At a press conference on 9 March , Indian cricketer Mohammed Shami’s estranged wife Hasin Jahan revealed a recording of her recent conversation with him. While the authenticity of the telephonic conversation that primarily revolved around Shami’s alleged extramarital affair could not be verified, the fact remains that recording anyone’s phone call even without an external recorder is a lot easier these days.
You only need to download an app. In fact, some phones come with an in-built call recording option, allowing users to choose to record all calls by default or record a specific call. However, what if someone records your private conversation and uploads it on a social media networking site just for fun or to deliberately embarrass you?
Besides, customer care services of various firms routinely record calls. Moreover, social media and YouTube is replete with leaked call recordings of unsuspecting users with customer care executives. In 2017, a data breach at a Florida-based marketing firm compromised 400,000 call recordings, which included customers’ names, phone numbers and credit card information. Most customer care services record conversations after they seek clients’ permission, but they don’t give them the option to agree or disagree with the recording, as most of these are automated IVR (interactive voice response) calls.
As of now, there is no mechanism which can warn people that their phone conversation is being recorded. Even the cyber laws in India do not offer clarity in such a scenario. “The safeguards that are available under privacy laws in India against call recording by individuals are not clearly defined. There is no law which makes recording a call by an individual on their device illegal. If the call is being recorded by a government agency or government, people have a distinctive right allowing them to challenge the state action and even seek compensation,” says Pavan Duggal, a leading cyberlaw expert. However, persons can seek damages by proving how the release of a pre-recorded phone conversation has affected their reputation.
“If a phone recording by a company has been leaked, users can seek damages. Also, it is high time a company’s conduct should be regulated in the context of call recordings of customers. This is an unregulated area,” he insists.
Duggal adds that even the Personal Data Protection Bill 2018 doesn’t offer much in this direction. “The concept of data protection and privacy are two separate things. Talking on the phone is not about data protection, but is more about my privacy. Legal frameworks are not at all adequate to deal with these specific scenarios,” he notes.
India could take some lessons from the General Data Protection Regulation (GDPR) in the European Union, which is regarded as the new benchmark for data protection laws world over. GDPR mandates that customer care agencies cannot record calls unless users have given a verbal consent. It also directs firms to store call records in a secure manner so no unauthorized individual can access it. Also, the data can be stored only until the purpose for which it was collected is fulfilled.