Ikigai LawIkigai LawIkigai LawIkigai Law
  • About Us
    • About
    • Our Team
    • FinTales
    • Tech Ticker
  • Practice Areas
  • Blog
  • News & Events
    • Ikigai Law in the news
    • Ikigai Law at events
    • Ikigailaw on the social media
  • Careers

Stakeholders’ responses to the TRAI privacy consultation paper (Part V of XII): Technology-enabled audit mechanism

    Home Data Governance Stakeholders’ responses to the TRAI privacy consultation paper (Part V of XII): Technology-enabled audit mechanism
    NextPrevious

    Stakeholders’ responses to the TRAI privacy consultation paper (Part V of XII): Technology-enabled audit mechanism

    By Ikigai Law | Data Governance | 0 comment | 9 March, 2018 | 3

    This is the fifth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, and Ownership of the Data in the Telecom Sector (Consultation Paper) published by the Telecom Regulatory Authority of India (TRAI) on 9th August, 2017.

    In order to address key data privacy and security issues, the TRAI framed twelve (12) questions and invited comments to these questions. In total, fifty-three (53) stakeholders submitted detailed responses. Comments of all stakeholders are available here. Our comments to the Consultation Paper are available here.

    The mapping of stakeholders’ opinion, and the analysis of such mapping, is based on the interpretation of all the responses to the Consultation Paper. A few details may have been lost during the interpretation of the responses. All suggestions, requests, and comments, to rectify any such omission(s) or error(s) in this exercise, are duly invited.

    “Q. 4 Given the fears related to abuse of this data, is it advisable to create a technology enabled architecture to audit the use of personal data, and associated consent? Will an audit-based mechanism provide sufficient visibility for the government or its authorized authority to prevent harm? Can the industry create a sufficiently capable workforce of auditors who can take on these responsibilities?”.

    The concerns in relation to the creation of a technology enabled audit mechanism, raised by stakeholders in their responses to abovementioned question 4 of the Consultation Paper, broadly relate to the effects of such a mechanism on innovation and ease of doing business, economic costs and its effectiveness in resolving concerns of abuse of user data.

    The following table projects the stance of the stakeholders on whether a technology enabled architecture ought to be created to audit the use of personal data and associated content.

    Stakeholders Yes, a technology enabled architecture should be created to audit the use of personal data and associated content

    (24)

    Yes, but only if it is industry driven

    (2)

    No, a technology enabled architecture should not be created to audit the use of personal data and associated content

    (18)

    No response

    (9)

    Industry Associations – 16*

    (IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT)

    4

    COAI

    ISPAI

    ISACA

    ISPIRT

    1

    GSMA

    9

    IAMAI

    ACTO

    ASSOCHAM

    USISPF

    ITI

    USIBC

    BSA

    EBG

    BIF

    2

    NASSCOM-DSCI

    ACT

    Telecom Service Providers (TSPs) – 10**

    (AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, Reliance Communications Ltd., TTL, BSNL, Telenor, Vodafone)

    5

    RJIL

    Airtel

    Idea

    MTNL

    BSNL

    0 4

    AT&T

    TTL

    Telenor

    Vodafone

    1

    Reliance Communications

    Companies/Firms – 12

    (SPAN Technologies, TRA, Zeotap Pvt. Ltd., IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph)

    4

    Zeotap

    Exotel

    Citibank

    Redmorph

    1

    KOAN

    3

    IBM

    MakeMyTrip

    Mozilla

    4

    SPAN

    TRA

    Sigfox

    Disney India

    Civil Society Organisations/ Think Tanks – 12***

    (NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF)

    9

    NLUD

    Takshashila

    IDP

    CIS

    ITfC

    SFLC

    FCSO

    CUTS

    CGS

    0 2

    Access Now

    IFF

    1

    CPA

    Individuals – 3

    (Sangeet Sindan, Baijayant Jay Panda, Apurv Jain)

    2

    Sangeet

    Baijayant Jay Panda

    0 0 1

    Apurv Jain

     

    *Industry Associations: IAMAI – Internet & Mobile Association of India, ACTO – Association Of Competitive Telecom Operators, ACT – Association for Competitive Technology, ASSOCHAM – Associated Chambers of Commerce and Industry of India, COAI – Cellular Operators Association of India, GSMA – Groupe Speciale Mobile Association, ISPAI – Internet Service Providers Association of India, NASSCOM-DSCI – National Association of Software and Services Companies – Data Security Council of India, USISPF – U.S. India Strategic Partnership Forum, ITI – Information Technology Industry Council, USIBC – US India Business Council, BSA – Business Software Alliance, EBG – European Business Group Federation, BIF – Broadband India Forum, ISACA – Information Systems Audit and Control Association, iSPIRIT – Indian Software Product Industry Round Table.

    **Telecom Service Providers: AT&T Global Network Services India Pvt. Ltd., RJIL – Reliance Jio Infocomm Limited, MTNL – Mahanagar Telephone Nigam Limited, TTL – Tata Teleservices Limited, BSNL – Bharat Sanchar Nigam Limited.

    ***Civil Society Organisations/ Think Tanks: NLUD – National Law University, Delhi,  IDP – Internet Democracy Project, CIS – The Centre for Internet & Society, ITfC – IT for Change, SFLC – Software Freedom Law Centre, FCSO – Federation of Consumer and Service Organization, CUTS – Consumer Unity and Trust Society, CGS – Consumer Guidance Society, CPA – Consumer Protection Association, IFF – Internet Freedom Foundation.

    The following table projects the stance of the stakeholders on whether an audit-based mechanism provides sufficient visibility for the government or its authorized authority to prevent harm.

    Stakeholders Yes, it will provide sufficient visibility for the government or its authorized authority to prevent harm

    (11)

    No, it will not provide sufficient visibility for the government or its authorized authority to prevent harm

    (3)

    No response

    (39)

    Industry Associations – 16

    (IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT)

    1

    ISPIRT

    1

    USIBC

    14

    ACT

    ACTO

    ASSOCHAM

    BIF

    BSA

    COAI

    EBG

    GSMA

    IAMAI

    ISACA

    ISPAI

    ITI

    NASSCOM-DSCI

    USISPF

    Telecom Service Providers (TSPs) – 10

    (AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, Reliance Communications Ltd., TTL, BSNL, Telenor, Vodafone)

    2

    Reliance Communications

    RJIL

    0 8

    Airtel

    AT&T

    BSNL

    Idea

    MTNL

    TTL

    Telenor

    Vodafone

    Companies/Firms – 12

    (SPAN Technologies, TRA, Zeotap Pvt. Ltd., IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph)

    3

    Citibank

    MakeMyTrip

    Sigfox

    2

    Exotel

    Mozilla

    7

    Disney India

    IBM

    KOAN

    Redmorph

    SPAN

    TRA

    Zeotap

    Civil Society Organisations/ Think Tanks – 12

    (NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF)

    5

    CGS

    CPA

    SFLC

    Takshashila

    CIS

    0 7

    Access Now

    CUTS

    FCSO

    IDP

    IFF

    ITfC

    NLUD

    Individuals – 3

    (Sangeet Sindan, Baijayant Jay Panda, Apurv Jain)

    0 0 3

    Apurv Jain

    Baijayant Jay Panda

    Sangeet

     

    The following table projects the stance of the stakeholders on whether the industry can create a sufficiently capable workforce of auditors who can participate in technology enabled architecture to audit the use of personal data, and associated consent

    Stakeholders Yes, the industry can create a sufficiently capable workforce of auditors who can take on these responsibilities

    (14)

    No, the industry cannot create a sufficiently capable workforce of auditors who can take on these responsibilities

    (2)

    It is unnecessary for the industry to create a sufficiently capable workforce of auditors who can take on these responsibilities

    (2)

    No response

    (35)

    Industry Associations – 16

    (IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT)

    2

    ISACA

    ISPIRT

    0 0 14

    ACT

    ACTO

    ASSOCHAM

    BIF

    BSA

    COAI

    EBG

    GSMA

    IAMAI

    ISPAI

    ITI

    NASSCOM-DSCI

    USIBC

    USISPF

    Telecom Service Providers (TSPs) – 10

    (AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, Reliance Communications Ltd., TTL, BSNL, Telenor, Vodafone)

    4

    BSNL

    MTNL

    Reliance Communications

    RJIL

    1

    Telenor

    0 5

    Airtel

    AT&T

    Idea

    TTL

    Vodafone

    Companies/Firms – 12

    (SPAN Technologies, TRA, Zeotap Pvt. Ltd., IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph)

    3

    Citibank

    KOAN

    Zeotap

    1

    Mozilla

    2

    IBM

    MakeMyTrip

    6

    Disney India

    Exotel

    Redmorph

    Sigfox

    SPAN

    TRA

    Civil Society Organisations/ Think Tanks – 12

    (NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF)

    3

    CPA

    SFLC

    Takshashila

    0 0 9

    Access Now

    CGS

    CUTS

    FCSO

    IDP

    IFF

    ITfC

    NLUD

    CIS

    Individuals – 3

    (Sangeet Sindan, Baijayant Jay Panda, Apurv Jain)

    2

    Baijayant Jay Panda

    Sangeet

    0 0 1

    Apurv Jain

     

    INSIGHTS

    • Creation of a technology enabled architecture to audit the use of personal data and associated content:
      • 3% of all stakeholders opined that a technology enabled architecture should be created to audit the use of personal data and associated content.
      • 34% of all stakeholders stated that a technology enabled architecture should not be created to audit the use of personal data and associated content.
      • 8% of all stakeholders said that a technology enabled architecture should be created to audit the use of personal data and associated content, but only if it is an industry driven solution and not a government solution.
      • 17% of all stakeholders did not address this issue or failed to do so in a clear manner.
      • 25% of the industry associations, 50% of the TSPs, 33.33% of the companies/firms, 75% of the civil society organisations/think tanks and 66.67% of the individuals agreed that a technology enabled architecture should be created to audit the use of personal data and associated content.
      • 25% of the industry associations, 40% of the TSPs, 25% of the companies/firms and 16.67% of the civil society organisations/think tanks were against the creation of a technology enabled architecture to audit the use of personal data and associated content.

    • VIsibility provided to the government or its authorized authority, as a result of the creation of a technology enabled audit mechanism, to prevent harms:
      • 8% of all stakeholders stated that a technology enabled architecture will provide sufficient visibility to the government or its authorized authority to prevent harms.
      • 7% of all stakeholders opined that a technology enabled architecture will fail to provide sufficient visibility to the government or its authorized authority to prevent harms.
      • 6% of all stakeholders did not address this issue or failed to do so in a clear manner.
      • 25% of the industry associations, 20% of the TSPs, 25% of the companies/firms and 41.67% of the civil society organisations/think tanks said that a technology enabled architecture will provide sufficient visibility to the government or its authorized authority to prevent harms.
      • 25% of the industry associations and 16.67% of the companies/firms said that a technology enabled architecture will not provide sufficient visibility to the government or its authorized authority to prevent harms.

     

    • Capacity of the industry to create a sufficiently capable workforce of auditors who can take on these responsibilities:
      • 4% of all stakeholders said that the industry can create a sufficiently capable workforce of auditors who can take on these responsibilities.
      • 8% of all stakeholders opined that the industry cannot create a sufficiently capable workforce of auditors who can take on these responsibilities.
      • 8% of all stakeholders stated that the creation a sufficiently capable workforce of auditors who can take on these responsibilities is unnecessary.
      • 66% of all stakeholders did not address this issue, or failed to do so in a clear manner.
      • 5% of the industry associations, 40% of the TSPs, 25% of the companies/firms, 25% of the civil society organisations/think tanks and 66.67% of the individuals agreed that the industry can create a sufficiently capable workforce of auditors who can take on these responsibilities.
      • Amongst the companies/firms, 8.33% opined that the industry cannot create a sufficiently capable workforce of auditors who can take on these responsibilities and 16.67% said that the creation a sufficiently capable workforce of auditors who can take on these responsibilities is unnecessary.

    Detailed Mapping of Responses

    A detailed mapping of the responses of all the fifty-three (53) stakeholders, including the stances of the stakeholders, their response to question four (4) of the Consultation Paper and the suggestions they have made to the TRAI in view of the question, is available here.

     

    [This post is authored by Sushma S. Babu, a fourth year undergraduate student of HNLU, Raipur, under the guidance of Pushan Dwivedi (Associate, TRA) during her internship with TRA].

    Audit-Based Mechanism, Auditors, Consultation, Consultation Paper, Data Controllers, Data Protection, Data Subjects, Government, Ikigai Law, Indian government, Privacy, Recommendation, Srikrishna Committee, Stakeholders, Tech Policy, Technology Enabled Architecture, TRAI

    Ikigai Law

    More posts by Ikigai Law

    Related Post

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part XII of XII): Technological solutions to monitor compliance

      By Ikigai Law | 0 comment

      This is the twelfth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part XI of XII): Parity in the data protection norms between TSPs and other communication service providers

      By Ikigai Law | 0 comment

      This is the eleventh post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part X of XII): Safety and security of telecommunications infrastructure and digital ecosystem

      By Ikigai Law | 0 comment

      This is the tenth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    • Stakeholders’ Responses to the TRAI Privacy Consultation Paper: Part IX of XII – Key Issues Pertaining to Encouraging the Creation of New Data Based Businesses

      By Ikigai Law | 0 comment

        This is the ninth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security,Read more

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part VIII of XII): Key issues pertaining to personal data collection and use

      By Ikigai Law | 0 comment

      This is the eighth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    Leave a Comment

    Cancel reply

    Your email address will not be published. Required fields are marked *

    NextPrevious

    Tags

    #DataProtection #Fintales bitcoin Blockchain Budget Consent Consultation Consultation Paper cryptocurrency data Data Controllers data governance Data localisation Data Protection Data Subjects digital economy Digital India Drones E-Commerce Facebook Fintech Government Government of India healthtech Ikigai Law India Indian government Innovation MeITY Notice Payments Personal Data policy Privacy RBI Recommendation Regulation Srikrishna Committee Stakeholders Startups Surveillance Technology Tech Policy TechTicker TRAI

    Connect with Ikigai Law

    Copyright 2018 Ikigai Law | All Rights Reserved             

    Information

    • Practice Areas
    • Blog
    • Careers
    • Contact Us
    • Privacy Policy

    Contact us

    Office
    T-7/402, Commonwealth Games Village Apartment,
    New Delhi, Delhi 110092 India.

    Email Address

    contact@ikigailaw.com

    • About Us
      • About
      • Our Team
      • FinTales
      • Tech Ticker
    • Practice Areas
    • Blog
    • News & Events
      • Ikigai Law in the news
      • Ikigai Law at events
      • Ikigailaw on the social media
    • Careers
    Ikigai Law