Why OTT services need to be regulated

Pralok Gupta | Updated on October 08, 2020

In the absence of regulation, users’ right to privacy may be endangered and most of the gains are likely to be appropriated by digital giants because of their monopoly power, first mover advantage and deep pockets

The Telecom Regulatory Authority of India (TRAI) has come out with its recommendations on Regulatory Framework for Over-the-Top (OTT) Communication Services. OTT communications include services provided by WhatsApp, Facebook messenger, iMessage, Skype, etc. TRAI recommended that regulatory interventions are not required in respect of issues related with privacy and security of OTT services at the moment.


Though these recommendations are only for OTT communication services similar to services provided by telecom service providers, they may have implications for individuals’ privacy at large. In this context, it is pertinent to recall the 2017 landmark judgment in which the Supreme Court said that right to privacy is a fundamental right. The judgment also covered privacy issues in the context of technological development and use of data by private players generated by individuals actively or passively on internet.

Justice Sanjay Kishan Kaul in his judgment on this case wrote that the right to privacy could be endangered both by state and non-state actors. Social network providers, search engines, e-mail service providers, messaging applications are examples of non-state actors. Due to technological developments, not only the state but also big corporations and private entities can behave like ‘big brother’. He further wrote that there is an urgent need for regulation pertaining to storing, processing and use of information by non-state actors and state intervention may be required for enforcing claims against non-state actors.

Key observations

Two important observations could be drawn from this judgment in the context of TRAI recommendations. First, an individual’s right to privacy may be endangered by OTT communication services too. Hence, there is a need for state intervention. Second, private entities may act as ‘big brothers’. This could also imply that market forces may not always act in the interests of consumers.

On the other hand, TRAI recommends that market forces may be allowed to respond to the situation without prescribing any regulatory intervention, though it also suggested that developments shall be monitored and intervention as felt necessary shall be done at appropriate time.

There does not seem to be a universal definition of what OTT communication services are. As a result, the difference between OTT communication and non-communication services becomes thin and blurred. For instance, Facebook is a social media platform and hence may not be included on OTT communication services, but Facebook messenger provides communication services. Similarly, Google provides search engine and email services, but it also provides video call and online meeting facilities.

Thus, when an individual is using any OTT for communication services, the data gets shared with the parent company. This data can be used by the parent company for commercial purposes without explicit consent of the user, thereby affecting the user’s privacy. A report from Digital Content Next and Vanderbilt University highlighted how Google collects and collates user data without their permission or knowledge. According to the report, passive data collection (when Google is collecting data in the background) is twice the scale of active data collection (when users are directly engaging with Google products and Google services).

Data storage outside India

The OTT service providers may store personal information of the end-users in their data servers located abroad. This may lead to issues relating to data protection and national security. These issues are mentioned in the TRAI recommendation note as views of some stakeholders. Though the note also mentioned suggestions by some other stakeholders to resolve issues related to interception of OTT service providers having data outside India, this may not be easy in practice.

Not to forget, MeitY has received various complaints regarding stealing and surreptitiously transmitting users’ data by some apps in an unauthorised manner to servers located outside India. Therefore, data of Indian users residing in servers outside India is a serious issue and can endanger sovereignty and integrity of India.

The digital economy regulations including for OTT services are evolving across the world. Some countries have started formulating and implementing these regulations while some are still pondering upon the idea. India could be a torch bearer for other countries by formulating and implementing suitable regulations that facilitate development of all stakeholders of digital economy. In the absence of such regulations, most of the gains are likely to be appropriated by digital giants because of their monopoly power, first mover advantage and deep pockets.

This is precisely why there is a greater thrust on developing international rules on digital activities in various international organisations, be it WTO or G-20. The game-plan, it appears, is to have binding international rules before countries like India, with large market and growing purchasing power, can understand the true characteristics of digital economy and implement national regulations to prevent digital giants from misusing their market power.

Provisions such as free flow of cross-border data, prohibition on data localisation and source code disclosure intend to curb the policy space available to the government for imposing any restrictions on big tech companies. Therefore, the proposed e-commerce rules at the WTO would undermine the ability of the government to secure citizens’ privacy against unauthorised or unlawful collection or processing of users’ data.

Thus, considering the interplay between OTT communication and non-communication services, the Supreme Court judgment on privacy and the recent developments at the WTO pertaining to e-commerce, there is a merit in regulating the OTT services and data collected by them to ensure citizens’ privacy. The regulations should aim at striking a balance between individual privacy and legitimate business interests of OTT service providers.

The writer is Associate Professor at the Centre for WTO Studies, IIFT, New Delhi. Views are personal

Published on October 07, 2020

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor