Large operators including Airtel and Idea Cellular have argued that stringent data protection rules applicable to them should also apply ‘equally and uniformally’ to other players like over-the-top (OTT) apps. They said this in response to the Telecom Regulatory Authority of India’s (TRAI) discussion paper on privacy, security and ownership of data in the sector.
These operators as also cellular industry body COAI have propagated ‘same service same rules’ for stakeholders including OTT communications providers who offer voice telephony or messaging services that are similar to that of telecom firms. OTT refers to applications and services which are accessible over the internet and ride on operator networks offering internet access services such as social networks, search engines and video aggregation sites.
“In this sector, customer privacy has three significant sources of vulnerabilities — device, network and content providers — and any law that limits its scope to telecom service providers alone will not be able to holistically address the issue of protection and privacy of personal data,” Bharti Airtel said. Telecom firms and the other players operating in the same internet ecosystem and dealing with same personal data are governed by different rules and regulations, it said.
It said provision of data privacy and protection embedded in the licences of telecom operators was robust and apt. The same rules however did not apply to other entities like OTT communication service providers, content providers, device manufacturers, browsers, operating system providers that also function in the internet ecosystem, Airtel said. “For example, while TSPs (telecom service providers) are not allowed to send the personal data of their customers outside India, there is no such prohibition/restriction on other players,” it said in a written response to TRAI.
Idea Cellular also said that OTT players offering comparable services operate in a “free, unregulated market environment” and various norms are followed by the telecom operators to safeguard consumer data, but not by such OTTs. It also said that current provisions are sufficient to protect data that operators have or carry in respect of the telecom subscribers, thus obviating the need for any additional mandate for the TSPs per se.
Idea has also underscored the need for an overarching framework that comprehensively addresses the definition of personal data and its protection mechanism, and goes beyond the operators to include all entities in the digital ecosystem involved in collection, processing and usage of personal data. For data that is “anonymised or aggregated” and cannot be used to identify a person directly or indirectly, there should not be a requirement for any user consent, it has said.
Seeking a regulatory parity, Idea said it is only appropriate that OTT players be “urgently” brought under a suitable framework that imposes same obligations applicable to telecom firms in respect of data security, protection, privacy and confidentiality. The Internet Freedom Foundation – which is a non-profit organisation formed by members of the SaveTheInternet.in campaign for net neutrality – has termed the present data protection requirements as being “inadequate and completely deficient” especially in the context of telecom subscribers.
“Given large amounts of personal data are transmitted through smartphones, in addition the existing regulations, a comprehensive legislation needs to be made following the principles of the 9-judge bench judgement (Supreme Court) on the right to privacy,” it said. The Foundation also urged the TRAI to start a public consultation and a probe into alleged “unlawful and unconstitutional practices” regarding reported mass surveillance and service provider collection of data on mobile, internet and landline users in India.