0.1679
900 319 0030
x

TRAI’s Recommendation on Right to Data

iasparliament Logo
July 17, 2018

Why in news?

Telecom Regulatory Authority of India has ruled that People should have right to their data.

What is TRAI’s recommendation about?

  • In a move with far-reaching ramifications, the Telecom Regulatory Authority of India (TRAI) said that users owned their data, while entities in the digital ecosystem storing or processing such data were mere custodians.
  • The recommendations have come at a time when there are rising concerns around privacy and safety of user data, especially through mobile apps and social media platforms.
  • The authority said it was limiting its recommendations to telecom service providers (TSPs) as the larger issues on data protection.
  • For all other sectors the issues would be addressed by the committee headed by Justice B N Srikrishna.

What are the highlights of TRAI’s recommendations?

  • TRAI claimed that existing norms “not sufficient” to protect consumers and ruled that entities processing user data mere custodians sans primary rights
  • The regulatory authority stated that firms should disclose data breaches in public and should list actions taken for mitigation, preventing breaches
  • Apart from that consumers should be given right of consent, right to be forgotten and study should be undertaken to formulate the standards for de-identification of personal data
  • TRAI’s right to be forgotten empowers users to delete past data that they may feel is unimportant or detrimental to their present position.
  • Past data could be in terms of photographs, call records, video clippings and so on.
  • Mandatory provisions should be incorporated in devices so that users can delete pre-installed applications
  • Terms and conditions of data use should be disclosed before the sale of a device
  • Data controllers should be prohibited from using pre ticked boxes to gain user’s consent.

How such recommendations would be implemented?

  • To ensure the privacy of users, national policy for encryption of personal data, generated and collected in the digital eco-system, should be notified by the government at the earliest.
  • Till such time a general data protection law is notified by the government, the existing rules/licence conditions applicable to service providers for protection of users' privacy be made applicable to all the entities in the digital ecosystem.
  • For this purpose, the government should notify the policy framework for regulation of devices, operating systems, browsers, and applications.
  •  It has also been proposed that privacy by design principle coupled with data minimisation should be made applicable to all the entities in the digital ecosystem.
  • These recommendations when accepted by the government will mean that entities like browsers, mobile applications, devices, operating systems and service providers, among others.
  • Such entities will not be able to share personal data with third parties without getting the consent of customers.

 

Source: Business Standard

Login or Register to Post Comments
There are no reviews yet. Be the first one to review.

ARCHIVES

MONTH/YEARWISE ARCHIVES

Free UPSC Interview Guidance Programme