Trai’s right, we own our data, not firms

The Telecom Regulatory Authority’s (Trai) recommendations on data ownership and security have not come a day too early, when there is concern, worldwide and in India, over data protection and information privacy. The regulator has proposed that telecom users be treated as owners of their data and the firms that have access to and deal with it be considered as just custodians of the data. The firms include social media firms, telecom operators, third-party app makers or any other “controllers of personal data”. As individuals have the absolute right to their digital data, operators and other service providers should collect such data only with their consent, and it can be used only for the limited purpose for which the data is sought. The consent can be withdrawn and the user has the “right to be forgotten’’, which means the right to get all data erased without leaving a history.

These are principles that flow from the right to privacy and they are important for every citizen and consumer. The amount of data created and stored digitally is growing at an unprecedented rate. Organisations which have access to them have commercially misused them and even tried to influence elections. Facebook and Cambridge Analytica have found themselves in controversy over such misuse. There is concern over the possibility of data manipulation and misuse undermining the democratic process and citizen’s rights. The Trai proposal is therefore very relevant. The regulator has in the past also taken many steps to protect customers’ interests, like facilities to block unwanted commercial calls and communications. The data protection norms are more fundamental and far-reaching. There is low respect for protection of data in India. Aadhaar data has been made public many times. A telecom company opened bank accounts in the name of its customers without their knowledge and consent, using their Aadhaar consent, and the regulator had to stop it and impose penalties on the company.

The Trai proposals are not binding, and they are about data protection only in the telecom field. A committee headed by Justice BN Srikrishna is now working on a data protection law. Its report is awaited. The scope of the legislation will be much wider and the privacy of digital data will be a part of it. If the Trai recommendations are accepted and a privacy law on the basis of the commission’s report comes into being, that will help to set up a strong and comprehensive data security regime. The world is today data-driven, and many emerging technologies are based on data. So, it should also be noted that the idea is not to stop the flow of data but to prevent its misuse.