The Telecom Regulatory Authority of India (TRAI) has come out with strong recommendations on data protection of individuals, but implementing them could be a major task, feel industry experts.

The recommendations also highlight that ‘devices should disclose the terms and conditions of use, before their sale, and that a user has the right to delete a pre-loaded app. This is not easy to implement, they said.

“In a realistic scenario data is co-created. If I punch in data, the application and forms are created by an app... In a sense (data) is co-owned,” said Faisal Kawoosa, Head - New Initiatives at CyberMedia Research (CMR).

The only thing that can be strictly adhered to is not sharing data or monetising them, without the consent of the user, he said.

Rajan Mathews, Director General, Cellular Operators Association of India (COAI), said that the implementation of the TRAI recommendations will be critical. “It (TRAI recommendations) does not talk about cross-border protection of data. It is different for different countries. So certain jurisdictions do not follow it,” he said.

Mathews also said the recommendations talk about the user having the right to own his data, but ultimately the question is what kind of personal data: Is it only name or address, or more details like location, ethnic origin, political opinion, religious beliefs, trade union activities, as in the European General Data Protection Regulation (GDPR)?

Another point is that the ‘right to be forgotten’ could raise a lot of questions amongst the law enforcement agencies because in the case of criminals, what would happen if their data are being deleted?

According to the Internet and Mobile Association of India (IAMAI), the TRAI recommendation on privacy may also affect app-based businesses.

“To formulate standards of anonymity and de-identification is akin to putting the cart before the horse, and till such time the Srikrishna (Justice BN Srikrishna committee for a data protection framework) report is out and a notification or a law is passed, making these standards would be groping in the dark,” it said.

The TRAI recommendations on privacy are premised on a voice and SMS regime. They are not meant for data driven businesses, which the app companies are, it said.

The Mobile Association (TMA) said that any entity which collects or processes user data should adopt the Blockchain technology, which will ensure greater transparency and accountability.