Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

An Overview of Consumer Privacy Regulations for TSPs in India


Published on

An Overview of Consumer Privacy Regulations for TSPs in India -- BSNL project report

Published in: Education
  • You are welcome to visit our brilliant writing company in order to get rid of your academic writing problems once and for all!
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

An Overview of Consumer Privacy Regulations for TSPs in India

  1. 1. An Overview of Consumer Privacy Regulations for TSPs in India
  2. 2. An Overview of Consumer Privacy Regulations for TSPs in India 1 Preface The project is an effort to inform the readers about the privacy regulations currently enforced on telecommunication companies for protecting privacy of customer data and ensuring higher quality of service to its customers. The report begins with the introduction of BSNL and telecom sector in India, in general. The modern communication system in India started with the laying down of telegraph network during British rule. Various telegraph statutes were enacted by the government in order to ensure telegraph network‟s exclusivity and government control over electronic communication at the same time. It was these regulations that laid the foundation of present day regulatory framework governing electronic communication, let it be wired or wireless. In the last decade, we all went through the ups and downs related to mobile technology. We are witnessing huge growth rates in mobile communication systems, increasing mobility awareness in society and worldwide deregulation of formerly monopolized markets. Today telecommunication service has transformed from a luxury available to select few to a necessity of common man‟s daily life. Due to its exponential growth in the past few years, telecommunication field raises new set of questions which can only be answered by adopting newer techniques and outlook. In the face of fierce competition, it is very essential to not only exist but also excel in the market. Given the dynamic and complex nature of market with consumers becoming more aware of the trends, maintaining a certain level of quality of service has become essential. Maintaining customer privacy is one of the fields that have recently caught the eye of public as well as companies in India. Though the current implementations regarding the matter are in nascent stage, but there is much more to be done in the not so distant future. This project conveys an insight about the current laws that try to uphold the consumers‟ privacy and try to bring to justice the breaches on company‟s part. The project also highlights few foreign regulations to learn from and in general, suggests few solutions for betterment of situation.
  3. 3. An Overview of Consumer Privacy Regulations for TSPs in India 2 Introduction The word “telecommunication” is a compound of the Greek prefix “tele” meaning 'far off', and the Latin “communicare”, meaning 'to share'. In its current usage, it refers to transmission of signals over a distance for the purpose of communication. The telecommunications industry has impact on every aspect of our lives, from the simple reality of enabling telephonic communication between people in different locations, whether separated by blocks or by continents, to enabling supply-chains towork seamlessly across continents to create products and fulfil consumer demands. Telecommunication services, for long as of now, have been recognized as a key to the rapid growth and modernization of the economy and an important tool for socio- economic development for a nation. Telecommunications in India can be traced back to the 19th century when the British East India Company introduced telegraph services in India. The past two decades can be considered as the golden period for the telecommunications industry in India exhibiting exponential growth and development in terms of technology, penetration, as well as policy. The growth and development led to the liberalization and huge investment by both domestic and foreign players in this sector. Data services have become one of growth driver for the industry with increasing internet penetration and broadband adoption. At the same time, m-Commerce is been considered a great opportunity to expand business beyond just voice & data services. Telecom industry has evolved significantly over the last ten years and during this period there have been increased requirements to have robust information security environment. Also, with the increasing demand of having stringent legal and regulatory information security requirement, there is an enhanced focus on the subject across telecom operators. Consumers are facing unprecedented attacks on privacy. With data brokers gaining unauthorized access to personal information, threats to the privacy of personal information are on the rise. Today‟s consumers are afforded unprecedented ease of communication and access to information, thanks to recent technological advances. However these advancements have done more than concentrate information channels and create
  4. 4. An Overview of Consumer Privacy Regulations for TSPs in India 3 new options for consumers. Modern information gathering has also exposed individuals to the threat of privacy invasion. Never before, has personal data been so easily compiled and transmitted. The very act of aggregating records creates new opportunities for companies and data brokers to take advantage of inadequate legal restraints on sharing and profit off of the private information. This leaves consumer open to the menaces of data mining, intrusive advertising, and identity theft. Telephone companies must be held accountable for neglecting their duty to safeguard consumers‟ sensitive information.
  5. 5. An Overview of Consumer Privacy Regulations for TSPs in India 4 1. Company Profile Bharat Sanchar Nigam Ltd. was incorporated on 15th September 2000. It took over the business of providing of telecom services and network management from the erstwhile Central Government Departments of Telecom Services (DTS) and Telecom Operations (DTO), with effect from 1st October 2000 on going concern basis. It is one of the largest & leading public sector units providing comprehensive range of telecom services in India. BSNL has installed Quality Telecom Network in the country & now focusing on improving it, expanding the network, introducing new telecom services with ICT applications in villages & winning customer's confidence. Today, it has about 43.74 million line basic telephone capacity, 8.83 million WLL capacity, 72.60 million GSM capacity, 37,885 fixed exchanges, 68,162 GSM BTSs, 12,071 CDMA Towers, 197 Satellite Stations, 6,86,644 Km. of OFC, 50,430 Km. of microwave network connecting 623 districts, 7330 cities/towns & 5.8 lakhs villages . BSNL is the only service provider, making focused efforts & planned initiatives to bridge the rural-urban digital divide in ICT sector. In fact there is no telecom operator in the country to beat its reach with its wide network giving services in every nook & corner of the country & operates across India except New Delhi & Mumbai. Whether it is inaccessible areas of Siachen glacier or North-Eastern regions of the country, BSNL serves its customers with a wide bouquet of telecom services namely Wireline, CDMA mobile, GSM mobile, Internet, Broadband, Carrier service, MPLS- VPN, VSAT, VoIP, IN Services, FTTH, etc. BSNL is numerouno of India in all services in its license area. The company offers wide ranging & most transparent tariff schemes designed to suit every customer. BSNL has 90.09 million cellular & 5.06 million WLL customers as on 31.07.2011. 3G Facility has been given to all 2G connections of BSNL. In basic services, BSNL is miles ahead of its rivals, with 24.58 million wireline phone subscribers i.e. 71.93% share of the wireline subscriber base. BSNL has set up a world class multi-gigabit, multi-protocol convergent IP infrastructure that provides convergent services like voice, data & video through the
  6. 6. An Overview of Consumer Privacy Regulations for TSPs in India 5 same Backbone & Broadband Access Network. At present there are 8.09 million broadband customers. The company has vast experience in planning, installation, network integration & maintenance of switching & transmission networks & also has a world class ISO 9000 certified Telecom Training Institute. During the 2010-11, turnover of BSNL was around INR 29,700 crores. 1.1. VISION:  Be the leading telecom service provider in India with global presence.  Create a customer focused organization with excellence in customer care, sales and marketing.  Leverage technology to provide affordable and innovative telecom. Services/products across customer segments. 1.2. MISSION:  Be the leading telecom service provider in India with global presence.  Creating a customer focused organization with excellence in customer care, sales& marketing.  Leveraging technology to provide affordable and innovative products/services across customer segments.  Providing a conducive work environment with strong focus on performance  Establishing efficient business processes enabled by IT. 1.3. OBJECTIVES:  To be the Leading Telecom Services provider by achieving higher rate of growth so as to become a profitable enterprise.  To provide quality and reliable fixed telecom service to our customer and thereby increase customers confidence.
  7. 7. An Overview of Consumer Privacy Regulations for TSPs in India 6  To provide customer friendly mobile telephone service of high quality and play a leading role as GSM operator in its area of operation.  To develop strategy for rightsizing the manpower and providing greater customer satisfaction  To leverage the existing infrastructure of BSNL for facilitating implementation of other government programmes and initiatives particularly in the rural areas.
  8. 8. An Overview of Consumer Privacy Regulations for TSPs in India 7 2. Indian Telecom Sector Like elsewhere, telecommunication in India started as a state monopoly. In the 1980s, telephone services and postal services came under the Department of Posts and Telegraphs. In 1985, the government separated the Department of Post and created the Department of Telecommunications (DoT). As part of early reforms, the government set up two new public sector undertakings: Mahanagar Telephone Nigam Limited (MTNL) and Videsh Sanchar Nigam Limited (VSNL). MTNL looked after telecommunications operations in two megacities, Delhi and Mumbai. VSNL provided international telecom services in India. DoT continued to provide telecommunications operations in all regions other than Delhi and Mumbai. In the early 1990s the Indian telecom sector, which was owned and controlled by the Indian government, was liberalized and private sector participation was permitted through a gradual process. First, telecom equipment manufacturing sector was completely deregulated. The government then allowed private players to provide value added services (VAS) such as paging services. In 1994, the government unveiled the National Telecom Policy 1994 (NTP 1994). NTP 1994 recognized that existing government resources would not be sufficient to achieve telecom growth and hence private investment should be allowed to bridge the resource gap especially in areas such as basic services. As markets and telecom technologies started converging and the differences between voice (both fixed and wireless) and data networks started blurring, the need for developing the modern telecom network became an immediate necessity. Accordingly, private sector participation was allowed in basic services. The government at that time realized that a major part of the growth of the country‟s GDP would be reliant on direct and indirect contributions of the telecom sector in the future and accordingly the need for a comprehensive and forward looking telecommunications policy was felt. This then paved way for New telecom Policy 1999(NTP 1999) which largely focused on creating an environment for attracting continuous private investment in the telecom sector and allowed creation of communication infrastructure by leveraging on technological development. The main objectives and targets of NTP 1999 were as follows:
  9. 9. An Overview of Consumer Privacy Regulations for TSPs in India 8  Availability of affordable and effective communications for citizens;  Strive to provide a balance between the efforts of universal service to all uncovered areas, including the rural areas and the provision of high-level services capable of meeting the needs of the country‟s economy;  Create a modern and efficient telecommunications infrastructure taking into account the convergence of IT, media, telecom and consumer;  Protect the defence and security interests of the country. NTP 1999 allowed private operators providing cellular and basic services to migrate from a fixed license fee era to a revenue sharing era which made it financially possible for such operators to function in the market. Most importantly, the government recognized the necessity to separate the government's policy wing from its operations wing so as to create a level playing field for private operators. Accordingly the NTP 1999 directed the separation of the policy and licensing functions of DoT from the service provision functions. The Government corporatized the operations wing of DoT in October 2000 and named it as Bharat Sanchar Nigam Limited (BSNL) which now operates as a public sector undertaking. In the year 2002, the monopoly of VSNL also came to an end. The process of liberalization in the country started in 1991 with the declaration of New Economic Policy. Telecom equipment manufacturing was de-licensed in 1991 which and value added services were opened to private sectors in 1992. After 1991 liberalization in Government policies, various private players were allowed to enter the telecom market. Indian telecom today benefits from some of the loosest regulations in the world, sometimes considered the “poster boy for economic reforms” has been the top beneficiaries of the post 1991 liberalization era. The Indian telecom sector with over 950 million customers is the second largest in the world. The sector showed the growth rate of over 40% in recent years, making it the fastest growing sector in India and around the world. The rapid growth in India was possible due to proactive and positive decisions of the government and positive lookout and support from both public and private sectors. According to COAI data, the telecom customer base stood at over 951 million in March 2012. Indian telecom sector has shown an exponential growth throughout as
  10. 10. An Overview of Consumer Privacy Regulations for TSPs in India 9 a result of greater emphasis by the government. The Indian Telecom market is the most competitive with over 11 operators in each circle, the largest number around the world. The “big fish” of telecom industry are BSNL (state owned), Airtel, Reliance, Vodafone, Idea and Tata. Only the two networks, Reliance and Tata offer CDMA technology while all others are in the GSM band. GSM has an 88% share of subscribers and continuously rising and now even Reliance and Tata are offering nation-wide GSM services. Tele-density has reached to the higher levels of 78.66% as of March 2012 and is expected to cross 84% by the end of 2012. The industry is expected to reach a size of INR344,921crore by 2012 at a growth rate of over 26%, and generate employment opportunities for about 10 million people during the same period. Analytical forecast boast that the sector would create direct employment for more than 2.5 million people directly and for near about6 million people indirectly. The total revenue of the Indian telecom sector grew by 7% to INR283,207 crore for 2010–11 financial year, while revenues from telecom equipment segment stood at INR117,039 crore. The figures below provide a gist of swiftly growing Indian telecom sector. Figure 2.1 3.1 5.4 10.5 28.2 47.6 75.4 146.4 228.9 341.3 519.2 746.6 890 0 100 200 300 400 500 600 700 800 900 1000 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 Subscribers Growth Chart Subscriber Base (mn)
  11. 11. An Overview of Consumer Privacy Regulations for TSPs in India 10 Figure 2.2 19.72% 16.65% 16.37% 12.26% 10.72% 8.89% 6.81% 4.62% 1.72% 0.65% 0.63% 0.37% 0.36% 0.14% 0.09% Company wise % market share Airtel Reliance Vodafone Idea BSNL Tata Aircel Uninor Sistema Videocon MTNL Loop Stel HFCL Etisalat
  12. 12. An Overview of Consumer Privacy Regulations for TSPs in India 11 2.1. Indian Telecom Authorities: Figure 2.1.1 2.1.1. Telecom Commission: The Telecom Commission was set up by the Government of India on 11th April, 1989 with administrative and financial powers of the Government to deal with various aspects of Telecommunications in the country. The responsibilities of Telecom Commission along with DoT include policy formulation, licensing, wireless spectrum management, administrative monitoring of PSUs, research and development and validation of equipment etc. The multi-faceted strategies followed by the Telecom Commission not only transformed the very structure of the sector but also motivated all the public/private players to contribute in accelerating the growth of the sector. 2.1.2. Department of Telecom: The DoT acts on behalf of the Central Government. Some of the important functions of the DoT are as follows:  Policy, Licensing and Coordination matters relating to telegraphs, telephones, wireless, data, facsimile and telematics services and other similar forms of communications.  International cooperation in matters connected with telecommunications industry including matters relating to all international standardization bodies Ministry of Communications and Information Technology Telecom Commission DoT TRAI WPC TEC
  13. 13. An Overview of Consumer Privacy Regulations for TSPs in India 12 dealing with telecommunications such as ITU, RRB, ITU-R, ITU-T, ITU-D, INTELSAT, INMARSAT, APT, etc.  Promotion of standardization, research and development in telecommunications.  Promote the investment from private players in telecommunications industry.  Financial assistance for continuation and promotion of research and study in telecommunications technology and for developing adequately trained manpower for telecom programme.  Purchase and acquisition of land relating to telecommunications work. 2.1.3. Telecom Regulatory Authority of India: The Telecom Regulatory Authority of India (TRAI) was established with effect from 20th February 1997 by an Act of Parliament, called the Telecom Regulatory Authority of India Act, 1997, to regulate telecom services, including fixation/revision of tariffs for telecom services which were earlier vested in the Central Government. TRAI's mission is to create, develop and maintain conditions for growth of telecommunications in the country in a manner and at a pace which will enable India to achieve a leading position in emerging global information society. One of the main objectives of TRAI is to create a level playing field and facilitate fair competition by providing a fair and transparent policy environment. In order to achieve above objective TRAI has issued, in timely manner, a large number of regulations, orders and directives to deal with issues developing with time and provided the required direction for the evolution of Indian telecommunication market from a Government owned monopoly into a multi-operator, multi-service open competitive market. The directions, orders and regulations issued cover a wide range of subjects including tariff, interconnection and quality of service including others. 2.1.4. Wireless Planning and Coordination: The WIRELESS PLANNING & COORDINATION (WPC) Wing of the Ministry of Communications was created in 1952 as the National Radio Regulatory Authority responsible for Frequency Spectrum Management, including licensing and looks after the needs of all wireless users (Government and Private) in the country. It exercises the statutory functions of the Central Government and issues licenses to establish, maintain and operate
  14. 14. An Overview of Consumer Privacy Regulations for TSPs in India 13 wireless stations. WPC has been divided into major sections such as Licensing and Regulation (LR), New Technology Group (NTG) and Standing Advisory Committee on Radio Frequency Allocation (SACFA). SACFA makes the recommendations on major frequency allocation issues, formulation of the frequency allocation plan, delivering expertise on the various matters related to International Telecom Union (ITU), to help solve problems referred to the committee by various wireless users or industry, providing clearance of all wireless installations in the country etc. 2.1.5. Telecommunication Engineering Centre: A technical body representing the interest of Department of Telecom, Government of India.  Specifies the common standards regarding the telecom network equipment, services and interoperability.  Generic Requirements (GRs), Interface Requirements (IRs).  Issuing Interface Approvals (IA), Certificate of Approvals (CA), Service Approvals (SA) and Type Approvals (TA).  Formulation of standards and fundamental technical plans.  Interact with international agencies like APT, ETSI and ITU etc. for standardization.  Develop expertise to obtain the latest technologies and results of R&D.  Provide technical support to DOT and technical advice to TRAI & TDSAT.  Coordinate with C-DOT over the issues relating to technological developments in the telecom sector for policy planning by DOT.
  15. 15. An Overview of Consumer Privacy Regulations for TSPs in India 14 3. Problem Definition There are enough concerns already in relation to the protection of personal data information, under the influence of the right to one‟s privacy. The right to privacy refers to the right of an individual to control the collection, use and disclosure of personal information. Personal information can be in the form of personal interests, activities, family details, educational details, telephone records, medical records and financial details, to name a few. Further, the advancements in technology have spawned entirely new set of issues concerning privacy rights and data protection. Privacy is a complex concept even before other concepts are lumped with it. The concept of “privacy” needs to be carefully overviewed. It defies easy definition and many proposals to protect privacy have gone forward without a clear understanding of what privacy really is. Importantly, privacy is a personal and utterly subjective condition. One of the major flaws with the current telecom policy of India is the lack of adequate privacy laws guiding them. For instance, until recently we did not had any proper control over telemarketing calls. Telemarketing companies targeted Indian consumers with all sorts of calls and schemes day and night. The Department of Telecommunication (DoT) and Telecom Regulatory Authority of India (TRAI) think that they have done their part by establishing the National Do Not Call (NDNC) register, but in reality this is not enough. Consumer complaints have reduced to certain levels but the numbers are still in thousands annually and many do not complain due to the fear of wastage of time and money or the lack of knowledge to do so. Clearly, the telemarketing lobby is toying with the telecom policies ingeniously enough to keep them out of the hands of law and amount of fines. Further, there is no effective mechanism through which telecom disputes of consumers can be effectively handled in India. The establishment of TDSAT has not been a success due to the lack of widespread publicity among the masses. Also the consumer protection law of India needs to be fine-tuned, keeping in mind the telecom disputes. Another concern with India is the absence of effective privacy law and data protection laws. Essential and private details of telecom consumers were openly available for sale in the markets in recent past. Telemarketing companies
  16. 16. An Overview of Consumer Privacy Regulations for TSPs in India 15 purchased this information and used the same without any fear of punishment as there were no deterrent rules or regulations in this regard. People recently involved themselves in the unconstitutional “Aadhar” project of India all around the country. Under the project, biometric details of every Indian resident would be collected regardless of the fact that there is no legal framework supporting such collection. On combining it with the growing e-surveillance in India, lack of data protection and privacy laws and unregulated telecom sector, it is not difficult to realize that others know more about you than yourself. With controversial activities like illegal phone tapping, imposition of Aadhar project, launch of projects like National Intelligence Grid (Natgrid) and Crime and Criminal Tracking Network and Systems (CCTNS), without any procedural safeguards, the need of enactment of a dedicated and constitutionally sound privacy law has become absolutely essential. While e-surveillance and electronic eavesdropping are important for law enforcement and national security purposes, there is no justification for deliberately keeping away from enacting suitable procedural safeguards against their abuses towards the individuals. The Indian government in general and cabinet committee on security (CCS) in particular must show seriousness about respecting the constitution of India, and must operate all these projects within the constitutional limits. For instance, we do not have a constitutionally valid phone tapping law in India and India is probably the only democratic country in the world that engages in phone tapping without a court warrant. Indian executive have misused constitutional powers of Judiciary and Parliament of India in great disregard of the Constitutional provisions. It is high time for the Parliament of India to enact strong cyber laws, effective privacy laws and adequate data protection laws. Misusing the Judicial and Parliamentary powers and making piece meal efforts would not solve the problem. In a similar fashion, the projects like CCTNS, Natgrid, central monitoring system (CMS), etc. must also be undertaken only after proper and effective constitutional safeguards are at place.
  17. 17. An Overview of Consumer Privacy Regulations for TSPs in India 16 4. Overview The telecom industry has enjoyed a spectacular success at absorbing Indians into its fold resulting into the subscriber base that stands just over 951 million (TRAI, March 2012) with Tele-density standing at proud 78%. While this extensive penetration of telecommunication has ignited an era of unprecedented access – truly a „communications revolution‟ whose full effects may still be too early to grasp – it has also led to the exposure of individuals to risks on a magnitude never before witnessed. Firstly, during the normal course of their business, telecom companies heap up vast volumes of personal data about their customers including copies of identity documents, biographical information etc., which could potentially be misused; Secondly, the fact that a vast amount of our communication now occurs with the involvement of electronic media, has rendered us more susceptible to invasive electronic surveillance - whether lawful or not; Thirdly, much of the communications is now not merely ephemeral, but is stored in digital form for unknown periods in corporate „data centres‟; Lastly, owning a mobile phone not only enables us to communicate with our business partners and loved ones, but also forces us to engage with a continual stream of „noise‟ – telemarketing calls and SMSs, prank/hoax calls, calls troubling us for the payment of bills and offensive/threatening calls. 4.1. Issues with Privacy: 4.1.1. Contracts: It all begins with the signing of the piece of paper that forms the basis for the parties to be able to form valid and legally binding contract. Basic question relates to how the contracts can be formed, performed and enforced for mutual benefit. Formation of any contract, under the Contract Act, involves three main components. There has to be an offer, there has to be an acceptance of the said offer without modification and there has to be some consideration for the contract. These components would be applicable to contracts with TSPs as well. Regarding this, how do we know whether the offered has ACCEPTED the offer? Additionally, the issue of the exact time of communication of acceptance of the contract is important; as such a time is critical for
  18. 18. An Overview of Consumer Privacy Regulations for TSPs in India 17 determination of the rights of the parties. Further, various issues arise where a person could be bounded by the terms of a contract without even reading it or without being able to negotiate the terms. There are situations where a subscriber signs the contract without even looking at the contract or its terms and conditions. Would this amount to a contract with the customer? Also, consumer related transactions often occur between parties who have no pre-existing relationship, which may raise concerns of the person‟s identity with respect to issues of the person‟s capacity, authority and legitimacy to enter the contract. The aforesaid points regarding the acceptance, timing and not reading the terms creates a loophole in an effort to protect the consumer privacy. It may be possible that the contract was signed due to some greedy offer made by the offerer or maybe he was convinced beyond reason. The huge list of terms and conditions discourages the consumer to search for the privacy clause and thus leave himself vulnerable at the hands of the company. The timing becomes essential when there is a change in the policies and terms since the new consumers will have to follow the new terms which may change the methods of handling private data. 4.1.2. Security: Security is of immense importance to ensure the good health of telecom sector since almost all the work requires computer with internet access. Companies that keep sensitive information on their servers must ensure that they have adequate security measures to safeguard their servers from any unauthorised intrusion. A company could face security threats externally as well as internally. Externally, the company could face problems from hackers, viruses and Trojan horses. Internally, the company must ensure security against its technical staff and employees. Security can be maintained by using various security tools such as encryption, firewalls, access codes/passwords, virus scans and biometrics. For example, a company can restrict access to the contents on its website or servers only through the use of a password or login code. Similarly confidential information on websites or servers can be safeguarded using firewalls that would prevent any form of external intrusion. Apart from
  19. 19. An Overview of Consumer Privacy Regulations for TSPs in India 18 adequate security measures, appropriate legal documentation is also needed. For example, a company can have an adequate security policy that would bind the all people working in and with the company. With the advancements in Internet, security breaches have become a daily scenario. TSPs need to protect their websites and servers for loss of private data since a company can also be held liable for inadequate security procedures on its servers. Notwithstanding the standard procedures can result in the loss of consumer privacy even though the company did not intend to do so and then indulge in legal proceedings and waste company‟s resources. 4.1.3. Telemarketing: Consumerism has grown tremendously all around the world. In response, telemarketing provides a huge customer base by making every individual a prospective customer for sales, it creates a flat ground of customers irrespective of their interest, location, time, profession, etc. Telemarketing is a method of direct marketing in which a salesperson engages himself to entreat a prospective customer to buy products or services, mostly over the phone or if possible through the Internet. Most telemarketing calls are "cold calls". Cold calls are those calls where the recipient of the call did not intend that the telemarketers contact them. Though the real purpose of telemarketing is just to make a sale, but in doing so it violates a great deal of individual privacy. It often happens that telemarketers have personal information when they call a customer, this information is obtained from other vendors who sell similar products. Telemarketing, over the time, has become one of the most controversial types of marketing. It would be easier otherwise, if these services value-added to individual's lives, but when the action negatively hampers the individual or his way of life than his objection cannot be denied and certain checks and countermeasures are required. And this gives rise to the very “controversial” concept of privacy. Neither the damage done by these telemarketing calls to privacy can be measured, nor can it be undone. And
  20. 20. An Overview of Consumer Privacy Regulations for TSPs in India 19 most commercial organisations have little or no interest in taking costly measures, which are often unprofitable, to protect the privacy of customers, indeed, their objective is quite the opposite, to share the data and gain monetary advantage, and not recognise it as sensitive, so that it is easier to avoid legal liability for lapses of security that may occur in the future. Such behaviour makes telemarketing an unfair trade practice. The policy decisions of TRAI pertaining to regulation of telemarketing calls have not been successful. The deterring procedure for telemarketing companies has been made too complicated and unproductive that it does not benefit consumers at all. Further, even if a fine has been imposed, the troubled consumer would not get the same. There is no incentive for taking all the pain to get the guilty telemarketer held responsible. The telemarketing guidelines are inherently faulty and are still violating privacy rights of Indians without any fear or deterrent. It's high time, that instead of blindly manipulating the policy makers, corporates should refer to global telemarketing standards and transform business ethics into action. 4.2. Indian legal scenario regarding Privacy: 4.2.1. Constitution of India: Although not specifically referenced in the Constitution, the Right to Privacy is considered a „penumbral right‟ under the Constitution i.e. a right that has been declared by the Supreme Court as integral to the Fundamental Right to Life and Liberty. In addition, although no single statute confers a cross-cutting „horizontal‟ right to privacy, various statutes contain provisions which either implicitly or explicitly preserve this right. The idea behind this development is simply that the penumbral right would be of no meaning without provisioning for certain other rights by implication. An example may serve to show the point: while freedom of the Press has nowhere been expressly provided for in the Constitution, it continues to have a very definite presence by virtue of the fact that it constitutes an integral part of Article 19(1)(a) which guarantees the Right to Freedom of Speech and Expression in India. It is in this context that the requirement of a right to privacy arises.
  21. 21. An Overview of Consumer Privacy Regulations for TSPs in India 20 Judgements:  Kharak Singh vs. State of U.P.: In the landmark judgement the Supreme Court held that Article 21 of the Constitution includes „Right to Privacy‟ as a part of the right to „Protection of Life and Personal Liberty‟.  R. Rajagopal vs. State of Tamil Nadu: The Supreme Court stated that though the right to privacy was not enumerated as a fundamental right, a citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, child bearing and education among other matters.  People’s Union for Civil Liberties (PUCL) vs. Union of India: The Supreme Court held that the telephone tapping by Government under S. 5(2) of Telegraph Act, 1885 amounts infraction of Article 21 of the Constitution of India, unless it was required in the rarest of rare circumstances such as public emergency. While it may appear that the right to privacy is protected, to some extent, as a fundamental right, it is much needed to keep in mind that barring a few exceptions, fundamental rights secured to the individuals are limitations only against State actions. Thus, such an interpretation will not protect an individual against the false actions of private parties. 4.2.2. Indian Telegraph Act, 1885 and Rules: The Indian Telegraph Act, 1885 was enacted with the main object being "to give power to the Government and to any company or person licensed under section 4 of the Indian Telegraph Act, 1876, and specially empowered in this behalf, to place telegraph lines under or over property belonging whether to private persons or to public bodies." The preamble of the ITA, 1885 states that its main objective is to amend the laws relating to telegraphs in India. The law being used by the police and intelligence agencies for tapping telephone lines is the Section 5 of Indian Telegraph Act, 1885 read with rule 419 and 419A. In1997, the Supreme Court intervened and ordered the Government of India to frame the proper rules for tapping the electronic
  22. 22. An Overview of Consumer Privacy Regulations for TSPs in India 21 communications. In the meanwhile, the technology has changed dramatically from the yesteryear of 1885 from analogue to digital, where a mobile phone is a computer which communicates through network of computers to another mobile phone computer on behalf of persons involved in communication. Thus at any point of electronic interception, the communication is between two computer in digital format and not in analog format over which Telegraph Act applies. Provisions:  Section 5 (2) empowers the government to order the interceptions of messages in cases of „public emergency‟ or „in the interest of the public safety‟. The interception requires the written order from the Central Government or a State Government or any officer specially authorised in this behalf by the Central Government or a State Government.  Section 11 empowers the telegraph authority to enter any property, at any time, in order to repair or remove the telegraph line or post.  Section 23 imposes a fine of INR 500 on anyone brought in for unauthorized access in telegraph office premises.  Section 24 makes it a criminal offence for a person to enter a telegraph office “with the intent of unlawfully learning the contents of any message”. Such a person may be punished with imprisonment for a term of up to a year.  Section 25 further imposes a criminal penalty on anyone who attempts to damage or tamper with any telegraph equipment with the intent to prevent the transmission of messages or to acquaint himself with the contents of any message or to commit mischief. Punishment in this case could extend to three years imprisonment or a fine or both.  Section 26 makes it an offence for a Telegraph Officer or other official to alter, unlawfully disclose or acquaint himself with the content of any message. This is also punishable with up to three years imprisonment or a fine or both.
  23. 23. An Overview of Consumer Privacy Regulations for TSPs in India 22  Section 30 criminalizes the fraudulent retention or wilful secreting or detention of a message which is intended for someone else. Punishment may extend to two years imprisonment or fine or both. 4.2.3. Information Technology (Amendment) Act, 2008: Following the UN Resolution of adopting UNCITRAL Model Law on e-commerce, India passed the Information Technology Act 2000 in May 2000 and it became effective on October 17, 2000.Information Technology Act 2000 addressed the following issues:  Giving Legal Recognition to Electronic Documents  Giving Legal Recognition to Digital Signatures  Defining Offences and Contraventions  Establishing Justice Dispensation Systems for Cybercrimes ITAA 2008 (Information Technology Amendment Act 2008), the newer version of Information Technology Act 2000, has provided additional focus on Information Security. It has added many new sections related to offences like Cyber Terrorism and Data Protection. A new set of Rules relating to Sensitive Personal Information and Reasonable Security Practices (contained in section 43A of the ITAA, 2008) was released in April 2011. The amendments received mixed reviews from cyber law observers, criticizing on the ground of lack of legal and procedural safeguards to prevent violation of civil liberties of Indians, and appreciating about the amendments which serve to addresses the issue of Cyber Security. Provisions:  Section 43A makes a body corporate liable to pay compensation if it is negligent in implementing and maintaining reasonable security practices and procedures with respect to the sensitive personal data or information of any person.
  24. 24. An Overview of Consumer Privacy Regulations for TSPs in India 23  Section 66C imposes a penalty on anyone who fraudulently or dishonestly makes use of any unique identification feature of any other person amounting to imprisonment extending three years and fine up to INR one lakh.  Section 72A criminalizes the wrongful disclosure of personal information of any person to any other person in breach of lawful contract. Punishment may extend to three years imprisonment or fine extending INR five lakh or both.  Section 84A vests the power in Central Government, for secure use and promotion of e-governance and e-commerce, to prescribe the modes or method for encryption. Additionally:  Section 67C empowers Central Government to order intermediaries to preserve and retain such information for such duration in such manner as prescribed.  Section 69 empowers Central Government or State Government or any officer thus assigned, for reasons to be recorded in writing, to issue directions for interception or monitoring or decryption of any information through any computer resource.  Section 69B empowers Central Government to authorize to monitor and collect traffic data or information through any computer resource for Cyber Security. 4.2.4. TRAI Guidelines and Licence Agreements: TRAI established the Telecom Unsolicited Commercial Communications Regulations, 2007 in an attempt to prevent Unsolicited Commercial Calls to telecom consumers. Hereunder a National Do Not Call Register was established, which contains information regarding consumers who do not wish to receive UCC. The regulation also specifies the procedure for initiation of complaints by consumers and for their adjudication and disposal. It also imposes fines on telemarketers who initiate UCC with individuals who have opted not to receive such communications.
  25. 25. An Overview of Consumer Privacy Regulations for TSPs in India 24  Clause 18 asks every Access Provider and the person authorized to maintain the National Do Not Call Register keep confidential all the information disclosed by the subscriber and entered in the National Do Not Call Register maintained under these regulations. On 26th February 2010, TRAI issued a direction to make sure that the compliance of the terms and conditions of the licenses regarding confidentiality of information of subscribers and privacy of communications were carried out. TRAI Directs the Service Providers to:  To ensure confidentiality of information as provided in the license conditions.  To put in place appropriate safeguards required to prevent the breach of confidentiality of information of the subscriber and privacy of communication.  To furnish to the Authority, within fifteen days of issuance of this Direction, the details of steps taken by the service provider to safeguard the confidentiality of information of subscribers and privacy of communications. The detailed guidelines regulating the behaviour of TSPs are contained in the terms of the licences issued, which permit them to conduct business, frequently, these licences contain clauses requiring TSPs to safeguard the privacy of their consumers. Few examples can be cited: Cellular Mobile Telephone Service Licence:  Clause 42.2 orders the licensee to ensure the confidentiality of information regarding the third party, unless the third party agrees to divulge it or it is in public domain.  Clause 42.3 requires the licensee to make sure the confidentiality of customer information.  Clause 43.5 ensures that in case any confidential information is divulged to the licensee for proper implementation of the
  26. 26. An Overview of Consumer Privacy Regulations for TSPs in India 25 Agreement, it shall be binding on the licensee and its employees and servants to maintain its secrecy and confidentiality.  Clause 44.4 requires the licensee to ensure protection of privacy of communication and ensure that unauthorized interception of messages does not take place. National Long Distance Licence:  Clause 5.6 (xi) provides that in order to maintain the privacy of voice and data, monitoring shall only be upon authorization by the Union Home Secretary or Home Secretaries of the States/Union Territories.  Clause 41 orders the licensee to ensure protection of privacy of communication and ensure that unauthorized interception of messages does not take place. Unified Access Service Licence:  Clause 5.G (xi) provides that in order to maintain the privacy of voice and data, monitoring shall only be upon authorization by the Union Home Secretary or Home Secretaries of the States/Union Territories.  Clause 60 orders the licensee to put in place mechanisms for protection of privacy of communication and ensure that unauthorized interception of messages does not take place.  Clause 70 ensures that in case any confidential information is divulged to the licensee for proper implementation of the Agreement, it shall be binding on the licensee and its employees and servants to maintain its secrecy and confidentiality.
  27. 27. An Overview of Consumer Privacy Regulations for TSPs in India 26 4.3. International Norms: 4.3.1. European Union: The Data Protection Directive (95/46/EC) was established to provide a regulatory framework to ensure secure and free movement of personal data across the borders of the EU member countries, in addition it provides a baseline of security to personal information wherever it is stored, transmitted or processed. The Directive came into force in October, 1998. This general Data Protection Directive has been complemented by other legal instruments, such as the e-Privacy Directive (Directive on privacy and electronic communications -- 2002/58/EC) for the communications sector. There are also well defined rules for the protection of personal data in policing and judicial cooperation in criminal matters. Directive 2002/58/EC is a constituent of the "Telecoms Package", a new legislative framework developed to regulate the electronic communications industry and amend the existing controls governing the telecommunications industry. This Directive principally focuses on the processing of consumers‟ personal data relating to the use of communications services. The Directive addresses issues such as:  Processing security: The provider of a publicly available electronic communications service must take appropriate measures to safeguard security of its services and customer data from unauthorized access and destruction. In case of a breach of security the provider must inform the subscribers concerning such risk.  Confidentiality of communications: Member States shall ensure the confidentiality of communications over publicly available electronic communications services, through national legislation. The communication interception must be prohibited without the consent of the users concerned. They have the option to withdraw their consent on the processing of traffic data.
  28. 28. An Overview of Consumer Privacy Regulations for TSPs in India 27  Data retention: Traffic data and any other data must be erased or made anonymous when it is no longer required, unless the customer has given his/her consent for another use. The Directive lays down provisions for the retention of data when it is required for the purpose of investigation, detection and prosecution of criminal offences.  Unsolicited communications: The Directive takes an "opt-in" approach to automated calling systems without human intervention for the purposes of direct marketing i.e. users must have prior consent for such communications. However, in other cases users may have to “opt-out”.  Public directories: Subscribers must give prior consent in order for their telephone numbers (landline or mobile), e-mail addresses and postal addresses to appear in public directories. 4.3.2. United States: Telecommunications in the United States is regulated by Federal Communications Commission. FCC regulates how telecommunications carriers and providers handle customers‟ personal information regarding activities like telemarketing and junk faxes. The main legislation used to regulate telecommunication carriers is the Communications Act, 1934.The Act sets rules as to how carriers may use and disclose “Customer Proprietary Network Information” which includes billing information, type of service used, and the types of calls customers usually make. FCC does provide a “total service approach”, that allows carriers to use CPNI to market to existing customers, however, customers are provided with a notice and opportunity to opt-out of marketing. Additionally, customers are provided access to their information and ensure that information must be destroyed after it has served the purpose for which it was collected. The Electronic Communications Privacy Act (“ECPA”) was passed in 1986 to expand and revise federal wiretapping and electronic eavesdropping provisions. The main objective was to strike a fair balance between the privacy expectations of citizens and the legitimate needs of law
  29. 29. An Overview of Consumer Privacy Regulations for TSPs in India 28 enforcement. ECPA includes the Wiretap Act, the Stored Communications Act, and the Pen-Register Act. Individuals who violate ECPA can face up to five years of jail time and a fine of about $250,000. Victims are also entitled to a civil suit of actual damages, in addition to punitive damages and attorney‟s fees. The United States itself cannot be charged for a violation, but evidence that is gathered by illegal means cannot be introduced in court. ECPA prohibits interception and disclosure of Electronic communication, however, an electronic device must be used to perform the surveillance; mere eavesdropping with the unaided ear is not illegal under ECPA. Also ECPA requires only single party consent; an individual can record his own conversation without violating federal law. Pen registers and trap and trace devices provide non-content information about the origin and destination of particular communications. Because this information does not contain the content of the communication, therefore, there is no reasonable exposure of privacy in this information. In the context of phone calls, Pen-Registers display the outgoing number and the incoming number. IP addresses and port numbers associated with the communication are also fair game under the Act. In May 2011, Senator Patrick Leahy, the Godfather of ECPA in 1986, introduced the “Electronic Communications Privacy Act Amendments Act of 2011”, which would serve to strengthen the protections for emails, decrease the time duration before which law enforcement agency must notify the subject that a search has occurred, and require the agency to obtain a warrant before seeking mobile phone location data. Leahy‟s bill would trigger the elimination of the distinction between emails and other forms of electronic communications, mandating the law enforcement agency to obtain a warrant before emails are produced by service providers. Title 47 U.S. Code § 222 states that every telecommunications carrier has a duty to protect the confidentiality of private information of other
  30. 30. An Overview of Consumer Privacy Regulations for TSPs in India 29 telecommunication carriers, equipment manufacturers, and customers, including telecommunication carriers reselling telecommunications services provided by a telecommunications carrier. Other federal laws cover some specific categories of personal information; these include Right to Financial Privacy Act, Fair Credit Reporting Act, Video Privacy Protection Act of 1988, Cable Privacy Protection Act of 1984, Family Educational Rights and Privacy Act, 1974, Drivers Privacy Protection Act, Telephone Consumer Protection Act, 1991, etc. Other Countries: Several countries such as UK, Spain, Switzerland, Sweden, Australia, Thailand, Singapore, among others, have enacted laws to protect data and privacy rights.
  31. 31. An Overview of Consumer Privacy Regulations for TSPs in India 30 5. Recommendations The telecom sector in India has shown exponential growth for over a decade and has potential for more. With increasing number of telecom operators the key to attract new customers is to establish a brand image, which can foster reliability and sensitivity between the company and the customers. Privacy of customer information can act as one of the many key differentiating factors to promote loyalty among the customers. To achieve a higher level of loyalty, telecom operators need to understand the key objectives and methodologies to establish an effective customer privacy program. A robust control framework implemented throughout the organization and the third parties can assist the telecom operators in maintaining adequate customer privacy. Customer privacy needs to be ensured throughout the lifecycle of customer information. This can be achieved by having a holistic framework which may include:  Identification of the right set of information that needs to be captured along with the purpose, for the same, laid out clearly.  Identification of the right level of access to the information, based on the classification of information and accessing personnel.  Privacy principles related to collection, processing, disclosure, etc. be an integral part of business processes.  Enhancing the customer privacy protection across third parties by embedding privacy norms in the service contracts.  Closely working with regulatory bodies to help better understand and implement regulatory requirements.  Modifying business processes to make them more responsive towards customer privacy requirements.  It is also suggested that they conduct periodic risk assessments of their network establishment and modify their security programmes to adapt to the ever-changing security environment.
  32. 32. An Overview of Consumer Privacy Regulations for TSPs in India 31 6. Limitations With increasing awareness of the customers regarding the delicacy of their personal information the privacy protection has become an issue among the operators, but as a matter of fact, the same has failed to gain momentum. Much has been written and advocated concerning privacy issue but much lesser is in action. The efforts are underway to secure the telecom equipment but the subject of privacy has been neglected altogether. The reasons can be attributed to the following: Government reluctance: With increasing sophistication of terrorist attacks involving use of internet and mobile phones, it is increasingly becoming difficult for the government to provide security with anonymity. Thus, in order to keep a better check on miscreants government tends to do away with privacy and refrains from forming any law. Further, the level of corruption prevalent among bureaucrats and politicians prevents government from enacting any such law that can be used to fuel the corruption or be used against normal legal proceedings. Encryption policies: Encryption is the process of ciphering the readable text. It provides a certain level of confidentiality to the data. Various telecom licences have specific clauses relating to encryption which state that bulk encryption should not be deployed by the licensee. The licensees are allowed to use up to 40 bit key length in the symmetric key algorithms or its equivalent in other algorithms without obtaining permission. However, if higher limits are to be deployed the licensee should take prior written permission from licensor and deposit the decryption keys, split into two parts, with the licensor. These lower limits in context of present high performance systems prevent organizations from providing the adequate confidentiality to the customer data. The security of decryption keys always remains an issue in such a case. Cost factors: The Indian telecommunication sector is highly competitive and the long raging price war has resulted in very low ARPUs. With increasing competition and decreasing ARPUs it becomes difficult for the company to spend on the issues such as privacy. The company focus is shifted to other factors which can help increase the ARPU, such as value added services (VAS). Also, company take advantage of lack of awareness among users on the subject matter and it does nothing to increase the awareness as well.
  33. 33. An Overview of Consumer Privacy Regulations for TSPs in India 32 7. Conclusion In a view with the growth and complications of International trade, especially with the influence of Internet and telecommunication, it is of utmost importance that a legal framework be established setting specific standards relating to the manner and purpose of assimilation of personal data offline as well as online. Consumers must be made aware of sharing information at his/her will and no data should be collected without explicit consent. India is among the last countries to rollout 3G technologies whereas many countries are already deploying 4G technologies. Owing to such developments, the government still has to go a long way to introduce effective policies, regulations, guidelines, etc. in the interest of not only the government or the telecom operators but also in the interest of the end consumers and all this has to be done without further delay. While the Government objective to protect the national security cannot be overlooked, but the government needs to be careful that the industry does not suffer because of over regulation, lack of transparency and possible loopholes. For India to take full advantage of the great opportunities and benefits that Internet presents to developing nations such as ours, effective risk management strategies coupled with adequate legal documentation will go a long way in protecting and nourishing the same.