Parliamentary Panel Flags Privacy Concern In Telecom Cybersecurity Norms

A parliamentary panel report tabled in the Rajya Sabha on Thursday flagged privacy concerns on telecom cyber security rules and recommended that the Department of Telecom finetune it. A report on The Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024 and Telecommunications (Telecom Cyber Security) Rules, 2024 by the Committee on Subordinate Legislation observed vague terms in the rules and recommended that they be clearly defined.

The panel chaired by Rajya Sabha member Milind Deora said the provision that allows government to collect traffic data and 'any other data' from telecom operators is 'quite broad in scope and can raise potential for privacy violations'.

"In this regard the committee recommends that the Department should explicitly define the categories of data permissible for collection, limiting it to what is strictly necessary for telecom cybersecurity," the report said.

The panel observed that the term 'fraudulent' used in the telecom cyber security rules is too broad, lacks a clear definition, and raises concerns about who determines whether a message is fraudulent, noting that innocent individuals may unknowingly forward such messages.

"In view of this, the committee recommends that to address concerns about the broadness of the term 'fraudulent' and risks to innocent senders, the DoT may take necessary action to explicitly define the term, establish clear criteria and processes for determining fraudulence, and provide robust support for telecommunication entities and users in this regard," the report said.