Privacy rules may hit app-based business
New Delhi: The Internet and Mobile Association of India (IAMAI) on Tuesday said that Trai’s recommendation on data privacy will adversely affect app-based businesses in the country.
“Trai’s recommendations on privacy are premised on a voice and SMS regime. It is not meant for data driven businesses, which the app economy represents,” said IAMAI.
IAMAI said that the in-principle recommendations are around users’ ownership of data, no use of meta data to identify individuals and privacy by design principle coupled with data minimisation.
The Justice B.N. Srikrishna committee set up by information department is already examining them and other principles, it said.
“However, the TRAI recommendation to formulate standards of anonymisation (process by which data is shared while preserving privacy) and de-identification is akin to putting the cart before the horse, and till such time the Srikrishna committee report is out and a notification or a law is passed, making these standards would be groping in the dark,” it said.
IMAI said that Trai’s assertion that the existing framework is not sufficient to protect telecom consumers and current rules applicable to telecom operators is prima facie, contradictory.
It said that app companies pseudoanonymise (change the identity) the data and these companies do not retain/share call detail records.
“Incidentally, the Justice B.N. Srikrishna Committee under the Ministry of IT, which is the nodal body for apps as well as for handset manufacturers looking into the issue of consent, which is a fair thing to do,” said IAMAI.
According to IAMAI, if the same rules are applied, then there is a possibility that India will never be able to build data businesses.
Trai in its recommendation on Monday had said that the existing framework for protection of the personal information of telecom consumers in India is not sufficient.
To protect telecom consumers against the misuse of their personal data, it said that such companies should be brought under a data protection framework. In its recommendations, Trai said that till a general data protection law is notified by the government, all existing rules applicable to telecom operators for protection of users' privacy be made applicable to all the entities in the digital ecosystem.
For this purpose, government should notify the policy framework for regulation of devices, operating systems, browsers, and apps.