You May Also Like To Watch:
Without referring to the case, Sharma in a recent interview emphasised that information a mobile app asks for should be relevant to its purpose and that “minimal information principle” needs to be followed in normal course. “If an app has nothing to do with your, say, gender, then it should not ask for such information. That is the broad principle,” Sharma said, citing an example. The Trai chief declined to specify whether the consultation would result in norms or regulations around data privacy and security, saying it is “premature”. “I will raise various issues during consultation… the form (it takes) will depend on what stakeholders say, and also how much right we have as a regulator…,” he added.
At present, discussions have started internally within Trai to look at these issues of data security and privacy in the telecom sector, he noted. Sharma said he had flagged the matter at a recent ITU global symposium of regulators and stressed on the need for regulators to come together to fix “international norms” in this regard. “…In case I am downloading an app and it asks for 20 information, completely irrelevant… and if I don’t provide that information, it does not download… then there should some basis for information that an application can ask for,” he said.
When contacted, Pavan Duggal, advocate, Supreme Court and a cyber law expert, said there are no adequate laws to govern mobile apps.
“The current dispensation is not enough. The IT Act is India’s only legislation governing the mobile ecosystem. But it has not gone in the direction of stipulating parameters of due diligence to be done by mobile app service providers,” he said. Consequently, people’s data are continuously being used by “rogue apps” with consumers having no effective legal remedy, Duggal claimed, adding that Indian laws must therefore stipulate cyber security parameters for mobile apps.