Indians have full control over the data they share online and the right to decide how this information can be used by companies, the country’s telecom regulator has said.
“Each user owns his/her personal information/data collected by/stored with the entities in the digital ecosystem,” the Telecom Regulatory Authority of India (TRAI) said on July 16. “The entities, controlling and processing such data, are mere custodians and do not have primary rights over this data.”
Such data include information about goods and services procured and online activity, material stored on personal devices, and details related to family, employment, finances, lifestyle, and social activities, among others, according to a set of recommendations (pdf) TRAI issued for the sector.
These recommendations are in line with an August 2017 supreme court ruling recognising privacy as a fundamental right.
In addition, TRAI said users in India must have the ”right to be forgotten” wherein they can ask companies to erase the details they furnish online. This is in tune with global practices. For instance, the European Union and Argentina already give users the right to be forgotten.
In India, though, it has not been put to practice fully. In February 2017, the Karnataka high court upheld this right for the first time in the country but many such cases have been dismissed in the past.
These recommendations come in the aftermath of the Cambridge Analytica voter-manipulation scandal, which leaked the data of millions of Facebook users worldwide, including from India. TRAI also said that firms must disclose the information about privacy breaches on their websites and mention the actions taken to prevent them.
“This (recommendation paper) would include all devices, operating systems, browsers, and applications and would be a welcome stop-gap measure till rules and regulations of the telecom services providers are applicable to them,” said Rajan S Mathews, director general of industry group Cellular Operators Association of India. “This will ensure, in prevailing circumstances, that the privacy of users is protected and maintained.”
Below is a snapshot of TRAI’s recommendation: