Here is What India's Telecom Regulator Has to Say About Data Privacy

While submitting the recommendations to the Srikrishna Committee, the regulator also acknowledged the fact that the existing framework for data protection of consumers is not sufficient

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

As the Justice BN Srikrishna Committee is also set to table the draft of the Data Protection Bill, the Telecom Regulatory of India (TRAI) is of the opinion that data is purely owned by the users, and industry stakeholders, who include telecom companies and digital services providers, are merely custodians of it.


While submitting the recommendations to the Srikrishna Committee, TRAI also acknowledged the fact that the existing framework for data protection of telecom consumers is not sufficient and there is a need of a robust law to protect users against the misuse of their personal data in the digital ecosystem.

Elaborating on the user empowerment, TRAI recommended that “Right to Choice, Notice, Consent, Data Portability, and Right to be Forgotten” should be conferred upon the users. While on the data privacy side, the watchdog advised the Department of Telecom to revisit encryption standards.

“To ensure the privacy of users, National Policy for encryption of personal data generated and collected in the digital eco-system, should be notified by the Government at the earliest,” the authority shared.

Additionally, TRAI also believes that despite the adoption of best practices, breaches are bound to happen and hence encouraged telecom industry stakeholders and digital service provider to share data security-related breaches which can prevent occurrences and mitigate risk.

“All entities in the digital ecosystem should transparently disclose the information about the privacy breaches on their websites along with the actions taken for mitigation, and preventing such breaches in future,” it recommended while adding that, “A common platform should be created for sharing of information relating to data security breach incidences by all entities.”

Need of the Hour

The global volume of digital data created annually was 4.4 zettabytes in 2013 and it is expected reach 44 zettabytes by 2020. While on the other side, it is predicted that the number of devices connected to the IP Networks would be approximately three times the global population by 2021, which simply translates to the fact that data would be the most sought-after commodity in the near future.

Globally, companies have already started to realize the potential of user data which has further led to the invention of innovative business models for improving customer experience. However, there have been multiple reports of data breaches too

In fact, earlier this year, Facebook was caught in its one of biggest controversy wherein the social media company was accused of mishandling data of more than 50 million users, which includes about 562,120 Indian users. As of January 2018, India is the largest market for Facebook with more than about 250 million active users followed by the United States, Brazil and Indonesia.

EU’s General Data Protection Regulation or the GDPR has created a roadmap for many other countries, including India. And just like GDPR, India’s upcoming data privacy law will have a direct impact on the telecom sector, software companies, product manufacturers, and global dotcom companies including the likes of Facebook, Google and Amazon; however, time would decide on its effectiveness.