Clipped from: https://www.thehindubusinessline.com/opinion/editorial/validation-concerns/article69909952.ece
Draft mobile number validation norms need review
MNV: Data concerns | Photo Credit: ipopba
The Department of Telecommunications’ (DoT) proposed amendments to the Telecom Cybersecurity Rules, 2024, mark a pivotal moment in India’s digital governance. By introducing a new category of entities — Telecom Identifier User Entities (TIUEs) — the draft rules aim to tighten cybersecurity and combat digital fraud through a government-run Mobile Number Validation (MNV) platform. While the intention is noble, the framework raises concerns around privacy, due process, and costs.
At the heart of the proposal is the MNV platform, designed to authenticate users by matching mobile numbers against telecom databases. This is meant to reduce impersonation, secure online transactions, and support national cybersecurity. But the platform, by design, centralises user data, potentially enabling unprecedented access for the government and telecom providers to detailed information about individuals and businesses. In the absence of clear limits on data use, retention, or safeguards, this could lead to misuse or even surveillance. More troubling is the opacity around what kind of data TIUEs will receive from the MNV system. Will it be limited to basic mobile-number validation or will it provide richer Know Your Customer (KYC) data? Without clarity, there is a risk of excessive and unnecessary data sharing that threatens the constitutional right to privacy, upheld by the Supreme Court in KS Puttaswamy vs Union of India (2017). The judgment says that any restriction on privacy must meet the test of necessity, proportionality, and legal oversight. These criteria are missing from the draft rules.
Additionally, the denial of services through invalidation of mobile numbers raises due process concerns. If a legitimate user is flagged wrongly, there appears to be no stated way to contest or correct it. Worse still, the burden of proof falls squarely on the user to prove s/he is the rightful owner of a number. In a country where mobile phones are often shared among family members, especially women and those in low-income groups, such rigidity could deny legitimate users access to essential services, deepening digital exclusion if not harassment by state agencies.
The economic impact is sobering. The per-request validation charges, ₹1.50 for government-mandated checks and ₹3 for voluntary ones, can accumulate rapidly for large platforms. These costs are likely to be passed on to users or cut into innovation budgets, especially for smaller firms. Far from fostering digital inclusion, this framework could discourage new entrants in the tech ecosystem. Without tight controls, the MNV system could be gamed by bad actors posing as TIUEs and purchasing sensitive user data under the garb of verification. The absence of guardrails — consent, audit trails, explicit limitation of purpose, and strong eligibility checks — poses a problem. The final rules must include user notification protocols, an appeal mechanism, stringent limits on data use and a transparent governance framework for MNV.
Published on August 8, 2025
aniltikotekar4sme.com 