Ikigai LawIkigai LawIkigai LawIkigai Law
  • About Us
    • About
    • Our Team
    • FinTales
    • Tech Ticker
  • Practice Areas
  • Blog
  • News & Events
    • Ikigai Law in the news
    • Ikigai Law at events
    • Ikigailaw on the social media
  • Careers

Stakeholders’ responses to the TRAI privacy consultation paper (Part IV of XII): Rights, responsibilities, regulation and governance of data controllers

    Home Data Governance Stakeholders’ responses to the TRAI privacy consultation paper (Part IV of XII): Rights, responsibilities, regulation and governance of data controllers
    NextPrevious

    Stakeholders’ responses to the TRAI privacy consultation paper (Part IV of XII): Rights, responsibilities, regulation and governance of data controllers

    By Ikigai Law | Data Governance | 0 comment | 5 March, 2018 | 3

     

    This is the fourth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, and Ownership of the Data in the Telecom Sector (Consultation Paper) published by the Telecom Regulatory Authority of India (TRAI) on 9th August, 2017.

    In order to address key data privacy and security issues, the TRAI framed twelve (12) questions and invited comments to these questions. In total, fifty-three (53) stakeholders submitted detailed responses. Comments of all stakeholders are available here. Our comments to the Consultation Paper are available here.

    The mapping of stakeholders’ opinion, and the analysis of such mapping, is based on the interpretation of all the responses to the Consultation Paper. A few details may have been lost during the interpretation of the responses. All suggestions, requests, and comments, to rectify any such omission(s) or error(s) in this exercise, are duly invited.

    “Q.3 What should be the Rights and Responsibilities of the Data Controllers? Can the Rights of Data Controller supersede the Rights of an Individual over his/her Personal Data? Suggest a mechanism for regulating and governing the Data Controllers”.

    The concerns in relation to the rights, responsibilities and governance of the data controllers, raised by stakeholders in their responses to abovementioned question 3 of the Consultation Paper, broadly correspond to the issues raised in part III and part IV of the White Paper of the Committee of Experts on a Data Protection Framework for India (White Paper). Part III engaged with a number of issues on the rights and responsibilities of the data controllers including permissible grounds of processing, such as consent and legitimate purpose, necessity and design of notice, and international practices. Part IV dealt with a diverse range of issues in relation to accountability and enforcement tools including voluntary and co-regulatory models of regulation, establishment and functioning of data protection authority and codes of practice. The mapping of stakeholders’ opinion, and the analysis of such mapping, has been conducted in context of the issues raised under Part III and part IV of the White Paper, particularly the concerns related to the rights and responsibilities of the data controllers, prioritization of rights of the data subject, and effective accountability and enforcement tools.

    The following table projects the stance of the stakeholders on whether the rights of data controller should supersede the rights of an individual over his/her personal data?

    No one set of rights may supercede the other (1) Rights of the data controller cannot supercede the rights of the individual over his/her personal data (16) There exists no conflict between the rights of the data controller and the individual over his/her personal data (3) Rights of the data controller may supercede the rights of the individual over his/her personal data only in certain circumstances including for reasons of national security, public interest, and maintenance of law and order (11)
    Industry Associations – 16*

    (IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT)

    1

    ASSOCHAM

    2

    GSMA

    ISPAI

    3

    USISPF

    EBG

    BIF

    2

    IAMAI

    ISACA

    Telecom Service Providers (TSPs) – 10**

    (AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, Reliance Communications Ltd., TTL, BSNL, Telenor, Vodafone)

    __ 4

    Airtel

    MTNL

    TTL

    BSNL

    __ 5

    RJIL

    Idea

    RCOM

    Telenor

    Vodafone

    Companies/Firms – 12

    (SPAN Technologies, TRA,  Zeotap Pvt. Ltd.,  IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph)

    __ 6

    Zeotap

    Sigfox

    Exotel

    IFF

    Mozilla

    Citibank

    __ __
    Civil Society Organisations/ Think Tanks – 12***

    (NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF)

    __ 3

    NLUD

    ITfC

    CPA

    __ 4

    IDP

    CIS

    SFLC

    CUTS

    Individuals – 3

    (Sangeet Sindan, Redmorph, Baijayant Jay Panda)

     

    __ 1

    Baijayant Jay Panda

    __ __

     

    *Industry Associations: IAMAI – Internet & Mobile Association of India, ACTO – Association Of Competitive Telecom Operators, ACT – Association for Competitive Technology, ASSOCHAM – Associated Chambers of Commerce and Industry of India, COAI – Cellular Operators Association of India, GSMA – Groupe Speciale Mobile Association, ISPAI – Internet Service Providers Association of India, NASSCOM-DSCI – National Association of Software and Services Companies – Data Security Council of India, USISPF – U.S. India Strategic Partnership Forum, ITI – Information Technology Industry Council, USIBC – US India Business Council, BSA – Business Software Alliance, EBG – European Business Group Federation, BIF – Broadband India Forum, ISACA – Information Systems Audit and Control Association, iSPIRIT – Indian Software Product Industry Round Table.

    **Telecom Service Providers: AT&T Global Network Services India Pvt. Ltd., RJIL – Reliance Jio Infocomm Limited, MTNL – Mahanagar Telephone Nigam Limited, TTL – Tata Teleservices Limited, BSNL – Bharat Sanchar Nigam Limited.

    ***Civil Society Organisations/ Think Tanks: NLUD – National Law University, Delhi,  IDP – Internet Democracy Project, CIS – The Centre for Internet & Society, ITfC – IT for Change, SFLC – Software Freedom Law Centre, FCSO – Federation of Consumer and Service Organization, CUTS – Consumer Unity and Trust Society, CGS – Consumer Guidance Society, CPA – Consumer Protection Association, IFF – Internet Freedom Foundation.

     

    The following table projects the stances of all the stakeholders to predominant issues concerning the governance of the data controllers.

    As much data must be collected and processed as is necessary for the specified purpose. Further consent needn’t be obtained from the data subject to use/process/share anonymized data sets. Distinguish between data controllers and data processors in terms of their definitions, roles, responsibilities and liabilities.
    Industry Associations – 16

    (IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT)

    6

    ACTO

    COAI

    NASSCOM-DSCI

    ISACA

    USISPF

    iSPIRT

    4

    COAI

    iSPIRT

    USIBC

    EBG

    8

    IAMAI

    NASSCOM-DSCI

    USISPF

    ITI

    USIBC

    BSA

    EBG

    BIF

    Telecom Service Providers (TSPs) – 10

    (AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, Reliance Communications Ltd., TTL, BSNL, Telenor, Vodafone)

    5

    Idea

    MTNL

    RCOM

    TTL

    BSNL

    4

    RJIL

    Idea

    RCOM

    Vodafone

    2

    RJIL

    Telenor

    Companies/Firms – 12

    (SPAN Technologies, TRA,  Zeotap Pvt. Ltd.,  IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph)

    6

    Make My Trip

    Access Now

    Exotel

    KOAN

    Mozilla

    Citibank

    __ 2

    Make My Trip

    KOAN

    Civil Society Organisations/ Think Tanks – 12

    (NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF)

    4

    NLUD

    CIS

    SFLC

    CGS

    2

    Takshashila Institution

    IDP

    1

    IDP

     INSIGHTS

     Can the rights of data controller supersede the rights of an individual over his/her personal data?

    • 1% of all the stakeholders stated that the rights of the data controller cannot supercede the rights of an individual over his/her personal data.
    • 7% of all the stakeholders, all of them industry associations, stated that there was no conflict between the rights of the data controller and the rights of an individual over his/her personal data.
    • 7% of all the stakeholders stated that the rights of the data controller can in certain circumstances, for reasons of national security, public interest, maintenance of law and order, etc., supercede the rights of an individual over his/her personal data.
    • 8% of the stakeholders, i.e., one (1) stakeholder— ASSOCHAM, stated that no one set of rights should be seen as superseding or obtaining precedence over another.
    • 5% of the industry associations, 40% of the telecom service providers (TSPs), 25% civil society organisations/think tanks and 50% of the companies/firms stated that the rights of the data controller cannot supercede the rights of an individual over his/her personal data.
    • 5% of the industry associations, 50% of the telecom service providers (TSPs) and 33.33% of civil society organisations/ think tanks stated that the rights of the data controller can in certain circumstances, including for reasons of national security, public interest, maintenance of law and order, supercede the rights of an individual over his/her personal data.
    • 75% of the industry associations stated that there was no conflict between the rights of the data controller and the rights of an individual over his/her personal data.

    Can the rights of data controller supersede the rights of an individual over his/her personal data?

     Other Trends

    • 62% of all stakeholders, comprising of 50% of the companies/firms and TSPs, 37.5% of the industry associations and 33.33% of the civil society organisations/think tanks, agreed that only as much data must be collected and processed as is necessary for the specified purpose.
    • 87% of all stakeholders, including 40% of TSPs, 16.67% of civil society organisations/ think tanks and 25% of the industry associations opined that further consent needn’t be obtained from the data subject to use/process/share anonymized data sets. Airtel (TSP) and ISPAI (industry association) stated that data sets, even when anonymized, may not be used/processed/shared without the data subject’s consent.
    • 5% of all stakeholders, comprising of 50% of industry associations, 20% of TSPs, 16.66% of companies/firms and 8.3% of civil society organisations/think tanks, said that there needs to be a distinction between data controllers and data processors in terms of their definitions, roles, responsibilities and liabilities.

     

    Detailed Mapping of Responses

     A detailed mapping of the responses of all the fifty-three (53) stakeholders, including the stances of the stakeholders, their response to question three (3) of the Consultation Paper and the suggestions they have made to the TRAI in view of the question, is available here.

     

    [This post is authored by Sushma S. Babu, a fourth year undergraduate student of HNLU, Raipur, under the supervision of Pushan Dwivedi (Associate, TRA) during her internship with TRA].

     

    Consultation, Consultation Paper, Data Controllers, Data Protection, Data Subjects, Government, Ikigai Law, Indian government, Privacy, Recommendation, Responsibilities of Data Controllers, Srikrishna Committee, Stakeholders, Tech Policy, TRAI

    Ikigai Law

    More posts by Ikigai Law

    Related Post

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part XII of XII): Technological solutions to monitor compliance

      By Ikigai Law | 0 comment

      This is the twelfth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part XI of XII): Parity in the data protection norms between TSPs and other communication service providers

      By Ikigai Law | 0 comment

      This is the eleventh post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part X of XII): Safety and security of telecommunications infrastructure and digital ecosystem

      By Ikigai Law | 0 comment

      This is the tenth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    • Stakeholders’ Responses to the TRAI Privacy Consultation Paper: Part IX of XII – Key Issues Pertaining to Encouraging the Creation of New Data Based Businesses

      By Ikigai Law | 0 comment

        This is the ninth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security,Read more

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part VIII of XII): Key issues pertaining to personal data collection and use

      By Ikigai Law | 0 comment

      This is the eighth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    Leave a Comment

    Cancel reply

    Your email address will not be published. Required fields are marked *

    NextPrevious

    Tags

    #DataProtection #Fintales bitcoin Blockchain Budget Consent Consultation Consultation Paper cryptocurrency data Data Controllers data governance Data localisation Data Protection Data Subjects digital economy Digital India Drones E-Commerce Facebook Fintech Government Government of India healthtech Ikigai Law India Indian government Innovation MeITY Notice Payments Personal Data policy Privacy RBI Recommendation Regulation Srikrishna Committee Stakeholders Startups Surveillance Technology Tech Policy TechTicker TRAI

    Connect with Ikigai Law

    Copyright 2018 Ikigai Law | All Rights Reserved             

    Information

    • Practice Areas
    • Blog
    • Careers
    • Contact Us
    • Privacy Policy

    Contact us

    Office
    T-7/402, Commonwealth Games Village Apartment,
    New Delhi, Delhi 110092 India.

    Email Address

    contact@ikigailaw.com

    • About Us
      • About
      • Our Team
      • FinTales
      • Tech Ticker
    • Practice Areas
    • Blog
    • News & Events
      • Ikigai Law in the news
      • Ikigai Law at events
      • Ikigailaw on the social media
    • Careers
    Ikigai Law