosystem for the benefit of consumers. Also, companies should be prohibited from using “pre-ticked boxes” to gain users’ consent. Clauses for data collection and purpose limitation should be incorporated in the agreements.
Mobile device makers should disclose the terms and conditions of use in advance, before sale of the device. It should be made mandatory for the devices to incorporate provisions so users can delete pre-installed apps if he/she so decides. Also, users should be able to download the certified applications at his/her own will and the devices should in no way restrict such action by users.
“To ensure the privacy of users, a national policy for the encryption of personal data, generated and collected in the digital ecosystem, should be notified at the earliest,” Trai said.
Users ‘own’their data, not Google or Facebook: Trai
Leave a Comment
Leave a Comment