TRAI Recommendation on Privacy May Affect App-Based Businesses
Chennai, July 17, 2018: TRAI has yesterday published its recommendations on the much debated issue of privacy and data protection. The Authority has specifically recommended the following:
a) User is the owner and collecting and sharing agencies are custodians.
b) Study to formulate standards of anonymisation and de-identification.
c) No use of meta data to identify individuals.
d) The existing framework not sufficient to protect telecom consumers.
e) Current rules be applicable to TSPs.
f) Privacy by design principle coupled with data minimisation should be made applicable to all the entities in the digital ecosystem.
According to IAMAI, the in-principle recommendations are around users’ ownership of data; no use of meta data to identify individuals; and Privacy by design principle coupled with data minimisation. The SriKrishna committee set up MeitY is already examining them and other principles.
However, the TRAI recommendation to formulate standards of anonymisation and de-identification is akin to putting the cart before the horse, and till such time the Sri Krishna committee report is out and a notification or a law is passed, making these standards would be groping in the dark.
TRAI’s assertion that the existing framework is not sufficient to protect telecom consumers and current rules applicable to TSPs is prima facie, contradictory.
The TRAI recommendations on privacy are premised on a voice and SMS regime. It is not meant for data driven businesses, which the app economy represents. App companies pseudoanonymise the data; these companies do not retain/share Call Detail Records.
Incidentally, the Justice B N SriKrishna Committee under the Ministry of IT, which is the nodal body for apps as well as for handset manufacturers looking into the issue of consent, which is a fair thing to do.
According to IAMAI, if the same rules are applied, then there is a possibility that India will never be able to build data businesses.