‘People should have right over their data; firms mere custodians’

New Delhi: In significant recommendations concerning privacy, Trai on Monday that firms collecting user data don’t have a right over it, and emphasised that consumers’ consent is a must for obtaining it who should also be given the ‘Right to be Forgotten’.

Terming the existing data protection framework as inadequate, the Telecom Regulatory Authority of India (Trai) in a set of recommendations to DoT said that companies should not use meta-data to identify users and should disclose any data breaches.

Stating that each user owns his/her personal data and information submitted to any entity, it said entities controlling and processing user data are “mere custodians” and all of them should be brought under a data protection framework.

The government, it said, must notify policy framework to regulate devices, operating systems, browsers and applications.

Batting for telecom consumers, Trai said in its recommendation to the Department of Telecom that users be granted the right to choice, consent and to be forgotten to safeguard privacy.

It has suggested that all entities in the digital ecosystem be brought under a data protection framework to guard against the misuse of personal data of telecom consumers.

This is the first time ‘Right to be Forgotten’ has been given weightage by an Indian authority. It empowers users to delete past data that he may feel is unimportant or detrimental to his present position.

‘Disclose privacy breaches on websites’

  • Recommendations assume significance as issues around data protection have come into the spotlight, and privacy concerns have amplified in the wake of the recent Facebook data leak fiasco.
  • Trai has suggested that all entities in the digital ecosystem including telecom operators should transparently disclose the information about the privacy breaches on their websites.
  • Recommending measures on “privacy, security and ownership of data in telecom sector”, Trai held that consumers are owners of data and entities are “mere custodians and do not have rights”.
  • Trai, in its 77-page recommendations, said: “Govt should put in place a mechanism for redressal of consumers’ grievances relating to data ownership, protection & privacy.”
  • It has suggested that till a general data protection law is notified by the govt, the existing rules applicable to operators for protection of privacy be made applicable to all entities in the digital ecosystem.

Recommended For You