TRAI to begin consultation on mobile apps seeking user data

TRAI chief declined to specify whether the consultation would result in norms or regulations.

July 23, 2017 02:36 pm | Updated 02:38 pm IST - New Delhi

Chairman of TRAI R.S. Sharma.

Chairman of TRAI R.S. Sharma.

Mobile apps seeking blanket access to phone users’ information — even if irrelevant to their functions — have come under the lens of Trai, which will start consultation on data privacy and security in the telecom sector, according to a top official.

“There should be a link between what an application does and information the application is asking for... You will see a consultation paper... we are working on the issue,” Telecom Regulatory Authority of India (TRAI) Chairman, R S Sharma, told PTI.

On Friday, the Centre told the Supreme Court that data of users are “integral” to the right of life and personal liberty guaranteed under the Constitution and it would come out with regulations to protect the same.

The submission by the Centre was made before a five-judge Constitution bench headed by Justice Dipak Misra which was examining the contentious issue of 2016 privacy policy of WhatsApp.

Without referring to the case, Mr. Sharma in a recent interview emphasised that information a mobile app asks for should be relevant to its purpose and that “minimal information principle” needs to be followed in normal course.

“If an app has nothing to do with your, say, gender, then it should not ask for such information. That is the broad principle,” Mr. Sharma said, citing an example.

The TRAI chief declined to specify whether the consultation would result in norms or regulations around data privacy and security, saying it is “premature”.

“I will raise various issues during consultation... the form (it takes) will depend on what stakeholders say, and also how much right we have as a regulator...,” he added.

At present, discussions have started internally within TRAI to look at these issues of data security and privacy in the telecom sector, he noted.

Sharma said he had flagged the matter at a recent ITU global symposium of regulators and stressed on the need for regulators to come together to fix “international norms” in this regard.

“...In case I am downloading an app and it asks for 20 information, completely irrelevant... and if I don’t provide that information, it does not download... then there should some basis for information that an application can ask for,” he said.

When contacted, Pavan Duggal, advocate, Supreme Court and a cyber law expert, said there are no adequate laws to govern mobile apps.

“The current dispensation is not enough. The IT Act is India’s only legislation governing the mobile ecosystem. But it has not gone in the direction of stipulating parameters of due diligence to be done by mobile app service providers,” he said.

Consequently, people’s data are continuously being used by “rogue apps” with consumers having no effective legal remedy, Duggal claimed, adding that Indian laws must therefore stipulate cyber security parameters for mobile apps.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.