This is the fifth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, and Ownership of the Data in the Telecom Sector (Consultation Paper) published by the Telecom Regulatory Authority of India (TRAI) on 9th August, 2017.
In order to address key data privacy and security issues, the TRAI framed twelve (12) questions and invited comments to these questions. In total, fifty-three (53) stakeholders submitted detailed responses. Comments of all stakeholders are available here. Our comments to the Consultation Paper are available here.
The mapping of stakeholders’ opinion, and the analysis of such mapping, is based on the interpretation of all the responses to the Consultation Paper. A few details may have been lost during the interpretation of the responses. All suggestions, requests, and comments, to rectify any such omission(s) or error(s) in this exercise, are duly invited.
“Q. 4 Given the fears related to abuse of this data, is it advisable to create a technology enabled architecture to audit the use of personal data, and associated consent? Will an audit-based mechanism provide sufficient visibility for the government or its authorized authority to prevent harm? Can the industry create a sufficiently capable workforce of auditors who can take on these responsibilities?”.
The concerns in relation to the creation of a technology enabled audit mechanism, raised by stakeholders in their responses to abovementioned question 4 of the Consultation Paper, broadly relate to the effects of such a mechanism on innovation and ease of doing business, economic costs and its effectiveness in resolving concerns of abuse of user data.
The following table projects the stance of the stakeholders on whether a technology enabled architecture ought to be created to audit the use of personal data and associated content.
| Stakeholders | Yes, a technology enabled architecture should be created to audit the use of personal data and associated content
(24) |
Yes, but only if it is industry driven
(2) |
No, a technology enabled architecture should not be created to audit the use of personal data and associated content
(18) |
No response
(9) |
| Industry Associations – 16*
(IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT) |
4
COAI ISPAI ISACA ISPIRT |
1
GSMA |
9
IAMAI ACTO ASSOCHAM USISPF ITI USIBC BSA EBG BIF |
2
NASSCOM-DSCI ACT |
| Telecom Service Providers (TSPs) – 10**
(AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, Reliance Communications Ltd., TTL, BSNL, Telenor, Vodafone) |
5
RJIL Airtel Idea MTNL BSNL |
0 | 4
AT&T TTL Telenor Vodafone |
1
Reliance Communications |
| Companies/Firms – 12
(SPAN Technologies, TRA, Zeotap Pvt. Ltd., IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph) |
4
Zeotap Exotel Citibank Redmorph |
1
KOAN |
3
IBM MakeMyTrip Mozilla |
4
SPAN TRA Sigfox Disney India |
| Civil Society Organisations/ Think Tanks – 12***
(NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF) |
9
NLUD Takshashila IDP CIS ITfC SFLC FCSO CUTS CGS |
0 | 2
Access Now IFF |
1
CPA |
| Individuals – 3
(Sangeet Sindan, Baijayant Jay Panda, Apurv Jain) |
2
Sangeet Baijayant Jay Panda |
0 | 0 | 1
Apurv Jain |
*Industry Associations: IAMAI – Internet & Mobile Association of India, ACTO – Association Of Competitive Telecom Operators, ACT – Association for Competitive Technology, ASSOCHAM – Associated Chambers of Commerce and Industry of India, COAI – Cellular Operators Association of India, GSMA – Groupe Speciale Mobile Association, ISPAI – Internet Service Providers Association of India, NASSCOM-DSCI – National Association of Software and Services Companies – Data Security Council of India, USISPF – U.S. India Strategic Partnership Forum, ITI – Information Technology Industry Council, USIBC – US India Business Council, BSA – Business Software Alliance, EBG – European Business Group Federation, BIF – Broadband India Forum, ISACA – Information Systems Audit and Control Association, iSPIRIT – Indian Software Product Industry Round Table.
**Telecom Service Providers: AT&T Global Network Services India Pvt. Ltd., RJIL – Reliance Jio Infocomm Limited, MTNL – Mahanagar Telephone Nigam Limited, TTL – Tata Teleservices Limited, BSNL – Bharat Sanchar Nigam Limited.
***Civil Society Organisations/ Think Tanks: NLUD – National Law University, Delhi, IDP – Internet Democracy Project, CIS – The Centre for Internet & Society, ITfC – IT for Change, SFLC – Software Freedom Law Centre, FCSO – Federation of Consumer and Service Organization, CUTS – Consumer Unity and Trust Society, CGS – Consumer Guidance Society, CPA – Consumer Protection Association, IFF – Internet Freedom Foundation.
The following table projects the stance of the stakeholders on whether an audit-based mechanism provides sufficient visibility for the government or its authorized authority to prevent harm.
| Stakeholders | Yes, it will provide sufficient visibility for the government or its authorized authority to prevent harm
(11) |
No, it will not provide sufficient visibility for the government or its authorized authority to prevent harm
(3) |
No response
(39) |
| Industry Associations – 16
(IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT) |
1
ISPIRT |
1
USIBC |
14
ACT ACTO ASSOCHAM BIF BSA COAI EBG GSMA IAMAI ISACA ISPAI ITI NASSCOM-DSCI USISPF |
| Telecom Service Providers (TSPs) – 10
(AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, Reliance Communications Ltd., TTL, BSNL, Telenor, Vodafone) |
2
Reliance Communications RJIL |
0 | 8
Airtel AT&T BSNL Idea MTNL TTL Telenor Vodafone |
| Companies/Firms – 12
(SPAN Technologies, TRA, Zeotap Pvt. Ltd., IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph) |
3
Citibank MakeMyTrip Sigfox |
2
Exotel Mozilla |
7
Disney India IBM KOAN Redmorph SPAN TRA Zeotap |
| Civil Society Organisations/ Think Tanks – 12
(NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF) |
5
CGS CPA SFLC Takshashila CIS |
0 | 7
Access Now CUTS FCSO IDP IFF ITfC NLUD |
| Individuals – 3
(Sangeet Sindan, Baijayant Jay Panda, Apurv Jain) |
0 | 0 | 3
Apurv Jain Baijayant Jay Panda Sangeet |
The following table projects the stance of the stakeholders on whether the industry can create a sufficiently capable workforce of auditors who can participate in technology enabled architecture to audit the use of personal data, and associated consent
| Stakeholders | Yes, the industry can create a sufficiently capable workforce of auditors who can take on these responsibilities
(14) |
No, the industry cannot create a sufficiently capable workforce of auditors who can take on these responsibilities
(2) |
It is unnecessary for the industry to create a sufficiently capable workforce of auditors who can take on these responsibilities
(2) |
No response
(35) |
| Industry Associations – 16
(IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT) |
2
ISACA ISPIRT |
0 | 0 | 14
ACT ACTO ASSOCHAM BIF BSA COAI EBG GSMA IAMAI ISPAI ITI NASSCOM-DSCI USIBC USISPF |
| Telecom Service Providers (TSPs) – 10
(AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, Reliance Communications Ltd., TTL, BSNL, Telenor, Vodafone) |
4
BSNL MTNL Reliance Communications RJIL |
1
Telenor |
0 | 5
Airtel AT&T Idea TTL Vodafone |
| Companies/Firms – 12
(SPAN Technologies, TRA, Zeotap Pvt. Ltd., IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph) |
3
Citibank KOAN Zeotap |
1
Mozilla |
2
IBM MakeMyTrip |
6
Disney India Exotel Redmorph Sigfox SPAN TRA |
| Civil Society Organisations/ Think Tanks – 12
(NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF) |
3
CPA SFLC Takshashila |
0 | 0 | 9
Access Now CGS CUTS FCSO IDP IFF ITfC NLUD CIS |
| Individuals – 3
(Sangeet Sindan, Baijayant Jay Panda, Apurv Jain) |
2
Baijayant Jay Panda Sangeet |
0 | 0 | 1
Apurv Jain |
INSIGHTS
- Creation of a technology enabled architecture to audit the use of personal data and associated content:
- 3% of all stakeholders opined that a technology enabled architecture should be created to audit the use of personal data and associated content.
- 34% of all stakeholders stated that a technology enabled architecture should not be created to audit the use of personal data and associated content.
- 8% of all stakeholders said that a technology enabled architecture should be created to audit the use of personal data and associated content, but only if it is an industry driven solution and not a government solution.
- 17% of all stakeholders did not address this issue or failed to do so in a clear manner.
- 25% of the industry associations, 50% of the TSPs, 33.33% of the companies/firms, 75% of the civil society organisations/think tanks and 66.67% of the individuals agreed that a technology enabled architecture should be created to audit the use of personal data and associated content.
- 25% of the industry associations, 40% of the TSPs, 25% of the companies/firms and 16.67% of the civil society organisations/think tanks were against the creation of a technology enabled architecture to audit the use of personal data and associated content.
- VIsibility provided to the government or its authorized authority, as a result of the creation of a technology enabled audit mechanism, to prevent harms:
- 8% of all stakeholders stated that a technology enabled architecture will provide sufficient visibility to the government or its authorized authority to prevent harms.
- 7% of all stakeholders opined that a technology enabled architecture will fail to provide sufficient visibility to the government or its authorized authority to prevent harms.
- 6% of all stakeholders did not address this issue or failed to do so in a clear manner.
- 25% of the industry associations, 20% of the TSPs, 25% of the companies/firms and 41.67% of the civil society organisations/think tanks said that a technology enabled architecture will provide sufficient visibility to the government or its authorized authority to prevent harms.
- 25% of the industry associations and 16.67% of the companies/firms said that a technology enabled architecture will not provide sufficient visibility to the government or its authorized authority to prevent harms.
- Capacity of the industry to create a sufficiently capable workforce of auditors who can take on these responsibilities:
- 4% of all stakeholders said that the industry can create a sufficiently capable workforce of auditors who can take on these responsibilities.
- 8% of all stakeholders opined that the industry cannot create a sufficiently capable workforce of auditors who can take on these responsibilities.
- 8% of all stakeholders stated that the creation a sufficiently capable workforce of auditors who can take on these responsibilities is unnecessary.
- 66% of all stakeholders did not address this issue, or failed to do so in a clear manner.
- 5% of the industry associations, 40% of the TSPs, 25% of the companies/firms, 25% of the civil society organisations/think tanks and 66.67% of the individuals agreed that the industry can create a sufficiently capable workforce of auditors who can take on these responsibilities.
- Amongst the companies/firms, 8.33% opined that the industry cannot create a sufficiently capable workforce of auditors who can take on these responsibilities and 16.67% said that the creation a sufficiently capable workforce of auditors who can take on these responsibilities is unnecessary.
Detailed Mapping of Responses
A detailed mapping of the responses of all the fifty-three (53) stakeholders, including the stances of the stakeholders, their response to question four (4) of the Consultation Paper and the suggestions they have made to the TRAI in view of the question, is available here.
[This post is authored by Sushma S. Babu, a fourth year undergraduate student of HNLU, Raipur, under the guidance of Pushan Dwivedi (Associate, TRA) during her internship with TRA].
Leave a Comment