has said that the current framework of privacy is not sufficient and there needs to be a stopgap measure to protect user privacy till the time Justice Srikrishna-led panel brings out India’s privacy law. Srikrishna panel is looking deeply into issues of data storage, processing, anonymity, and commercial use of data collected from citizens.
But this is not where the problem lies. Lawyers say that without the backing of a privacy law, these guidelines are going to be toothless.
“It is good that Trai
thought about it, but it is nothing but a regulatory stopgap measure which needs to be passed by the law till we have a comprehensive strong data protection
law in place, and the regulations recognise that and state so. Without such data protection, people are left vulnerable,” said Delhi-based cyber lawyer Apar Gupta.
This was echoed by Raman Chima, a lawyer who deals with data protection
and privacy laws. Chima said these regulations will need licences and legal backing to work as there is no legal authority backing these guidelines without which these will not stand in a court of law, should anyone challenge it.
Meanwhile, handset makers are not too happy with these regulations either as they questioned Trai’s jurisdiction on regulating players which do not need licences from the authority.
“No section of the Trai Act allows it to venture into privacy, ownership of data, and more importantly, regulating the digital ecosystem beyond telecom companies. They have crossed the red line drawn by Parliament, and are way outside their legislative limits. Trai has no powers, and even less expertise in this space,” said a spokesperson from Indian Cellular Association (ICA), which is an industry body of mobile phone manufacturers.
The ICA has termed these guidelines “contentious and impractical” as the body said these will threaten investor confidence in the country at a time when it is much needed.
Xiaomi, however, said that it is reading into these guidelines and remains committed to user privacy as it uses the highest levels of encryption.
A similar view is seen from internet companies such as Mozilla, which runs open-source software, including their popular browser.
“The cart of technical solutions should follow the horse of the actual enshrinement of data protection rights in law,” said Amba Kak, lawyer and policy advisor, Mozilla.
Kak also added that Trai’s regulations are “dangerous” in that the authority seeks to apply the telecom regulation framework “wholesale” to all the players in the ecosystem.
Trai cannot act beyond its authority to regulate telecom companies, said Rajan Matthew, director-general of Cellular Operators Association of India.
“I do not think Trai has jurisdiction on data protection beyond telecom operators, internet service providers, mobile virtual network operators, and broadcasters. It has no jurisdiction for mobile device manufacturers, app service providers, and browser providers,” he said.
Another executive of a leading telecom company said they welcome Trai’s move to consider data protection as a serious issue in the industry but it remains unclear whether Trai can actually implement these.
“There is no doubt that telcos as well as content providers and apps are the repository of data and should not share it or use it for their own business purpose. I think what Trai has done is consumer-friendly and is focusing on what the consumer wants. However, we have doubts whether Trai really has the jurisdiction on such areas at all,” the executive said.