The department of telecommunications (DoT) is unlikely to act on the data privacy recommendations given by the Telecom Regulatory Authority of India (Trai) on Monday.
The department of telecommunications (DoT) is unlikely to act on the data privacy recommendations given by the Telecom Regulatory Authority of India (Trai) on Monday. Sources told FE that Trai’s suggestions were suo motu and not sought by the government and, hence, will be sent to the Srikrishna committee which has been set up by the government and is looking into the issue of data privacy. “It is up to the Srikrishna panel to assess what they can draw from the recommendations put forward by Trai. It is only when the committee gives its report will the government formulate a data protection law,” an official said.
The official added Trai’s recommendations asking the government to notify a law regulating the entire digital ecosystem comprising devices, operating systems, browsers, and applications does not fall under the DoT but cuts across other ministries like electronics and IT and information and broadcasting, and would need wider consultations and so the best bet is to refer it to the Srikrishna panel.
Speaking to FE, Trai chairman RS Sharma said that the authority’s recommendations on data privacy in no way interferes with the work of Srikrishna panel and in fact should be seen as its inputs relating to the telecom sector which can be assessed by the Srikrishna committee. “We are not seeking any powers for ourselves. We have recommended the government what needs to be done for data protection in the telecom space and suggested a law needs to be put in place for it,” Sharma said.
On Monday Trai came out with a set of recommendations on data privacy which suggested that pending a notification of a general data protection law by the government, the existing regulatory laws applicable to telecom players be made applicable to all entities in the digital ecosystem, which include devices, operating systems, browsers and applications, to strengthen privacy of users’ data.
Analysts while welcoming the general principle relating to data privacy expressed doubts as to how Trai’s recommendations can be implemented in a piecemeal approach. This is because storage of consumer data by most of the apps or devices and operating systems is on cloud which happens to be outside the country as no servers are located within the country.
On the issue of data localisation or storage within the country, Trai has not made any recommendation and said that this issue is being dealt by the Srikrishna committee.
The telecom industry, which has been insisting for long that same rules should apply for similar services, meaning that apps should also come under regulation, has welcomed Trai’s recommendations. “We are happy with Trai’s recommendations on privacy, security and ownership of data as the regulator is calling for all digital entities to be brought under data protection framework. This would include all devices, operating systems, browsers and applications and would be welcome stop-gap measure till rules and regulations of the telecom services providers are applicable to them. This will ensure, in prevailing circumstances, that the privacy of users is protected and maintained. National security and privacy issues are of paramount importance. Accordingly, the regulator by making this recommendation, is ensuring that no exception is made for any service provider, while subjecting them to the rules to meet the national security and privacy norms, ie, same service same rule should be established for similar service providers. However, this is our preliminary view and we will need to review the other recommendations to determine their implications,” said Rajan S Mathews, director general of the Cellular Operators Association of India.
However, the Indian Cellular Association (ICA), the apex body of device manufacturers, criticised Trai’s recommendations on the ground that the regulatory body had overstepped its jurisdiction. “No section of the Trai Act allows it to venture into privacy, ownership of data and more importantly, regulating the digital ecosystem beyond telecom companies. They have crossed the red line drawn by Parliament and are way outside their legislative limits. Trai has no powers and even less expertise in this space,” said ICA head Pankaj Mohindroo.