The Telecom Regulatory Authority of India (Trai) on Wednesday came out with a paper aimed at evolving a clear law on data ownership, data protection, privacy and security for mobile phone users. The objective is to enable phone users to exercise more control over their personal data and prevent chances of misuse by various sources as privacy concerns have snowballed.

"Users of telecom devices are also consumers of telecom services and hence, device is an important part of access. There should be responsibilities with regard to data protection and security in the course of using telecom services," Trai Chairman R S Sharma said.

Trai said there are provisions for data protection and privacy under the IT Act, but we are yet to formulate a more comprehensive privacy and data protection law for the country. The consultation paper points out that devices used by individuals can collect large volumes of data about the user's behaviour.

Incidents have come to light where device manufacturers have distributed pre-installed software that allowed them to monitor the location, call and messaging activities of the device owners, the paper states. The observation comes in the backdrop of the turf war with US tech giant Apple which is reportedly not allowing convergence of Trai's Do-Not-Disturb app on its iOS platform.

The Trai app allows users to flag pesky calls and unsolicited messages directly to the regulator. Citing provisions under the Indian Telegraph Act, Trai said preserving data confidentiality is a fundamental motivator for ensuring security of telecom infrastructure and vulnerabilities in the telecommunication infrastructure can lead to disruption of basic services with a severe impact on citizens, businesses and the delivery of public services.

The regulator has noted that many mobile applications seek access to subscriber data like call records, access to microphone, pictures, SMS and the like which may not be required for providing the service desired by the user. The one-sided nature of these arrangements with an uneven bargaining power between the provider and the user implies that the user often does not have an effective choice in the matter.

The app may not be available for use without authorising those permissions, the consultation paper states. The consultation paper on privacy, security and ownership of the data in the telecom sector has sought public views on data protection in relation to the delivery of digital services. Trai has set deadline of September 8 for comments on the paper and September 22, 2017, for counter comments.

