Stakeholders’ responses to the TRAI privacy consultation paper (Part VII Of XII): Definition of personal data, permissible grounds and empowerment of users

This is the seventh post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, and Ownership of the Data in the Telecom Sector (Consultation Paper) published by the Telecom Regulatory Authority of India (TRAI) on 9th August, 2017.

In order to address key data privacy and security issues, the TRAI framed twelve (12) questions and invited comments to these questions. In total, fifty-three (53) stakeholders submitted detailed responses. Comments of all stakeholders are available here. Our comments to the Consultation Paper are available here.

The mapping of stakeholders’ opinion, and the analysis of such mapping, is based on the interpretation of all the responses to the Consultation Paper. A few details may have been lost during the interpretation of the responses. All suggestions, requests, and comments, to rectify any such omission(s) or error(s) in this exercise, are duly invited.

“Q. 2 In light of recent advances in technology, what changes, if any, are recommended to the definition of personal data? Should the User’s consent be taken before sharing his/her personal data for commercial purposes? What are the measures that should be considered in order to empower users to own and take control of his/her personal data? In particular, what are the new capabilities that must be granted to consumers over the use of their Personal data?”

The concerns in relation to the definition of personal data and consent for sharing of personal data, raised by stakeholders in their responses to abovementioned question 2 of the Consultation Paper, broadly correspond to the issues raised under Part II (Chapter 3) and Part III (Chapter 1) of the White Paper of the Committee of Experts on a Data Protection Framework for India (White Paper). Chapter 3 of Part II deals with the definition of personal data. Chapter 1 of Part III explores consent as the ground for sharing of personal data. The mapping of stakeholders’ opinion, and the analysis of such mapping, has been conducted in context of the issues raised under Part II (Chapter 3) and Part III (Chapter 1) of the White Paper, particularly the concerns related to the definition of personal data and the consent required before sharing of data.

The following table projects the stances of the stakeholders on the issues concerning the definition of personal data and whether personal data definition should be amended.

*Industry Associations: IAMAI – Internet & Mobile Association of India, ACTO – Association Of Competitive Telecom Operators, ACT – Association for Competitive Technology, ASSOCHAM – Associated Chambers of Commerce and Industry of India, COAI – Cellular Operators Association of India, GSMA – Groupe Speciale Mobile Association, ISPAI – Internet Service Providers Association of India, NASSCOM-DSCI – National Association of Software and Services Companies – Data Security Council of India, USISPF – U.S. India Strategic Partnership Forum, ITI – Information Technology Industry Council, USIBC – US India Business Council, BSA – Business Software Alliance, EBG – European Business Group Federation, BIF – Broadband India Forum, ISACA – Information Systems Audit and Control Association, iSPIRIT – Indian Software Product Industry Round Table.

**Telecom Service Providers: AT&T Global Network Services India Pvt. Ltd., RJIL – Reliance Jio Infocomm Limited, MTNL – Mahanagar Telephone Nigam Limited, TTL – Tata Teleservices Limited, BSNL – Bharat Sanchar Nigam Limited.

***Civil Society Organisations/ Think Tanks: NLUD – National Law University, Delhi,  IDP – Internet Democracy Project, CIS – The Centre for Internet and Society, ITfC – IT for Change, SFLC – Software Freedom Law Centre, FCSO – Federation of Consumer and Service Organization, CUTS – Consumer Unity and Trust Society, CGS – Consumer Guidance Society, CPA – Consumer Protection Association, IFF – Internet Freedom Foundation.

The following table projects the stances of the stakeholders on user consent as the only permissible ground for sharing of personal data for commercial purposes.

The following table projects the stances of the stakeholders on whether consent is required for processing or sharing of anonymised data.

INSIGHTS

Should the definition of personal data be amended?

• 9% of all stakeholders, comprising of 18.5% of industry associations, 14.8% of TSPs, 37% of civil society organisations/think tanks, 3.7% of individuals and 25.9% of companies/firms, agreed that definition of personal data should be amended.
• 6% of all stakeholders, comprising of 50% of industry associations, 41.7% of TSPs and 8.33% of companies/firms, opined that there is no need to amend the definition of personal data.
• 2% of all stakeholders, comprising of 42.8% of industry associations, 14.3% of TSPs, 14.3% of civil society organisations/think tanks and 28.6% of companies/firms, did not provide a clear stance on whether definition of personal data needs to be amended.
• 2% of all stakeholders, comprising of 28.6% of industry associations, 14.28% of civil society organisations/think tanks, 28.6% of individuals and 28.6% of companies/firms, did not comment on whether definition of personal data be amended.

Should user consent be the only permissible ground for sharing of personal data for commercial purposes?

• 9% of all stakeholders, comprising of 14.8% of industry associations, 29.6% of TSPs, 29.6% of civil society organisations/think tanks, 7.4% of individuals and 18.5% of companies/firms, opined that user consent should be the only ground for sharing of data for commercial purposes.
• 4% of all stakeholders, comprising of 64.3% of industry associations, 14.3% of civil society organisations/think tanks and 21.4% of companies/firms, stated that user consent should not be the only ground for sharing of data for commercial purposes.
• 09% f the stakeholders, comprising of 37.5% of industry associations, 25% of TSPs, 12.5% of civil society organisations/think tanks and 25% of companies/firms, did not provide a clear stance on whether user consent is the only ground for sharing of data for commercial purposes.
• 5% of all stakeholders, comprising of 25% of civil society organisations/think tanks, 25% of individuals and 50% of companies/firms, did not comment on whether user consent is the only ground for sharing of data for commercial purposes.

Detailed Mapping of Responses

A detailed mapping of the responses of all the fifty-three (53) stakeholders, including the stances of the stakeholders, their response to question two (2) of the Consultation Paper and the suggestions they have made to the TRAI in view of the question, is available here.

[This post is authored by Sakshi Nigam, a fourth year undergraduate student of RMLNLU, Lucknow with contributions from Aashraya Sharma, a fifth year undergraduate student of NLSIU, Bangalore, under the supervision of Pushan Dwivedi (Associate, TRA) and Nehaa Chaudhari (Public Policy Lead, TRA), during her internship with TRA].