Ikigai LawIkigai LawIkigai LawIkigai Law
  • About Us
    • About
    • Our Team
    • FinTales
    • Tech Ticker
  • Practice Areas
  • Blog
  • News & Events
    • Ikigai Law in the news
    • Ikigai Law at events
    • Ikigailaw on the social media
  • Careers

Stakeholders’ responses to the TRAI privacy consultation paper (Part VI of XII): Legitimate exceptions, exemptions and lawful surveillance

    Home Data Governance Stakeholders’ responses to the TRAI privacy consultation paper (Part VI of XII): Legitimate exceptions, exemptions and lawful surveillance
    NextPrevious

    Stakeholders’ responses to the TRAI privacy consultation paper (Part VI of XII): Legitimate exceptions, exemptions and lawful surveillance

    By Ikigai Law | Data Governance | 0 comment | 19 March, 2018 | 6

    This is the sixth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, and Ownership of the Data in the Telecom Sector (Consultation Paper) published by the Telecom Regulatory Authority of India (TRAI) on 9th August 2017.

    In order to address key data privacy and security issues, the TRAI framed twelve (12) questions and invited comments to these questions. In total, fifty-three (53) stakeholders submitted detailed responses. Comments of all stakeholders are available here. Our comments to the Consultation Paper are available here.

    The mapping of stakeholders’ opinion, and the analysis of such mapping, is based on the interpretation of all the responses to the Consultation Paper. A few details may have been lost during the interpretation of the responses. All suggestions, requests, and comments, to rectify any such omission(s) or error(s) in this exercise, are duly invited.

    “Q.11 What should be the legitimate exceptions to the data protection requirements imposed on TSPs and other providers in the digital ecosystem and how should these be designed? In particular, what are the checks and balances that need to be considered in the context of lawful surveillance and law enforcement requirements?”

    The concerns in relation to the legitimate exceptions to data protection requirements, raised by stakeholders in their responses to the abovementioned question 11 of the Consultation Paper, broadly relate to some of the issues discussed in the White Paper of the Committee of Experts on a Data Protection Framework for India (White Paper), namely, legitimate exceptions for national security and lawful surveillance purposes, exemption of de-identified data from the purview of data protection framework, and checks and balances in context of lawful surveillance and law enforcement requirements.

    The following table projects the stance of the stakeholders on the grounds of legitimate exceptions to data protection requirements.

     

    Categories of Stakeholders Should the legitimate exceptions to data protection requirements be restricted to critical purposes such as national security or law enforcement requirements?
    Yes (14) No (5) Maybe (7) No answer (27)
    Industry Associations – 16*

    (IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT)

    4

    IAMAI

    ASSOCHAM

    ISACA,

    NASSCOM-DSCI

     

    —

    4

    ACTO

    ISPAI

    BSA

    BIF

    8

    COAI

    GSMA

    ACT

    USISPF

    iSPIRT

    USIBC

    EBG

    ITI

    Telecom Service Providers (TSPs) – 10**

    (AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, RCOM, TTL, BSNL, Telenor, Vodafone)

     

    4

    RJIL

    MTNL

    BSNL

    RCOM

    1

    Telenor

    2

    AT&T

    Idea Cellular Ltd.

    3

    Bharti Airtel Ltd.

    TTL

    Vodafone

    Civil Society Organisations/ Think Tanks – 12***

    (NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF)

     

    2

    CGS

    CIS

    3

    NLUD

    SFLC

    CPA

    — 7

    Takshashila Institution

    IFF

    IDP

    ITfC

    FCSO

    CUTS

    Access Now

    Individuals – 3

    (Sangeet Sindan, Baijayant Jay Panda, Apurv Jain)

     

    1

    Apurv Jain

    — — 2

    Sangeet Sindan

    Baijayant Jay Panda

    Companies/Firms – 12

    (SPAN Technologies, TRA, Zeotap Pvt. Ltd.,  IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph)

     

    3

    KOAN

    Citibank

    Mozilla

    1

    Sigfox

    1

    SPAN Technologies

    7

    Make My Trip

    TRA

    Zeotap Pvt. Ltd.

    IBM

    Exotel

    Disney India

    Redmorph

     

    *Industry Associations: IAMAI – Internet & Mobile Association of India, ACTO – Association Of Competitive Telecom Operators, ACT – Association for Competitive Technology, ASSOCHAM – Associated Chambers of Commerce and Industry of India, COAI – Cellular Operators Association of India, GSMA – Groupe Speciale Mobile Association, ISPAI – Internet Service Providers Association of India, NASSCOM-DSCI – National Association of Software and Services Companies – Data Security Council of India, USISPF – U.S. India Strategic Partnership Forum, ITI – Information Technology Industry Council, USIBC – US India Business Council, BSA – Business Software Alliance, EBG – European Business Group Federation, BIF – Broadband India Forum, ISACA – Information Systems Audit and Control Association, iSPIRIT – Indian Software Product Industry Round Table.

    **Telecom Service Providers: AT&T Global Network Services India Pvt. Ltd., RJIL – Reliance Jio Infocomm Limited, MTNL – Mahanagar Telephone Nigam Limited, TTL – Tata Teleservices Limited, BSNL – Bharat Sanchar Nigam Limited, RCOM –  Reliance Communications Ltd.

    ***Civil Society Organisations/ Think Tanks: NLUD – National Law University, Delhi,  IDP – Internet Democracy Project, CIS – The Centre for Internet and Society, ITfC – IT for Change, SFLC – Software Freedom Law Centre, FCSO – Federation of Consumer and Service Organization, CUTS – Consumer Unity and Trust Society, CGS – Consumer Guidance Society, CPA – Consumer Protection Association, IFF – Internet Freedom Foundation.

     

     The following table projects the stance of the stakeholders on an exclusion of anonymized data from the purview of data protection requirements.

     

    Categories of Stakeholders Should anonymized data be excluded from the purview of data protection requirements?
    Yes (8) No (1) Maybe (1) No answer (43)
    Industry Associations – 16*

    (IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT)

    3

    COAI

    USISPF

    EBG

    1

    ASSOCHAM

    — 12

    IAMAI

    ACTO

    GSMA

    ISPAI

    NASSCOM-DSCI

    ACT

    ISACA

    ITI

    iSPIRT

    USIBC

    BSA

    BIF

    Telecom Service Providers (TSPs) – 10**

    (AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, RCOM, TTL, BSNL, Telenor, Vodafone)

     

    3

    RJIL

    Vodafone

    RCOM

    — — 7

    AT&T

    Bharti Airtel Ltd.

    Idea Cellular Ltd.

    MTNL

    TTL

    BSNL

    Telenor

    Civil Society Organisations/ Think Tanks – 12***

    (NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF)

     

    1

    SFLC

    — — 11

    NLUD

    Takshashila Institution

    Access Now

    IFF

    IDP

    CIS

    ITfC

    FCSO

    CUTS

    CGS

    CPA

    Individuals – 3

    (Sangeet Sindan, Baijayant Jay Panda, Apurv Jain)

     

    — — — 3

    Sangeet Sindan

    Baijayant Jay Panda

    Apurv Jain

    Companies/Firms – 12

    (SPAN Technologies, TRA,  Zeotap Pvt. Ltd.,  IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph)

     

    1

    Zeotap Pvt. Ltd.

    — 1

    KOAN

    10

    SPAN Technologies

    TRA

    IBM

    Make My Trip

    Sigfox

    Exotel

    Mozilla

    Citibank

    Disney India

    Redmorph

     

     The following table projects the stance of the stakeholders on judicial interventions and oversight for surveillance and lawful access to personal data.

     

    Categories of Stakeholders Should there be provisions for judicial interventions and oversight for surveillance and lawful access to data?
    Yes (12) No (0) Maybe (1) No answer (40)
    Industry Associations – 16*

    (IAMAI, ACTO, ASSOCHAM, COAI, GSMA, ISPAI, NASSCOM-DSCI, USISPF, ITI, USIBC, BSA, EBG, BIF, ACT, ISACA, iSPIRT)

    6

    ACTO

    NASSCOM-DSCI

    iSPIRT

    USIBC

    BSA

    BIF

    —- 1

    GSMA

    9

    IAMAI

    ASSOCHAM

    COAI

    ISPAI

    ACT

    ISACA

    USISPF

    ITI

    EBG

    Telecom Service Providers (TSPs) – 10**

    (AT&T, RJIL, Bharti Airtel Ltd., Idea Cellular Ltd., MTNL, RCOM, TTL, BSNL, Telenor, Vodafone)

     

    2

    AT&T

    Telenor

    — — 8

    RJIL

    Bharti Airtel Ltd.

    Idea Cellular Ltd.

    MTNL

    RCOM

    TTL

    BSNL

    Vodafone

    Civil Society Organisations/ Think Tanks – 12***

    (NLUD, IDP, CIS, ITfC, SFLC, FCSO, CUTS, CGS, CPA, Takshashila Institution, Access Now, IFF)

     

    3

    Takshashila Institution

    CIS

    CGS

    — — 9

    NLUD

    Access Now

    IFF

    IDP

    ITfC

    SFLC

    FCSO

    CUTS

    CPA

    Individuals – 3

    (Sangeet Sindan, Baijayant Jay Panda, Apurv Jain)

     

    1

    Sangeet Sindan

    — — 2

    Baijayant Jay Panda

    Apurv Jain

    Companies/Firms – 12

    (SPAN Technologies, TRA,  Zeotap Pvt. Ltd.,  IBM, Make My Trip, Sigfox, Exotel, Mozilla, Citibank, Disney India, KOAN, Redmorph)

     

    — — — 12

    SPAN Technologies

    TRA

    Zeotap Pvt. Ltd.

    IBM

    Make My Trip

    Sigfox

    Exotel

    KOAN

    Mozilla

    Citibank

    Disney India

    Redmorph

     

    INSIGHTS

    Should the legitimate exceptions to data protection requirements be restricted to critical purposes such as national security or law enforcement requirements?

    • 26.4% of the stakeholders, comprising 25% of the industry associations, 40% of TSPs, 16.7% of civil society organisations/think tanks, 33.3% of individuals and 25% of companies/firms, stated that the legitimate exceptions to data protection requirements should be restricted to critical purposes such as national security and law enforcement requirements.
    • 9.4% of the stakeholders, comprising 10% of TSPs, 25% of civil society organisations/think tanks and 8.3% of companies/firms, stated that the legitimate exceptions to data protection requirements should not be restricted to critical purposes such as national security and law enforcement requirements.
    • 13.2% of the stakeholders, comprising 25% of the industry associations, 20% of TSPs and 8.3% of companies/firms, did not provide a clear stance on whether the legitimate exceptions to data protection requirements should be restricted to critical purposes such as national security and law enforcement requirements.
    • 50.9% of the stakeholders, comprising 50% of the industry associations, 30% of TSPs, 58.3% of civil society organisations/think tanks, 66.7% of individuals and 58.3% of companies/firms, did not comment on whether the legitimate exceptions to data protection requirements should be restricted to critical purposes such as national security and law enforcement requirements.

     

     

     

    Should anonymized data be excluded from the purview of data protection requirements?

    • 15.1% of the stakeholders, comprising 18.8% of the industry associations, 30% of TSPs, 8.3% of civil society organisations/think tanks and 8.3% of companies/firms, stated that anonymized data should be excluded from the purview of data protection requirements.
    • 1.9% of the stakeholders, comprising 6.3% of the industry associations, stated that anonymized data should not be excluded from the purview of data protection requirements.
    • 1.9% of the stakeholders, comprising 8.3% of companies/firms, did not provide a clear stance on whether anonymized data should be excluded from the purview of data protection requirements.
    • 81.1% of the stakeholders, comprising 75% of the industry associations, 70% of TSPs, 91.7% of civil society organisations/think tanks, 100% of individuals and 83.3% of companies/firms, did not comment on whether anonymized data should be excluded from the purview of data protection requirements.

     

     

    Should there be provisions for judicial interventions and oversight for surveillance and lawful access to data?

    • 22.6% of the stakeholders, comprising 37.5% of the industry associations, 20% of TSPs, 25% of civil society organisations/think tanks and 33.3% of individuals, stated that there should be provisions for judicial interventions and oversight for surveillance and lawful access to data.
    • 1.9% of the stakeholders, comprising 6.3% of the industry associations, did not provide a clear stance on whether there should be provisions for judicial interventions and oversight for surveillance and lawful access to data.
    • 75.5% of the stakeholders, comprising 56.3% of the industry associations, 80% of TSPs, 75% of civil society organisations/think tanks, 66.7% of individuals and 100% of companies/firms, did not comment on whether there should be provisions for judicial interventions and oversight for surveillance and lawful access to data.

     

     

     

     

    Detailed Mapping of Responses

    A detailed mapping of the responses of all the fifty-three (53) stakeholders, including the stances of the stakeholders, their response to question eleven (11) of the Consultation Paper and the suggestions they have made to the TRAI in view of the question, is available here.

    [This post is authored by Varsha Rao, a fifth-year undergraduate student of NLU, Delhi under the supervision of Pushan Dwivedi (Associate, TRA) during her internship with TRA].

    Consultation, Consultation Paper, Data Controllers, Data Protection, Data Subjects, De-identified Data, Exemptions, Government, Ikigai Law, Indian government, Lawful Surveillance, Legitimate Exceptions, MeITY, National Security, Privacy, Recommendations, Srikrishna Committee, Stakeholders, Tech Policy, TRAI

    Ikigai Law

    More posts by Ikigai Law

    Related Post

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part XII of XII): Technological solutions to monitor compliance

      By Ikigai Law | 0 comment

      This is the twelfth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part XI of XII): Parity in the data protection norms between TSPs and other communication service providers

      By Ikigai Law | 0 comment

      This is the eleventh post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part X of XII): Safety and security of telecommunications infrastructure and digital ecosystem

      By Ikigai Law | 0 comment

      This is the tenth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    • Stakeholders’ Responses to the TRAI Privacy Consultation Paper: Part IX of XII – Key Issues Pertaining to Encouraging the Creation of New Data Based Businesses

      By Ikigai Law | 0 comment

        This is the ninth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security,Read more

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part VIII of XII): Key issues pertaining to personal data collection and use

      By Ikigai Law | 0 comment

      This is the eighth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    Leave a Comment

    Cancel reply

    Your email address will not be published. Required fields are marked *

    NextPrevious

    Tags

    #DataProtection #Fintales bitcoin Blockchain Budget Consent Consultation Consultation Paper cryptocurrency data Data Controllers data governance Data localisation Data Protection Data Subjects digital economy Digital India Drones E-Commerce Facebook Fintech Government Government of India healthtech Ikigai Law India Indian government Innovation MeITY Notice Payments Personal Data policy Privacy RBI Recommendation Regulation Srikrishna Committee Stakeholders Startups Surveillance Technology Tech Policy TechTicker TRAI

    Connect with Ikigai Law

    Copyright 2018 Ikigai Law | All Rights Reserved             

    Information

    • Practice Areas
    • Blog
    • Careers
    • Contact Us
    • Privacy Policy

    Contact us

    Office
    T-7/402, Commonwealth Games Village Apartment,
    New Delhi, Delhi 110092 India.

    Email Address

    contact@ikigailaw.com

    • About Us
      • About
      • Our Team
      • FinTales
      • Tech Ticker
    • Practice Areas
    • Blog
    • News & Events
      • Ikigai Law in the news
      • Ikigai Law at events
      • Ikigailaw on the social media
    • Careers
    Ikigai Law