Data ownership key to data protection: Trai chief

27 Oct 2017

Amidst a raging controversy over Aadhaar-related data leaks, the Telecom Regulatory Authority of India (Trai) has floated a consultation paper on data ownership, which is key to defining the privacy and security of data.

Trai chairman R S Sharma on Thursday said the issue of data protection involves its possession, ownership and control. Trai, he said, is committed to data protection and has proposed fixing responsibility for various stakeholders in the value chain to ensure that customers' data is safeguarded.

And, with 90 per cent of the data traffic on the internet being controlled by a few firms, Sharma said, it is the right time to have such deliberations. Sharma said ''monopolisation'' of data is taking place at a ''huge'' rate and it is the authority's responsibility to ensure that the consumer is protected. He,however, did not name any company

Talking about the consultation paper, Sharma said that in February 2016 Trai had banned the use of discriminatory pricing of data by telecom operators. ''This decision was taken to ensure that the content and the pipe (telecom operator's network) are really effectively separate and that decision benefited lot of these content companies in some sense. But, then let's also understand that there is a huge amount of monopolisation that is happening and 90 per cent of the data traffic on the internet is actually controlled by only a few companies,'' he added.

The Trai chairman was speaking at 'i-Bharat 2017' organised by the Federation of Indian Chambers of Commerce and Industry (FICCI). He also stressed that the information privacy, security and data ownership, needed to be defined.

Sharma stressed that there is a need to have such discussions about the ownership of data and issues like taxation. His statement assumes significance in the background of the ongoing debate over linking of Aadhaar with mobile phones.

Speaking on consumer protection, he said, ''There is a huge issue of bounded rationality, which means that user is aware of tomorrow or day after, but he or she is not aware of the long-term consequences on this data being in the hands of somebody else''.

Bounded rationality signifies that when an individual makes a decision, his or her rationality is limited by the tractability of the decision, limitations of his or her mind and the time available to make such a decision.

According to Trai, the rationale for intervention is also on account of under-estimation by consumers about the value of their personal data and ignorance about the scale and use of data being collected. The ability of data collectors to unilaterally change their privacy policies also contributes to this asymmetry.

''Also, in the name of privacy policies, many entities show that they are trying to protect users' data, but actually these entities can use this data the way they want to use it. So Trai is not there to decide on the larger question of data ownership, data privacy and data security, but it certainly has the responsibility of customer protection and to decide these issues in the smaller domain of telecom,'' Sharma said.

Today, data is being collected by a number of stakeholders and it is the duty of Trai to ensure the responsibility of these stakeholders, he said.

Speaking to reporters later, the Trai chairman said the regulator is working on a couple of consultations - net neutrality and regulatory principles of tariff assessment - and will be coming out with recommendations and regulations on them ''very soon''.

''It should happen within this financial year,'' he said.