TRAI Chairman RS Sharma has said apps should collect minimal data just as UIDAI does to give 12-digit Aadhaar numbers to people.
Some apps are ridiculously collecting more-than-required data and the customers are unaware of what is being done with it, he said.
Advertisement
“For Aadhar enrollment, we collect just four set of data – your name, date of birth and your communication address. Nothing more, nothing less. Similarly every app must collect as much data as is required,” Sharma told ET Now in an interview on 17 July.
“Data minimisation should be one of the principles just as Unique Identification Authority of India (UIDAI) adopts to collect data of people,” he said.
TRAI had noted that the existing framework of data protection of telecom consumers is “not sufficient” and that all entities in the digital ecosystem which handle personal data should be brought under a data protection framework.
These recommendations are expected to have wide reaching implications for tech titans like Apple and Facebook as well as apps like Paytm.
Asked whether the DoT has powers to create rules or regulations proposed by TRAI, Sharma said it was for the government to decide. To a question if TRAI had power to implement such rules before the government legislated them, Sharma replied that he had the jurisdiction to protect consumers’ interest in the telecom sector.
Sharma said there was regulatory imbalance because these entities are not following any law and till the government comes up with a broad framework, it is but prudent to apply telecom rules on them.
Replying to a query, Sharma said TRAI was not for applying same encryption standards for different sectors including telecom or Aadhaar. “There are different rules for different sectors. For example in telecoms, the maximum encryption is proposed to be 40 bits. UIDAI has highest level of encryption where it is 2048 bits. So, what we are saying is that probably there is a need to have a general policy on encryption and we are not saying that we should apply same encryption standard,” he said.
Sharma said the encryption standard should be proportional to the security that needs to be achieved.