Mobile devices and apps are like ‘faucets’ to the telecom pipe and should be subjected to similar rules as telecom operators till an overarching data protection law is in place to safeguard consumer rights, Trai Chief RS Sharma said today. Asserting that Trai has not overstepped its mandate while calling for regulation of all digital entities handling consumer data, he said users are the primary owners of their data. A day after the Telecom Regulatory Authority of India recommendations termed entities controlling and processing user data as “mere custodians” and recognised individuals as the actual owners of personal information, Sharma told PTI that concept of ownership and possession in physical and digital world were completely different.
“Data is infinitely divisible without loss of property…multiple people can possess same data at the same time. Question of ownership becomes fuzzy, in this case. What is important is control and who controls data. The entire premise of our consultation is that user is the primary controller or owner of data. Other guys in system are merely custodians of data,” he said.
Trai had noted yesterday that the existing framework of data protection of telecom consumers is “not sufficient” and that all entities in the digital ecosystem which handle personal data should be brought under a data protection framework. These recommendations are expected to have wide reaching implications for tech titans like Apple and Facebook as well as apps like Paytm.
Sharma said however that he did not anticipate any opposition, given that the global giants are already adhering to data protection norms in overseas market. “When it comes to data consumption and data generation, India is a huge market. We are data rich, so richness of data should be used for the purpose of benefit of people, it not be exploited like a raw material. I don’t see any opposition…once the government frames law and regulations, they have to comply with that…there is no choice,” Sharma said.
In significant recommendations concerning privacy, Trai has argued that firms collecting user data don’t have a right over it, and emphasised that consumers’ consent is a must for obtaining it. Terming the existing data protection framework as inadequate, the Trai in a set of recommendations to Telecom Department has also said that companies should not use meta-data to identify users and should disclose any data breaches. Stating that each user owns his/her personal data and information submitted to any entity, Trai has said that entities controlling and processing user data are “mere custodians” and all of them should be brought under a data protection framework.
The government, it has said, must notify policy framework to regulate devices, operating systems, browsers and applications. Batting for telecom consumers, Trai had also suggested that users be granted the right to choice, consent and to be forgotten to safeguard privacy. “Our proposal is not that you let Trai regulate them or give them to Trai…that is not the issue. Once there is data protection law, everyone including devices, browsers and apps will have to abide by law. But till that happens, our recommendation is these entities should be subject to similar rules as telecom service providers…because they are extremely important players in digital ecosystem,” Sharma said.