[ad_1]
The Telecommunications Regulatory Authority of India (Trai) said on Monday that users had their data, while the entities of the digital ecosystem storing or processing such data were of simple depositories. The authority stated that it was limiting its recommendations to telecommunication service providers (TSPs), as the broader issues of data protection for all sectors would be dealt with by the committee led by Judge BN Srikrishna .
The recommendations came at a time when growing concerns about the privacy and security of user data, especially across mobile applications and social media platforms.
These recommendations, when accepted by the government, will mean that entities such as browsers, mobile applications, devices, operating systems, and service providers will not be able to share data. with third parties without obtaining the consent of the customers. The current rules on data protection under the Information Technology Act are not sufficient. A Trai official stated that the conditions of license applicable to telecommunications service providers did not permit the sharing of call detail records with third parties, but there is no rule for digital entities. according to Trai. It has also been proposed that the privacy principle badociated with data minimization be applicable to all entities in the digital ecosystem.
The right to forget allows users to delete data that they deem to be insignificant or prejudicial
The regulator added, however, that the right to portability of data and the right to data forgetting are restricted. Reacting to Trai's recommendations, the telecommunication body COAI said: "We are pleased that the regulator is asking for all digital entities to be placed under a data protection framework … By making this recommendation, it is a good idea to make the right thing." the regulator ensures that no waivers are granted to a service provider, while subjecting them to the rules to comply with national standards for security and privacy. "[19659002] In its recommendations on confidentiality, security and ownership of data in the telecommunications sector, the Trai said:" Until a general law on data protection is notified by the government, the existing rules / conditions of license the privacy of the users be made applicable to all entities of the digital ecosystem. To this end, the government should notify the policy framework for the regulation of appliances, operating systems, browsers and applications. "
Trai says that it was noted that the entities of the digital ecosystem collect personal data from users even when such data may not be necessary for the operation of such an application or of such a device.
Sharing an example, the regulator says to use an application that activates the flashlight as a torch on a mobile device, the application asks permission from & # 39; Access to camera, microphone and contact list, etc. "It has also been reported that applications can deploy a cascading consent model in which once an entity has given its consent for a particular application or service, the entity translates the consent to many other entities without obtaining explicit consent or Trai said:
Proposing various data protection measures, Trai stated that e all entities in the digital ecosystem, which control or process the data, should be prevented from using metadata to identify individual users. To protect telecoms consumers against the misuse of their personal data by a wide range of data controllers and processors in the digital ecosystem, Trai has recommended that all entities in the digital ecosystem that control or process their personal data are protected. "At the moment, these are just recommendations and in what form they will translate into law, we do not know," said Amber Sinha, senior manager of the Center for Internet and Society program. Ideally, there should be an omnibus data protection law, he said. "It's a good thing that they're starting to develop their points of view, but it's critical that the government bodies come to consensus on the principles, so that there is no problem." major conflicts. "
Trai recommends to prohibit data controllers from the use of "pre-mixed boxes" to obtain the consent of users and devices must disclose the terms and conditions of use to the & # 39; 39, advance, before the sale of the device.
The regulator proposed that, in order to ensure sufficient choices for digital service users, the granularities in the consent mechanism should be integrated by service providers. Commenting on the proposals, Apar Gupta, a New Delhi-based lawyer, said that Trai had addressed data protection of a property point and not the protection of privacy as a human right even though the Supreme Court reiterated this point last year. "The problem is that there are more government controls and checks and balances on the rights of people in the data ownership model.These rules will form all parts of the transmission data electronically," he said. Gupta.
million. Trai recommended that devices be required to incorporate provisions so that users can remove preinstalled applications as they wish. "To ensure the privacy of users, the national policy of encrypting personal data, generated and collected in the digital ecosystem, should be notified by the government at the earliest," said the regulator.
Trai suggested that all entities in the digital ecosystem, including telecommunications operators should transparently disclose information about privacy breaches on their websites as well as measures taken for the Mitigation, and Preventing Future Violations
[ad_2]
Source link
