Apps should collect minimal data like UIDAI does for Aadhaar: Trai chief
Telecom Regulatory Authority of India (Trai) Chairman R S Sharma has said that apps should collect minimal data just as UIDAI does to give 12-digit Aadhaar numbers to people.
Some apps are ridiculously collecting more-than-required data and the customers are unaware of what is being done with it, he said.
"For Aadhaar enrollment, we collect just four sets of data - your name, date of birth and your communication address. Nothing more, nothing less. Similarly, every app must collect as much data as is required," Sharma told ET Now in an interview in Bengaluru on Tuesday.
"Data minimisation should be one of the principles just as Unique Identification Authority of India (UIDAI) adopts to collect data of people," he said.
Trai had noted that the existing framework of data protection of telecom consumers is "not sufficient" and that all entities in the digital ecosystem which handle personal data should be brought under a data protection framework.
These recommendations are expected to have wide-reaching implications for tech titans like Apple and Facebook as well as apps like Paytm.
Asked whether the DoT has powers to create rules or regulations proposed by Trai, Sharma said it is for the government to decide.
Asked whether Trai has the power to implement such rules before the government legislates them, Sharma said he has the jurisdiction to protect consumers' interest in the telecom sector.
Sharma said that there is a regulatory imbalance because these entities are not following any law and till the government comes up with a broad framework, it is but prudent to apply telecom rules on them.
Replying to a query, Sharma said Trai is not for applying same encryption standards for different sectors, including telecom or Aadhaar.
"There are different rules for different sectors. For example in telecoms, the maximum encryption is proposed to be 40 bits. UIDAI has the highest level of encryption where it is 2048 bits. So, what we are saying is that probably there is a need to have a general policy on encryption and we are not saying that we should apply same encryption standard," he said.
Sharma said the encryption standard should be proportional to the security that needs to be achieved.