Some apps are ridiculously collecting more-than-required data and the customers are unaware of what is being done with it, he said.
“For Aadhar enrollment, we collect just four set of data – your name, date of birth and your communication address. Nothing more, nothing less. Similarly every app must collect as much data as is required,” Sharma mentioned in a media interview.
“Data minimisation should be one of the principles just as Unique Identification Authority of India (UIDAI) adopts to collect data of people,” he said.
TRAI had noted that the existing framework of data protection of telecom consumers is “not sufficient” and that all entities in the digital ecosystem which handle personal data should be brought under a data protection framework.
Asked whether the DoT has powers to create rules or regulations proposed by TRAI, Sharma said it is for the government to decide.
Asked whether TRAI has power to implement such rules before the government legislates them, Sharma said he has the jurisdiction to protect consumers’ interest in telecom sector.
Sharma said, there is regulatory imbalance because these entities are not following any law and till the government comes up with a broad framework, it is but prudent to apply telecom rules on them.
Replying to a query, Sharma said TRAI is not for applying same encryption standards for different sectors including telecom or Aadhar.
“There are different rules for different sectors. For example in telecoms, the maximum encryption is proposed to be 40 bits. UIDAI has highest level of encryption where it is 2048 bits. So, what we are saying is that probably there is a need to have a general policy on encryption and we are not saying that we should apply same encryption standard,” he said.
Sharma said the encryption standard should be proportional to the security that needs to be achieved.