Stakeholders’ Responses to the TRAI Privacy Consultation Paper: Part IX of XII – Key Issues Pertaining to Encouraging the Creation of New Data Based Businesses

This is the ninth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, and Ownership of the Data in the Telecom Sector (Consultation Paper) published by the Telecom Regulatory Authority of India (TRAI) on 9th August, 2017.

In order to address key data privacy and security issues, the TRAI framed twelve (12) questions and invited comments to these questions. In total, fifty-three (53) stakeholders submitted detailed responses. Comments of all stakeholders are available here. Our comments to the Consultation Paper are available here.

The mapping of stakeholders’ opinion, and the analysis of such mapping, is based on the interpretation of all the responses to the Consultation Paper. A few details may have been lost during the interpretation of the responses. All suggestions, requests, and comments, to rectify any such omission(s) or error(s) in this exercise, are duly invited.

“Q. 5 What, if any, are the measures that must be taken to encourage the creation of new data based businesses consistent with the overall framework of data protection?”

The following table projects the stances of the stakeholders on adoption of self-regulatory or light-touch measures to encourage the creation of new data based businesses consistent with the overall framework of data protection.

*Industry Associations: IAMAI – Internet & Mobile Association of India, ACTO – Association Of Competitive Telecom Operators, ACT – Association for Competitive Technology, ASSOCHAM – Associated Chambers of Commerce and Industry of India, COAI – Cellular Operators Association of India, GSMA – Groupe Speciale Mobile Association, ISPAI – Internet Service Providers Association of India, NASSCOM-DSCI – National Association of Software and Services Companies – Data Security Council of India, USISPF – U.S. India Strategic Partnership Forum, ITI – Information Technology Industry Council, USIBC – US India Business Council, BSA – Business Software Alliance, EBG – European Business Group Federation, BIF – Broadband India Forum, ISACA – Information Systems Audit and Control Association, iSPIRT – Indian Software Product Industry Round Table.

**Telecom Service Providers: AT&T Global Network Services India Pvt. Ltd., RJIL – Reliance Jio Infocomm Limited, MTNL – Mahanagar Telephone Nigam Limited, TTL – Tata Teleservices Limited, BSNL – Bharat Sanchar Nigam Limited.

***Civil Society Organisations/ Think Tanks: NLUD – National Law University, Delhi,  IDP – Internet Democracy Project, CIS – The Centre for Internet and Society, ITfC – IT for Change, SFLC – Software Freedom Law Centre, FCSO – Federation of Consumer and Service Organization, CUTS – Consumer Unity and Trust Society, CGS – Consumer Guidance Society, CPA – Consumer Protection Association, IFF – Internet Freedom Foundation.

The following table projects the stances of the stakeholders on promotion of anonymization of personal data sets.

Insights

Q1. Should self-regulatory or light-touch measures be introduced to encourage the creation of new data based businesses consistent with the overall framework of data protection?

• 64% of all stakeholders, comprising of 66.67% of industry associations, 16.67% of TSPs, 8.33% of civil society organisations/think tanks, and 8.33% of companies/firms, agreed that self-regulatory or light-touch measures should be introduced to encourage the creation of new data based businesses.
• 32% of all stakeholders, comprising of 50% of industry associations, 16.67% of TSPs, 16.67% of individuals and 16.67% of companies/firms, did not provide a clear stance on whether self-regulatory or light-touch measures should be introduced to encourage the creation of new data based businesses.
• 04% of all stakeholders, comprising of 14.29% of industry associations, 20% of TSPs, 31.43% of civil society organisations/think tanks, 5.71% of individuals and 28.57% of companies/firms, did not comment on whether self-regulatory or light-touch measures should be introduced to encourage the creation of new data based businesses.

 Q2. Should anonymization of personal data sets be promoted?

• 20% of all stakeholders, comprising of 42.86% of industry associations, 42.86% of TSPs and 14.28% of civil society organisations/think tanks, agreed that anonymization of personal data sets must be promoted.
• 32% of all stakeholders, comprising of 33.33% of industry associations, 33.33% of TSPs, 16.66% of individuals, 16.66% of companies/firms, did not provide a clear stance on whether anonymization of personal data sets be promoted.
• 47% of all stakeholders, comprising of 27.5% of industry associations, 12.5% of TSPs, 27.5% of civil society organisations/think tanks, 5% of individuals and 27.5% of companies/firms, did not comment on whether anonymization of personal data sets be promoted.

Detailed Mapping of Responses

A detailed mapping of the responses of all the fifty-three (53) stakeholders, including the stances of the stakeholders, their response to question five (5) of the Consultation Paper and the suggestions they have made to the TRAI in view of the question, is available here.

[This post is authored by Saumya Gupta, a fourth year undergraduate student of RMLNLU, Lucknow, and Sushma S. Babu, a fourth-year undergraduate student of HNLU, Raipur during their internships with TRA. Pushan Dwivedi (Associate, TRA) gave inputs].