The policy said that it may transfer users’ personal information to companies both in and outside of India, but added that all entities handling users’ data agree to follow Airtel’s guidelines for the “management, treatment and secrecy of personal information”. There’s another document that details what the promise entails, according to NDTV.
When asked why it was seeking to collect such sensitive personal data, an Airtel spokesperson told BloombergQuint on October 17 that the policy mentions expansive definitions which “may not be warranted and can be misconstrued”. “We’ll re-evaluate the Policy and make necessary amends,” the spokesperson had said.
“The generic content of the definitions of what constitutes personal data as laid down by the IT Act are expansive, which had been inadvertently put on to our website,” it said. “We thank those who brought this error to our attention.”