India’s telecom regulator has deemed the country’s personal data protection framework as inadequate and recommended stricter rules to tackle breaches.
The Telecom Regulatory Authority of India (TRAI) also said entities controlling and processing user data do not have primary rights over that data.
The recommendations on privacy, security and ownership of data were provided to the federal government’s Department of Telecommunications, which drafts the final policy on these matters.
“All entities in the digital eco-system, which control or process the data, should be restrained from using metadata to identify the individual users,” TRAI said in a statement.
It recommendeda study to formulate standards for de-identification of personal data generated in the digital ecosystem, andasked the government for a policy framework on the regulation of devices, operation systems, browsers and applications, among other things.
The TRAI recommendations come in the aftermath of the data breach controversy at social media behemoth Facebook Inc., which saw millions of users’ data improperly accessed by political consultancy Cambridge Analytica to support US President Donald Trump’s 2016 election campaign.
Also, the European Union in May brought into effect new privacy regulations in the bloc, forcing companies to be more attentive to how they handle customer data, while bringing consumers new ways to control their data and tougher enforcement of existing privacy rights.