TRAI clarifies that people own their data, companies holding it are just ‘custodians’

TRAI ‘suggested’ that all digital websites including telecom operators “should clearly disclose information about the privacy breaches on their websites.”

  • Published: July 17, 2018 11:22 AM IST
Telecommunication telephone signal tower 805

TRAI (Telecom Regulatory Authority of India) has issued a clarification about its stand when it comes to the “user data privacy” debate. The regulatory body stated that users are the real owners of their personal data and all the other companies that have stored that data or any information about the user data are acting merely as the “custodians” of the data. This means that they don’t really have any rights over the data that they hold. According to a detailed report by Business Today India, TRAI went on to add that the “present norms around the user data privacy” in the country are not enough.

The regulatory also added that users should be given the choice to protect their privacy while issuing a number of recommendation regarding “privacy, security, and ownership of data in telecom networks”. As pointed out in the report, the recommendation went on to state, “the right to choice, notice, consent, data portability, and right to be forgotten should be conferred upon the telecommunication consumers.” According to the report, TRAI pointed out that telecom companies “need” to make the ‘consent mechanism’ user-friendly and transparent so that it is easier for users to take decisions after a ‘sufficient’ amount of choices are presented to the user.

Watch: OnePlus 6 Red First Look

To simplify, telecom companies need to offer enough choices to its users while ensuring that they are easy to understand so that the user can make her/his own choices about their privacy.

In addition to that, TRAI ‘suggested’ that all digital websites including telecom operators “should clearly disclose information about the privacy breaches on their websites” including the actions that the company or the organization has taken to mitigate the breach or security vulnerability so that the breaches are not repeated in the future. As pointed by the report, this comes months after a parliamentary standing committee suggested that the government should come with a legislation for data privacy.

TRAI also added that government of India “should” put in place a redressal mechanism to telecom customers about issues related to privacy, data ownership, and protection. This is a good move on the part of TRAI as the country progressively moves to digital infrastructure for the most basic of needs. As the number of users using digital services to store their personal data online increases, the organizations, and websites progressively become more attractive targets for cybercriminals.

These recommendations will ensure that in the case of a cyber attack, companies that are responsible for safekeeping the data are held liable. It also makes it clear that the companies can’t sell user data for their own profit.

  • Published Date: July 17, 2018 11:22 AM IST