India: TRAI’s Framework on Data Ownership, Privacy and Security on its way

June 26, 2018
Telecom Regulatory Authority of India


TRAI Regulations on the development of Telecom sector in India

The Telecom Regulatory Authority of India (hereinafter referred to as the ‘TRAI’) is going to come out with the privacy, security and ownership of telecom data norms soon. While highlighting the importance of the upcoming regulation, the officials asserted the growing imminence of information technology and its value as a critical and indispensable asset for the economic and social development of the country. It is undoubtedly requisite to have a national data protection policy in today’s era, especially against the backdrop of revelations like the Cambridge Analytica data scandal.

In furtherance of formulation of the regulation, TRAI had come out with a consultation paper on ‘privacy, security and ownership of data in the telecom sector’ and sought comments and counter comments from stakeholders in August 2017. The aim of this consultation paper was to identify the key issues pertaining to data protection in relation to the delivery of digital services. Data protection in this context is understood to mean the ability of individuals to understand and control the manner in which information pertaining to them can be accessed and used by others. Therefore, the emphasis of the regulation is on informational privacy, which forms a subset of the broader concept of ‘privacy’ that encompasses many other philosophical, psychological, sociological, economic and political perspectives.

The paper discusses the privacy concerns that emanate from the activities of a variety of other stakeholders that process and control the personal data of users. This includes stakeholders like content and application service providers, device manufacturers, browsers, operating systems, etc. Apart from deliberating upon the importance of data protection and various stakeholders of the digital eco-system, it also discusses various data privacy laws adopted by other countries, to bring more perspective to the formulation of the aforementioned regulations. In addition to the e-Privacy directive, the paper discussed EU’s Data Protection Directive (95/46/EC), which will be replaced by the GDPR with effect from May, 2018, and number of laws governing data protection in the United States.

Though the paper’s outline of a stringent framework of rules for telecoms to protect their users’ data from being misused by advertisers or malafide abuse has been welcomed as a positive change, it has also kindled some controversy with the top telcos, including Airtel, Idea Cellular and Reliance Jio. These companies have urged for ‘equally and uniformally’ applicable regulation that brings under its ambit over-the-top (OTT) apps like WhatsApp and Viber in the same way that carriers were adhering to under present license norms. Therefore, though the existence of the upcoming data privacy regulation is essential for protecting the fundamental rights of the citizens and protecting its private sphere, but the implementation of such a policy is still imprecise as of now.

For more information please contact us at :