Trai comes out with consultation paper on privacy and ownership of data

Paper by Trai comes in the backdrop of regulator's ongoing tussle with Apple regarding its DND app

As it looks to protect data rights of individuals, sectoral regulator Telecom Regulatory Authority of India (Trai) has come out with a consultation paper on privacy, security and ownership of data in the telecom sector.

The paper by Trai comes in the backdrop of the regulator's ongoing tussle with Apple regarding its Do-Not-Disturb (DND) app, which is not being allowed on iOS platform. The app is available on Android platform.

The Trai through the paper plans to define personal data and who should have ownership and control when a customer uses telecom services. As per an official, the authority has been working on the paper for the past couple of months as currently there are no guidelines regarding the use of data by third party entities and also who owns the data.

The Trai will come out with recommendations and in the case of sovereign power, security and licencing issues, it will suggest Department of Telecommunications to take a call on the matter.

The authority has suo-motu decided to come out with the consultation paper as it felt it was necessary to frame some guidelines regarding data protection and sharing of data with third party players.

The Trai official said currently when a person downloads a mobile app on his phone, the app seeks access to all kind of details including phone book, camera, location among others even though the app is not related to all these.

Also, there is no clarity about ownership of data and to whom it can be shared. The official said in case of DND app, if a customer willingly wants to share data with it, then why Apple is not allowing doing it citing privacy. "We want to identify who is the custodian of data," the official said.

There have been issues about companies sharing data of customers to others, without the knowledge of the customer.

Trai said the availability of data has enhanced the business and efficiency potential of data analytics. "However, it is equally important to assess whether the data rights of individuals are being adequately protected in this changing environment. Data protection may, therefore, mean the ability of individuals to understand and control the manner in which information pertaining to them can be assessed and used by others," Trai said.

Trai said it is of view that the users should be empowered in respect of ownership and control of his/her personal data and to ensure this, all the players in the ecosystem are bound to follow certain safeguards while collecting, storing and using the data pertaining to their subscribers.

Trai has sought comments from stakeholders and public to identify the scope and definition of personal data, ownership and control of data of users of telecom services and to identify the rights of data controllers.

The regulator will also assess the adequacy of data protection measures currently in place in the telecom sector. Trai will also identify key issues pertaining to data protection in relation to the delivery of digital services.

The stakeholders can send their comments by September 8 and counter comments by September 22.