0

0

0

0

0

0

0

0

0

This article is more than 3 year old.

Trai recommends stricter privacy framework, says exiting rules insufficient

Trai recommends stricter privacy framework, says exiting rules insufficient
The Telecom Regulatory Authority of India (Trai) on Monday said the existing framework for the protection of user data was not sufficient and added all entities in the digital ecosystem, including devices and applications, must be  brought under a data protection framework.
All entities in the digital ecosystem including service providers, devices, browsers, operating systems and applications would have to be brought under a privacy framework, the regulator said.
The European Union in May brought into effect new privacy regulations in the bloc, forcing companies to be more attentive to how they handle customer data, while bringing consumers new ways to control their data and tougher enforcement of existing privacy rights.
Backing the regulator's decision, the Cellular Operators Association of India (COAI) said a new privacy framework would ensure the privacy of users is protected and maintained.
"The regulator by making this recommendation, is ensuring that no exception is made for any service provider, while subjecting them to the rules to meet the national security and privacy norms, i.e. same service same rule should be established for similar service providers," Rajan Mathews, director general, COAI said.
Here are the key highlights of Trai's recommendations:
  • The Right to Choice, Notice, Consent, Data Portability, and
  • Right to be Forgotten should be conferred upon the
    telecommunication consumers.
  • The Right to Data Portability and Right to be Forgotten are
  • restricted rights, and the same should be subjected to
    applicable restrictions due to prevalent laws in this regard.
  • Multilingual, easy to understand, unbiased, short templates
  • of agreements/ terms and conditions be made mandatory
    for all the entities in the digital ecosystem for the benefit
    of consumers.
  • Data Controllers should be prohibited from using “pre-ticked
  • boxes” to gain users consent. Clauses for data
    collection and purpose limitation should be incorporated in
    the agreements.
  • Devices should disclose the terms and conditions of use in
  • advance, before sale of the device. It should be made mandatory for the devices to incorporate provisions so that user can delete such pre-installed
    applications, which are not part of the basic functionality of
    the device, if he/she so decides. Also, the user should be
    able to download the certified applications at his/ her own
    will and the devices should in no manner restrict such
    actions by the users.
  • Consumer awareness programs be undertaken to spread
  • awareness about data protection and privacy issues so that
    the users can take well informed decisions about their
    personal data.
  • The Government should put in place a mechanism for
  • redressal of telecommunication consumers' grievances
    relating to data ownership, protection, and privacy.
  • Department of Telecommunication should re-examine the
  • encryption standards, stipulated in the license conditions
    for the TSPs, to align them with the requirements of other
    sectors.
  •  To ensure the privacy of users, National Policy for
  • encryption of personal data, generated and collected in the
    digital eco-system, should be notified by the Government at
    the earliest.
  • For ensuring the security of the personal data and privacy
  • of telecommunication consumers, personal data of
    telecommunication consumers should be encrypted during
    the motion as well as during the storage in the digital
    ecosystem.
  • Decryption should be permitted on a need basis
  • by authorised entities in accordance to consent of the
    consumer or as per requirement of the law.
  • All entities in the digital ecosystem including Telecom
  • Service Providers should be encouraged to share the
    information relating to vulnerabilities, threats etc in the
    digital ecosystem/ networks to mitigate the losses and
    prevent recurrence of such events.
  • A common platform should be created for sharing of
  • information relating to data security breach incidences by
    all entities in the digital ecosystem including Telecom
    service providers. It should be made mandatory for all
    entities in the digital ecosystem including all such service
    providers to be a part of this platform.
  • Sharing of information concerning to data security breaches should be encouraged and incentivised to prevent/ mitigate occurrences of data breaches in the future.
  • next story