July 17, 2018:

Telecom Regulatory Authority of India (TRAI) stated users have primary right over their personal information while entities controlling or processing this data are mere custodians who should be brought under a data protection framework to protect consumers from misuse of their personal data.

The TRAI Report further states that,“Each user owns his/ her personal information/data collected by/ stored with the entities in the digital ecosystem. The entities, controlling and processing such data, are mere custodians and do not have primary rights over this data”.

It states that,“The Right to Choice, Notice, Consent, Data Portability, and Right to be Forgotten should be conferred upon the telecommunication consumers,”

TRAI has recommended that ,“In order to ensure sufficient choices to the users of digital services, granularities in the consent mechanism should be built-in by the service providers”.

TRAI’s has made certain Recommendations on “Privacy, Security and Ownership of Data in the Telecom Sector” some of them are as follows:

  1. Each user owns his/her personal information/data collected by/stored with the entities in the digital ecosystem. The entities, controlling and processing such data, are mere custodians and do not have primary rights over this data.
  2. A study should be undertaken to formulate the standards for anonymisation/de-identification of personal data generated and collected in the digital eco-system. All entities in the digital ecosystem, which control or process the data, should be restrained from using meta-data to identify the individual users. The existing framework for protection of the personal information/ data of telecom consumers is not sufficient. To protect telecom consumers against the misuse of their personal data by the broad range of data controllers and processors in the digital ecosystem, all entities in the digital ecosystem, which control or process their personal data should be brought under a data protection framework.
  3. For the benefit of telecommunication users, a framework, on the basis of the Electronic Consent Framework developed by MeitY and the master direction for data fiduciary (account aggregator) issued by Reserve Bank of India, should be notified for telecommunication sector also. It should have provisions for revoking the consent, at a later date, by users. The Right to Data Portability and Right to be Forgotten are restricted rights, and the same should be subjected to applicable restrictions due to prevalent laws in this regard.
  4. Data Controllers should be prohibited from using “preticked boxes” to gain users’ consent. Clauses for data collection and purpose limitation should be incorporated in the agreements.
  5. Devices should disclose the terms and conditions of use in advance, before sale of the device.
  6. It should be made mandatory for the devices to incorporate provisions so that user can delete pre-installed applications if he/she so decides. Also, the user should be able to download the certified applications at his/her own will and the devices should in no manner restrict such actions by the users
  7. All entities in the digital ecosystem, including telecom service providers, should transparently disclose the information about the privacy breaches on their websites along with the actions taken for mitigation, and preventing such breaches in future.
  8. A common platform should be created for sharing of information relating to data security breach incidences by all entities in the digital ecosystem including telecom service providers. It should be made mandatory for all entities in the digital ecosystem, including all such service providers to be a part of this platform.

Read the Official Press Release @LatestLaws.com:

TRAI Press Release (Download PDF)

TRAI Press Release by Latest Laws Team on Scribd

Read the Full Report @LatestLaws.com:

TRAI Report (Download PDF)

TRAI Report by Latest Laws Team on Scribd

Share this Document :

Picture Source :