Trai chairman RS Sharma has said that the industry has presented a need for data protection framework under which apps should be regulated. He furthered his statement by saying that Aadhaar is an exemplary service for this framework since there is a limit on how much data access is allowed for Aadhaar. On similar lines, there should be a limit on how much data these apps are allowed to take in. Sharma said to PTI, "For Aadhaar enrollment, we collect just four set of data - your name, date of birth and your communication address. Nothing more, nothing less. Similarly, every app must collect as much data as is required.” He further added, "Data minimisation should be one of the principles just as Unique Identification Authority of India (UIDAI) adopts to collect data of people.”
According to Sharma, it is the government’s responsibility to develop rules which could govern the data intake by these companies. On being asked about whether or not Trai is responsible for implementation of these rules, he said that he has the jurisdiction to protect consumers’ interest in the telecom sector.
Sharma said about the framework “There are different rules for different sectors. For example in telecom, the maximum encryption is proposed to be 40 bits. UIDAI has the highest level of encryption where it is 2048 bits. So, what we are saying is that probably there is a need to have a general policy on encryption and we are not saying that we should apply the same encryption standard.”
The chairman was also of the thought that there is a regulatory imbalance in the digital ecosystem, as the app companies are going on rampantly without any regulation. There should be a digital framework similar to Aadhaar and telecom sector which governs the data laws related to these applications.
If implemented, these laws will significantly affect how companies like Paytm, Apple and Facebook operate in India. The statement by Trai chairman comes weeks after GDPR, another data regulatory framework recently implemented in the UK. He said that the Trai wouldn't be using the same encryption for different sectors including Aadhaar or telecom sector.
