“Each user owns his/her personal information/data collected by/stored with the entities in the digital ecosystem,” the regulator stated this week. “The entities, controlling and processing such data are mere custodians and do not have primary rights over this data.”
It went on to suggest that, in the absence of a general data protection law, all organisations handling such data, including smartphone manufacturers, operating systems and browsers, and apps and platforms, should be required to operate under the same licence conditions that apply to telecom service providers.
TRAI further advocated that any data collected should be the least amount needed to provide a particular service, echoing the constraints recently imposed by the General Data Protection Regulation (GDPR) in Europe.
And, in another nod to European practice, it recommended that users be able to ask companies to erase details furnished online.
“The right to choice, notice, consent, data portability, and right to be forgotten should be conferred upon the telecom consumers,” TRAI said. “Granularities in the consent mechanism should be built-in by the service providers.”
While telcos and internet service providers (ISPs) were supportive of TRAI’s stance, app developers were less welcoming, the Economic Times reported.
According to Rajesh Chharia, president of the Internet Service Providers Association of India (ISPAI), having app developers come under the same rules “will force them to take greater responsibility on this score, which is ultimately good for the consumer”.
The issue of consumer data and privacy has been become a major issue in the UK and US following revelations about how Facebook allowed the personal data of millions of users to leak to analytics company Cambridge Analytica, a firm that worked for both the Trump presidential campaign and the UK campaign to leave the EU.
Sourced from Economic Times; additional content by WARC staff