The Telecom Regulatory Authority of India (Trai) on Monday said the existing framework for the protection of user data was not sufficient and added all entities in the digital ecosystem, including devices and applications, must be brought under a data protection framework.
All entities in the digital ecosystem including service providers, devices, browsers, operating systems and applications would have to be brought under a privacy framework, the regulator said.
The European Union in May brought into effect new privacy regulations in the bloc, forcing companies to be more attentive to how they handle customer data, while bringing consumers new ways to control their data and tougher enforcement of existing privacy rights.
Backing the regulator's decision, the Cellular Operators Association of India (COAI) said a new privacy framework would ensure the privacy of users is protected and maintained.
"The regulator by making this recommendation, is ensuring that no exception is made for any service provider, while subjecting them to the rules to meet the national security and privacy norms, i.e. same service same rule should be established for similar service providers," Rajan Mathews, director general, COAI said.
Here are the key highlights of Trai's recommendations:
Right to be Forgotten should be conferred upon the
restricted rights, and the same should be subjected to
applicable restrictions due to prevalent laws in this regard.
of agreements/ terms and conditions be made mandatory
for all the entities in the digital ecosystem for the benefit
boxes” to gain users consent. Clauses for data
collection and purpose limitation should be incorporated in
advance, before sale of the device. It should be made mandatory for the devices to incorporate provisions so that user can delete such pre-installed
applications, which are not part of the basic functionality of
the device, if he/she so decides. Also, the user should be
able to download the certified applications at his/ her own
will and the devices should in no manner restrict such
actions by the users.
awareness about data protection and privacy issues so that
the users can take well informed decisions about their
redressal of telecommunication consumers' grievances
relating to data ownership, protection, and privacy.
encryption standards, stipulated in the license conditions
for the TSPs, to align them with the requirements of other
encryption of personal data, generated and collected in the
digital eco-system, should be notified by the Government at
of telecommunication consumers, personal data of
telecommunication consumers should be encrypted during
the motion as well as during the storage in the digital
by authorised entities in accordance to consent of the
consumer or as per requirement of the law.
Service Providers should be encouraged to share the
information relating to vulnerabilities, threats etc in the
digital ecosystem/ networks to mitigate the losses and
prevent recurrence of such events.
information relating to data security breach incidences by
all entities in the digital ecosystem including Telecom
service providers. It should be made mandatory for all
entities in the digital ecosystem including all such service
providers to be a part of this platform.
First Published: IST