TRAI recommendations on “Privacy, Security and Ownership of Data in the Telecom Sector” is a step in the right direction and is on similar lines with EU General Data Protection Regulation (GDPR) which was finally approved by the EU Parliament on 14 April 2016 after it was debated for the last four years and was finally enforced on 25 May 2018 across the European Union.
It is the duty of both the parties i.e. regulator and technology companies to improve public’s trust and confidence in how private information is handled. TRAI has taken the first step and now it is for the industry to improve public’s trust and confidence.
Data privacy and data protection has become all the more important after Facebook and Cambridge Analytica revelations and it seems TRAI has made the right choice. Now, it is for the Department of Telecommunications (DoT) to decide whether they would wait for Justice BN Srikrishna Committee report on data protection or in the interim opt for TRAI recommendations on data privacy.
The big question is when global giants like Facebook, Twitter and Google can adhere to data protection law in Europe why can’t they adhere to similar regulations in India which looks like mini-GDPR?
India is a diverse country with 1.35 billion population and data collected from different devices, service providers, browsers, operating system and application is humongous. The data can be related to online activity, information stored in devices, information obtained from personal devices, personal details, family, lifestyle, social activities, employment, financial, health etc. The collected data is very helpful for Internet companies like Facebook, Twitter and Google for targeted marketing and use cases so they are interested in delaying it.
It has been a practice of Facebook, Twitter and Google that they keep on blocking data privacy regulation irrespective of geography and it is the regulator which takes the lead.
TRAI has given the right of data to users and not to data handling companies who are mere custodians of data so that it is not misused. Not only this, TRAI recommendations also says all entities in the digital eco-system should be encouraged to share the information relating to vulnerabilities, threats etc. to mitigate the losses and prevent recurrence of such events through a common platform which will help in faster rectification.
TRAI recommendations talks about implementation for the interim period and as and when Data Protection Law is notified by the government the same will be applicable for all stakeholders in the digital eco-system.