Mobile apps seeking blanket access to phone users' information ,even if irrelevant to their functions ,have come under the lens of Trai, which will start consultation on data privacy and security in the telecom sector.
Regulator Trai has already invited public views on contentious net neutrality issue to finalise a framework that would ensure telecom operators do not manipulate network speeds for giving preference to any website or platform over internet.
The Telecom Regulatory Authority of India, which has been discussing the issue of net neutrality (NN) in phases, has floated idea of identifying a body that should be responsible for monitoring and supervision of any NN violations.
“There should be a link between what an application does and information the application is asking for… You will see a consultation paper… we are working on the issue,”
The data of users are “integral” to the right of life and personal liberty guaranteed under the Constitution and it would come out with regulations to protect the same. The submission by the Centre was made before a five-judge Constitution.
The information a mobile app asks for should be relevant to its purpose and that “minimal information principle” needs to be followed in normal course. “If an app has nothing to do with your, say, gender, then it should not ask for such information. That is the broad principle,” Sharma said, citing an example. The Trai chief declined to specify whether the consultation would result in norms or regulations around data privacy and security, saying it is “premature”. “It will raise various issues during consultation… the form (it takes) will depend on what stakeholders say, and also how much right we have as a regulator…"
At present, discussions have started internally within Trai to look at these issues of data security and privacy in the telecom sector, he noted. Sharma said he had flagged the matter at a recent ITU global symposium of regulators and stressed on the need for regulators to come together to fix “international norms” in this regard. “…
"In case I am downloading an app and it asks for 20 information, completely irrelevant… and if I don’t provide that information, it does not download… then there should some basis for information that an application can ask for,” he said.
A cyber law expert, said there are no adequate laws to govern mobile apps.
The current dispensation is not enough. The IT Act is India’s
only legislation governing the mobile ecosystem. But it has not gone in the direction of stipulating parameters of due diligence to be done by mobile app service providers,”. Consequently, people’s data are continuously being used by “rogue apps” with consumers having no effective legal remedy.
Indian laws must therefore stipulate cyber security parameters for mobile apps