TRAI recommendations: People have the sole right to their data and companies are just custodians of this data, TRAI said. Data subjects should own their data, leaving the controllers and processors of that data as mere “custodians [with no] primary rights over this data,” according to recommendations released by the telecom regulator. TRAI also said that data security breaches may take place in-spite of adoption of best practices.The data users enjoy the rights of choice, notice, consent, data portability, as well as the right to be forgotten, according to the recommendations released by telecom regulator on Monday.
TRAI yesterday released the recommendations on “Privacy, Security and Ownership of Data in the Telecom Sector.”
In addition, TRAI also recommended until the upcoming general data protection law is notified, the privacy rules in place currently should also be applied to all other entities existing in the digital ecosystem. The telecom regulator also said that the data should remain encrypted throughout its movement through the system. “Decryption should be permitted on a need basis by authorized entities in accordance to consent of the consumer or as per requirement of the law,” the report states.
The telecom regulator also proposed that consumer awareness programs be undertaken to spread awareness about data protection and privacy issues so that the users can take well informed decisions about their personal data.
“Data Controllers should be prohibited from using ‘pre-ticked boxes’ to gain users consent. Clauses for data collection and purpose limitation should be incorporated in the agreements. Devices should disclose the terms and conditions of use in advance, before sale of the device,” TRAI said.
“For ensuring the security of the personal data and privacy of telecommunication consumers, personal data of telecommunication consumers should be encrypted during the motion as well as during the storage in the digital ecosystem. Decryption should be permitted on a need basis by authorised entities in accordance to consent of the consumer or as per requirement of the law,” it said.