BUSINESS

Data privacy: Govt awaits Srikrishna panel's report before framing law

By Kiran Rathee & Mayank Jain
July 19, 2018 16:58 IST

IAMAI in a statement, which represents digital businesses in India, said Trai’s recommendation to formulate standards of anonymisation and de-identification was akin to putting the cart before the horse, and till such time the Srikrishna Committee submits the report, making these standards would be like groping in the dark.

Illustration: Dominic Xavier/Rediff.com

Even though the Telecom Regulatory Authority of India (Trai) has given its recommendations on data protection and privacy, the Centre is not likely to frame any law till the Justice B N Srikrishna-led panel submits its report to the government.

 

However, the Department of Telecommunications (DoT) will start examining those recommendations that fall under its purview.

According to officials in DoT and the information technology (IT) ministry, Trai recommendations will primarily act as an input to the Srikrishna-led panel, which is working on the broader aspects of data privacy and is likely to submit its report next month.

The panel is trying to form a consensus around data storage, processing, anonymity, and commercial use of data collected from citizens.

Telecom Secretary Aruna Sundararajan, who, also a member of the Srikrishna-led panel on data protection, told Business Standard that the recommendations by Trai are very substantive, timely, and valuable but as they cater to the whole digital ecosystem, DoT cannot be the only nodal body.

“Those proposals which fall in the domain of DoT, we will start examining them, the rest of the proposals will be taken up by the Srikrishna panel,” she said.

The nine-member committee also includes Unique Identification Authority of India chief executive officer Ajay Bhushan Pandey, a joint secretary of the IT ministry, among others.

Taking a lead to protect data of telecom consumers, Trai has recommended that users who own their data and entities in the digital ecosystem, which stores or processes such data, are mere custodians having no primary right over it.

The proposals have drawn mixed reactions from the stakeholders. Telecom operators have welcomed the recommendations but for others, including associations like Internet and Mobile Association of India (IAMAI) and Indian Cellular Association (ICA), the proposals have not gone down well.

Many have questioned Trai’s jurisdiction to regulate mobile apps, websites, and other over-the-top players.

Consultancy major EY said the starting point for any discussion around data privacy is the need for a common definition of what is personal data and what constitutes acceptable consent as well as its process.

“This is something that needs to be uniform across industry sectors or services. Looking at the larger picture, we need a central data privacy regulation which the Justice Srikrishna Committee has been set up to propose,” Vidur Gupta, partner, cybersecurity, government and public sector, EY India, said.

EY further said data privacy laws may need additional aspects from sector to sector, so while the Srikrishna Committee will make global recommendations, it is inevitable for multiple authorities and regulatory bodies to make their own set of recommendations, and it is likely that some of those could make it to the eventual report that will be floated for consultation.

ICA, the apex body of the mobile industry comprising manufacturers, brand owners, application and solution providers, distributors and retailers, questioned Trai’s jurisdiction on regulating players.

“No section of the Trai Act allows it to venture into privacy, ownership of data, and more importantly, regulating the digital ecosystem beyond telecom companies.  They have crossed the red line drawn by the Parliament, and are way outside their legislative limits. The Trai has no powers, and even less expertise in this space,” the ICA said.

The ICA has termed these guidelines “contentious and impractical” as the body said that these will threaten investor confidence in the country at a time when it is much needed.

“The cart of technical solutions should follow the horse of the actual enshrinement of data protection rights in law,” said Amba Kak, lawyer and policy advisor, Mozilla.

Kak also added that Trai’s regulations are “dangerous” in that the authority seeks to apply the telecom regulation framework “wholesale” to all the players in the ecosystem.

IAMAI in a statement, which represents digital businesses in India, said Trai’s recommendation to formulate standards of anonymisation and de-identification was akin to putting the cart before the horse, and till such time the Srikrishna Committee submits the report, making these standards would be like groping in the dark.

Additional inputs from Arnab Dutta and Surajeet Das Gupta in New Delhi

Kiran Rathee & Mayank Jain in New Delhi
Source:

Recommended by Rediff.com

NEXT ARTICLE

NewsBusinessMoviesSportsCricketGet AheadDiscussionLabsMyPageVideosCompany Email