In significant recommendations concerning privacy, TRAIsaid today firms collecting user data don’t have a right over it and emphasised that consumers’ consent should be mandatory and they should also be given the ‘Right to be Forgotten’.
Terming the existing data protection framework as inadequate, the Telecom Regulatory Authority of India (TRAI) in a set of recommendations to DoT said that companies should not use meta-data to identify users and should disclose any data breaches.
Stating that each user owns his/her personal data and information submitted to any entity, it said entities controlling and processing user data are “mere custodians” and all of them should be brought under a data protection framework.
Rules for protection of personal data in the telecom space are not sufficient, regulator said TRAI. “This is the first time TRAI is being bold enough to venture into this area.
Some of the key points of TRAI’s recommendation were
All entities in the digital ecosystem, which control or process the data, should be restrained from using meta-data to identify the individual users.
Data Controllers should be prohibited from using “preticked boxes” to gain users consent. Clauses for data collection and purpose limitation should be incorporated in the agreements.
Sharing of information concerning to data security breaches should be encouraged and incentivised to prevent/mitigate such occurrences in future. The recommendations from TRAI come at a time when there are rising concerns around privacy and safety of user data, especially through mobile apps and social media platforms.