India’s telecom regulator on Monday said the existing framework for the protection of personal data by companies and service providers was insufficient and recommended stricter rules to tackle data breaches.
The Telecom Regulatory Authority of India (TRAI) also said entities controlling and processing user data do not have primary rights over that data.
The recommendations on privacy, security and ownership of data were provided to the federal government’s Department of Telecommunications, which drafts the final policy on these matters.
“All entities in the digital eco-system, which control or process the data, should be restrained from using metadata to identify the individual users,” noted TRAI in a statement.
Recommending a study to formulate standards for de-identification of personal data generated in digital ecosystem, TRAI has asked the government for a policy framework on regulation of devices, operation systems, browsers, applications among other things.
The TRAI recommendations come in the aftermath of the data breach controversy at social media behemoth Facebook, which saw millions of users’ data improperly accessed by political consultancy Cambridge Analytica to support US President Donald Trump’s 2016 election campaign.
Also, the European Union in May brought into effect new privacy regulations in the bloc, forcing companies to be more attentive to how they handle customer data, while bringing consumers new ways to control their data and tougher enforcement of existing privacy rights.