Stating Aadhaar's example, TRAI said other apps should also use "minimal data" (Representational)
Telecom Regulatory Authority of India or TRAI Chairman RS Sharma said on Tuesday that apps should collect minimal data just as Aadhaar regulator UIDAI does. The Unique Identification Authority of India gives a 12-digit Aadhar number to citizens by collecting "minimal data" the TRAI chief said.
Some apps are "ridiculously" collecting more-than-required data and customers are unaware of what is being done with it, he said.
"For Aadhar enrollment, we collect just four sets of data - your name, date of birth and your communication address. Nothing more, nothing less. Similarly every app must collect as much data as is required," Mr Sharma told ET Now in an interview in Bengaluru yesterday.
"Data minimisation should be one of the principles just as Unique Identification Authority of India (UIDAI) adopts to collect data of people," he said.
The Telecom Regulatory Authority of India had noted that the existing framework of data protection of telecom consumers is "not sufficient" and that all entities in the digital ecosystem which handle personal data should be brought under a data protection framework.
These recommendations are expected to have wide reaching implications for tech titans like Apple and Facebook as well as apps like Paytm.
Asked whether the Department of Telecommunications has powers to create rules or regulations proposed by TRAI, Mr Sharma said it is for the government to decide.
Asked whether the telecom regulator has power to implement such rules before the government legislates them, Mr Sharma said he has the jurisdiction to protect consumers' interest in telecom sector.
Mr Sharma said, there is regulatory imbalance because these entities are not following any law and till the government comes up with a broad framework, it is but prudent to apply telecom rules on them.
Replying to a query, Mr Sharma said TRAI is not for applying same encryption standards for different sectors including telecom or Aadhaar.
"There are different rules for different sectors. For example in telecom, the maximum encryption is proposed to be 40 bits. UIDAI has highest level of encryption where it is 2048 bits. So, what we are saying is that probably there is a need to have a general policy on encryption and we are not saying that we should apply same encryption standard," he said.
Mr Sharma said the encryption standard should be proportional to the security that needs to be achieved.