Mobile apps seeking blanket access to phone users’ information – even if irrelevant to their functions – have come under the lens of TRAI, which will start consultation on data privacy and security in the telecom sector, according to a top official.
“There should be a link between what an application does and information the application is asking for… You will see a consultation paper… we are working on the issue,” Telecom Regulatory Authority of India (TRAI) Chairman, R S Sharma, told PTI.
On Friday, the Centre told the Supreme Court that data of users are “integral” to the right of life and personal liberty guaranteed under the Constitution and it would come out with regulations to protect the same.
Without referring to the case, Sharma in a recent interview emphasised that information a mobile app asks for should be relevant to its purpose and that “minimal information principle” needs to be followed in normal course.
“If an app has nothing to do with your, say, gender, then it should not ask for such information. That is the broad principle,” Sharma said, citing an example.
The TRAI chief declined to specify whether the consultation would result in norms or regulations around data privacy and security, saying it is “premature”.
“I will raise various issues during consultation… the form (it takes) will depend on what stakeholders say, and also how much right we have as a regulator…,” he added.
At present, discussions have started internally within Trai to look at these issues of data security and privacy in the telecom sector, he noted.
Sharma said he had flagged the matter at a recent ITU global symposium of regulators and stressed on the need for regulators to come together to fix “international norms” in this regard.
“…In case I am downloading an app and it asks for 20 information, completely irrelevant… and if I don’t provide that information, it does not download… then there should some basis for information that an application can ask for,” he said.
When contacted, Pavan Duggal, advocate, Supreme Court and a cyber law expert, said there are no adequate laws to govern mobile apps.
“The current dispensation is not enough. The IT Act is India’s only legislation governing the mobile ecosystem. But it has not gone in the direction of stipulating parameters of due diligence to be done by mobile app service providers,” he said.
Consequently, people’s data are continuously being used by “rogue apps” with consumers having no effective legal remedy, Duggal claimed, adding that Indian laws must therefore stipulate cyber-security parameters for mobile apps.