He says that the SPDI can include, but is not limited to, genetic data, biometric data, racial or ethnic origin, religious and philosophical beliefs and, as mentioned above, political opinion and sexual orientation. It of course collects more types of data, such as financial (related to invoicing, etc.) and physiological (related to the personalization of the products and services offered). But these are more or less acceptable, even if they are not the subject of a general consensus. And call details, browsing history and location data are acquired.
Lawyer and cybersecurity expert Prashant Mali says user data such as sexual orientation and even political opinion falls within the definition of SPDI under section 43A of the Security Technologies Act. information (2000); and their collection, storage and treatment are in full compliance with the rules. “However, if one feels violated, they can sue Airtel for damages up to Rs. 5 crores before the Adjudication Officer, ie the Principal Secretary (IAS) of the State ”, specifies Mali.
Airtel and its third parties (i.e. subcontractors, suppliers and consultants) collect, store and process user data as misunderstanding for his services. The “Agree and Continue” that you often come across is your consent. Users have the option of not accepting it or withdrawing consent later. But Airtel will quickly withdraw its services thereafter.
The policy states that it may also transfer users’ personal information to companies both within and outside India, however clarifying that all entities handling user data agree to follow Airtel’s guidelines for “management. , the treatment and secrecy of personal information ”. There is another document which details what the promise entails.
The Center for Internet and Society, in a 2015 study of the privacy policies of telecommunications companies, notes that Airtel’s policy is clear and easy to understand, but adds that “the policy could be more transparent and specific. on matters relating to the purpose of collecting information as well as deleting information ”. Their observation is true even after Airtel’s policy update last week.
Legal validity does not negate the worry that users may have.
“The policy itself currently collects excessive and incredibly personal data that is unrelated to the provision of telecommunications services,” says Apar Gupta, executive director of the Internet Freedom Foundation.
The IFF specifically studies the policies of telecommunications companies and engages with them and government authorities, such as the Department of Telecommunications (DOT), to strengthen privacy laws.
“Current legal rules set a very low threshold for the protection of personal information and in any case this section is rarely enforced,” Gupta adds.
India currently lacks an appropriate legislative framework regarding user privacy
Gupta says the DOT, as part of its legislative mandate, can step in to ensure user privacy. The personal data protection bill may also increase the level of user consent. Currently, “click and continue” leaves users with fewer options. But there is absolutely no clarity on how the bill will be implemented. It appears that more outrage is needed to push the government to put in place a landmark bill ensuring privacy of use, which in turn will hold companies accountable.
Comments requested from Airtel regarding user privacy concerns on Twitter had not been received at the time of writing.