An Overview of Consumer Privacy Regulations for TSPs in India
An Overview of Consumer
Privacy Regulations for
TSPs in India
An Overview of Consumer Privacy Regulations for TSPs in India 1
The project is an effort to inform the readers about the privacy regulations currently
enforced on telecommunication companies for protecting privacy of customer data
and ensuring higher quality of service to its customers. The report begins with the
introduction of BSNL and telecom sector in India, in general.
The modern communication system in India started with the laying down of telegraph
network during British rule. Various telegraph statutes were enacted by the
government in order to ensure telegraph network‟s exclusivity and government
control over electronic communication at the same time. It was these regulations that
laid the foundation of present day regulatory framework governing electronic
communication, let it be wired or wireless. In the last decade, we all went through the
ups and downs related to mobile technology. We are witnessing huge growth rates in
mobile communication systems, increasing mobility awareness in society and
worldwide deregulation of formerly monopolized markets. Today telecommunication
service has transformed from a luxury available to select few to a necessity of
common man‟s daily life. Due to its exponential growth in the past few years,
telecommunication field raises new set of questions which can only be answered by
adopting newer techniques and outlook.
In the face of fierce competition, it is very essential to not only exist but also excel in
the market. Given the dynamic and complex nature of market with consumers
becoming more aware of the trends, maintaining a certain level of quality of service
has become essential. Maintaining customer privacy is one of the fields that have
recently caught the eye of public as well as companies in India. Though the current
implementations regarding the matter are in nascent stage, but there is much more
to be done in the not so distant future. This project conveys an insight about the
current laws that try to uphold the consumers‟ privacy and try to bring to justice the
breaches on company‟s part. The project also highlights few foreign regulations to
learn from and in general, suggests few solutions for betterment of situation.
An Overview of Consumer Privacy Regulations for TSPs in India 2
The word “telecommunication” is a compound of the Greek prefix “tele” meaning 'far
off', and the Latin “communicare”, meaning 'to share'. In its current usage, it refers to
transmission of signals over a distance for the purpose of communication. The
telecommunications industry has impact on every aspect of our lives, from the simple
reality of enabling telephonic communication between people in different locations,
whether separated by blocks or by continents, to enabling supply-chains towork
seamlessly across continents to create products and fulfil consumer demands.
Telecommunication services, for long as of now, have been recognized as a key to
the rapid growth and modernization of the economy and an important tool for socio-
economic development for a nation.
Telecommunications in India can be traced back to the 19th
century when the British
East India Company introduced telegraph services in India. The past two decades
can be considered as the golden period for the telecommunications industry in India
exhibiting exponential growth and development in terms of technology, penetration,
as well as policy. The growth and development led to the liberalization and huge
investment by both domestic and foreign players in this sector. Data services have
become one of growth driver for the industry with increasing internet penetration and
broadband adoption. At the same time, m-Commerce is been considered a great
opportunity to expand business beyond just voice & data services.
Telecom industry has evolved significantly over the last ten years and during this
period there have been increased requirements to have robust information security
environment. Also, with the increasing demand of having stringent legal and
regulatory information security requirement, there is an enhanced focus on the
subject across telecom operators. Consumers are facing unprecedented attacks on
privacy. With data brokers gaining unauthorized access to personal information,
threats to the privacy of personal information are on the rise.
Today‟s consumers are afforded unprecedented ease of communication and access
to information, thanks to recent technological advances. However these
advancements have done more than concentrate information channels and create
An Overview of Consumer Privacy Regulations for TSPs in India 3
new options for consumers. Modern information gathering has also exposed
individuals to the threat of privacy invasion. Never before, has personal data been so
easily compiled and transmitted. The very act of aggregating records creates new
opportunities for companies and data brokers to take advantage of inadequate legal
restraints on sharing and profit off of the private information. This leaves consumer
open to the menaces of data mining, intrusive advertising, and identity theft.
Telephone companies must be held accountable for neglecting their duty to
safeguard consumers‟ sensitive information.
An Overview of Consumer Privacy Regulations for TSPs in India 4
1. Company Profile
Bharat Sanchar Nigam Ltd. was incorporated on 15th
September 2000. It took over
the business of providing of telecom services and network management from the
erstwhile Central Government Departments of Telecom Services (DTS) and Telecom
Operations (DTO), with effect from 1st October 2000 on going concern basis. It is
one of the largest & leading public sector units providing comprehensive range of
telecom services in India.
BSNL has installed Quality Telecom Network in the country & now focusing on
improving it, expanding the network, introducing new telecom services with ICT
applications in villages & winning customer's confidence. Today, it has about 43.74
million line basic telephone capacity, 8.83 million WLL capacity, 72.60 million GSM
capacity, 37,885 fixed exchanges, 68,162 GSM BTSs, 12,071 CDMA Towers, 197
Satellite Stations, 6,86,644 Km. of OFC, 50,430 Km. of microwave network
connecting 623 districts, 7330 cities/towns & 5.8 lakhs villages .
BSNL is the only service provider, making focused efforts & planned initiatives to
bridge the rural-urban digital divide in ICT sector. In fact there is no telecom operator
in the country to beat its reach with its wide network giving services in every nook &
corner of the country & operates across India except New Delhi & Mumbai. Whether
it is inaccessible areas of Siachen glacier or North-Eastern regions of the country,
BSNL serves its customers with a wide bouquet of telecom services namely
Wireline, CDMA mobile, GSM mobile, Internet, Broadband, Carrier service, MPLS-
VPN, VSAT, VoIP, IN Services, FTTH, etc.
BSNL is numerouno of India in all services in its license area. The company offers
wide ranging & most transparent tariff schemes designed to suit every customer.
BSNL has 90.09 million cellular & 5.06 million WLL customers as on 31.07.2011. 3G
Facility has been given to all 2G connections of BSNL. In basic services, BSNL is
miles ahead of its rivals, with 24.58 million wireline phone subscribers i.e. 71.93%
share of the wireline subscriber base.
BSNL has set up a world class multi-gigabit, multi-protocol convergent IP
infrastructure that provides convergent services like voice, data & video through the
An Overview of Consumer Privacy Regulations for TSPs in India 5
same Backbone & Broadband Access Network. At present there are 8.09 million
The company has vast experience in planning, installation, network integration &
maintenance of switching & transmission networks & also has a world class ISO
9000 certified Telecom Training Institute.
During the 2010-11, turnover of BSNL was around INR 29,700 crores.
Be the leading telecom service provider in India with global presence.
Create a customer focused organization with excellence in customer
care, sales and marketing.
Leverage technology to provide affordable and innovative telecom.
Services/products across customer segments.
Be the leading telecom service provider in India with global presence.
Creating a customer focused organization with excellence in customer
care, sales& marketing.
Leveraging technology to provide affordable and innovative
products/services across customer segments.
Providing a conducive work environment with strong focus on
Establishing efficient business processes enabled by IT.
To be the Leading Telecom Services provider by achieving higher rate
of growth so as to become a profitable enterprise.
To provide quality and reliable fixed telecom service to our customer
and thereby increase customers confidence.
An Overview of Consumer Privacy Regulations for TSPs in India 6
To provide customer friendly mobile telephone service of high quality
and play a leading role as GSM operator in its area of operation.
To develop strategy for rightsizing the manpower and providing greater
To leverage the existing infrastructure of BSNL for facilitating
implementation of other government programmes and initiatives
particularly in the rural areas.
An Overview of Consumer Privacy Regulations for TSPs in India 7
2. Indian Telecom Sector
Like elsewhere, telecommunication in India started as a state monopoly. In the
1980s, telephone services and postal services came under the Department of Posts
and Telegraphs. In 1985, the government separated the Department of Post and
created the Department of Telecommunications (DoT). As part of early reforms, the
government set up two new public sector undertakings: Mahanagar Telephone
Nigam Limited (MTNL) and Videsh Sanchar Nigam Limited (VSNL). MTNL looked
after telecommunications operations in two megacities, Delhi and Mumbai. VSNL
provided international telecom services in India. DoT continued to provide
telecommunications operations in all regions other than Delhi and Mumbai.
In the early 1990s the Indian telecom sector, which was owned and controlled by the
Indian government, was liberalized and private sector participation was permitted
through a gradual process. First, telecom equipment manufacturing sector was
completely deregulated. The government then allowed private players to provide
value added services (VAS) such as paging services. In 1994, the government
unveiled the National Telecom Policy 1994 (NTP 1994). NTP 1994 recognized that
existing government resources would not be sufficient to achieve telecom growth
and hence private investment should be allowed to bridge the resource gap
especially in areas such as basic services. As markets and telecom technologies
started converging and the differences between voice (both fixed and wireless) and
data networks started blurring, the need for developing the modern telecom network
became an immediate necessity. Accordingly, private sector participation was
allowed in basic services.
The government at that time realized that a major part of the growth of the country‟s
GDP would be reliant on direct and indirect contributions of the telecom sector in the
future and accordingly the need for a comprehensive and forward looking
telecommunications policy was felt. This then paved way for New telecom Policy
1999(NTP 1999) which largely focused on creating an environment for attracting
continuous private investment in the telecom sector and allowed creation of
communication infrastructure by leveraging on technological development. The main
objectives and targets of NTP 1999 were as follows:
An Overview of Consumer Privacy Regulations for TSPs in India 8
Availability of affordable and effective communications for citizens;
Strive to provide a balance between the efforts of universal service to all
uncovered areas, including the rural areas and the provision of high-level
services capable of meeting the needs of the country‟s economy;
Create a modern and efficient telecommunications infrastructure taking into
account the convergence of IT, media, telecom and consumer;
Protect the defence and security interests of the country.
NTP 1999 allowed private operators providing cellular and basic services to migrate
from a fixed license fee era to a revenue sharing era which made it financially
possible for such operators to function in the market. Most importantly, the
government recognized the necessity to separate the government's policy wing from
its operations wing so as to create a level playing field for private operators.
Accordingly the NTP 1999 directed the separation of the policy and licensing
functions of DoT from the service provision functions. The Government corporatized
the operations wing of DoT in October 2000 and named it as Bharat Sanchar Nigam
Limited (BSNL) which now operates as a public sector undertaking. In the year 2002,
the monopoly of VSNL also came to an end.
The process of liberalization in the country started in 1991 with the declaration of
New Economic Policy. Telecom equipment manufacturing was de-licensed in 1991
which and value added services were opened to private sectors in 1992. After 1991
liberalization in Government policies, various private players were allowed to enter
the telecom market. Indian telecom today benefits from some of the loosest
regulations in the world, sometimes considered the “poster boy for economic
reforms” has been the top beneficiaries of the post 1991 liberalization era. The
Indian telecom sector with over 950 million customers is the second largest in the
world. The sector showed the growth rate of over 40% in recent years, making it the
fastest growing sector in India and around the world. The rapid growth in India was
possible due to proactive and positive decisions of the government and positive
lookout and support from both public and private sectors.
According to COAI data, the telecom customer base stood at over 951 million in
March 2012. Indian telecom sector has shown an exponential growth throughout as
An Overview of Consumer Privacy Regulations for TSPs in India 9
a result of greater emphasis by the government. The Indian Telecom market is the
most competitive with over 11 operators in each circle, the largest number around
the world. The “big fish” of telecom industry are BSNL (state owned), Airtel,
Reliance, Vodafone, Idea and Tata. Only the two networks, Reliance and Tata offer
CDMA technology while all others are in the GSM band. GSM has an 88% share of
subscribers and continuously rising and now even Reliance and Tata are offering
nation-wide GSM services. Tele-density has reached to the higher levels of 78.66%
as of March 2012 and is expected to cross 84% by the end of 2012. The industry is
expected to reach a size of INR344,921crore by 2012 at a growth rate of over 26%,
and generate employment opportunities for about 10 million people during the same
period. Analytical forecast boast that the sector would create direct employment for
more than 2.5 million people directly and for near about6 million people indirectly.
The total revenue of the Indian telecom sector grew by 7% to INR283,207 crore for
2010–11 financial year, while revenues from telecom equipment segment stood at
INR117,039 crore. The figures below provide a gist of swiftly growing Indian telecom
3.1 5.4 10.5 28.2 47.6 75.4
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011
Subscribers Growth Chart
Subscriber Base (mn)
An Overview of Consumer Privacy Regulations for TSPs in India 10
Company wise % market share
An Overview of Consumer Privacy Regulations for TSPs in India 11
2.1. Indian Telecom Authorities:
2.1.1. Telecom Commission: The Telecom Commission was set up by the
Government of India on 11th
April, 1989 with administrative and financial powers of
the Government to deal with various aspects of Telecommunications in the country.
The responsibilities of Telecom Commission along with DoT include policy
formulation, licensing, wireless spectrum management, administrative monitoring of
PSUs, research and development and validation of equipment etc. The multi-faceted
strategies followed by the Telecom Commission not only transformed the very
structure of the sector but also motivated all the public/private players to contribute in
accelerating the growth of the sector.
2.1.2. Department of Telecom: The DoT acts on behalf of the Central Government.
Some of the important functions of the DoT are as follows:
Policy, Licensing and Coordination matters relating to telegraphs, telephones,
wireless, data, facsimile and telematics services and other similar forms of
International cooperation in matters connected with telecommunications
industry including matters relating to all international standardization bodies
Ministry of Communications and
DoT TRAI WPC TEC
An Overview of Consumer Privacy Regulations for TSPs in India 12
dealing with telecommunications such as ITU, RRB, ITU-R, ITU-T, ITU-D,
INTELSAT, INMARSAT, APT, etc.
Promotion of standardization, research and development in
Promote the investment from private players in telecommunications industry.
Financial assistance for continuation and promotion of research and study in
telecommunications technology and for developing adequately trained
manpower for telecom programme.
Purchase and acquisition of land relating to telecommunications work.
2.1.3. Telecom Regulatory Authority of India: The Telecom Regulatory Authority
of India (TRAI) was established with effect from 20th February 1997 by an Act of
Parliament, called the Telecom Regulatory Authority of India Act, 1997, to regulate
telecom services, including fixation/revision of tariffs for telecom services which were
earlier vested in the Central Government.
TRAI's mission is to create, develop and maintain conditions for growth of
telecommunications in the country in a manner and at a pace which will enable India
to achieve a leading position in emerging global information society. One of the main
objectives of TRAI is to create a level playing field and facilitate fair competition by
providing a fair and transparent policy environment. In order to achieve above
objective TRAI has issued, in timely manner, a large number of regulations, orders
and directives to deal with issues developing with time and provided the required
direction for the evolution of Indian telecommunication market from a Government
owned monopoly into a multi-operator, multi-service open competitive market. The
directions, orders and regulations issued cover a wide range of subjects including
tariff, interconnection and quality of service including others.
2.1.4. Wireless Planning and Coordination: The WIRELESS PLANNING &
COORDINATION (WPC) Wing of the Ministry of Communications was created in
1952 as the National Radio Regulatory Authority responsible for Frequency
Spectrum Management, including licensing and looks after the needs of all wireless
users (Government and Private) in the country. It exercises the statutory functions of
the Central Government and issues licenses to establish, maintain and operate
An Overview of Consumer Privacy Regulations for TSPs in India 13
wireless stations. WPC has been divided into major sections such as Licensing and
Regulation (LR), New Technology Group (NTG) and Standing Advisory Committee
on Radio Frequency Allocation (SACFA). SACFA makes the recommendations on
major frequency allocation issues, formulation of the frequency allocation plan,
delivering expertise on the various matters related to International Telecom Union
(ITU), to help solve problems referred to the committee by various wireless users or
industry, providing clearance of all wireless installations in the country etc.
2.1.5. Telecommunication Engineering Centre: A technical body representing the
interest of Department of Telecom, Government of India.
Specifies the common standards regarding the telecom network equipment,
services and interoperability.
Generic Requirements (GRs), Interface Requirements (IRs).
Issuing Interface Approvals (IA), Certificate of Approvals (CA), Service
Approvals (SA) and Type Approvals (TA).
Formulation of standards and fundamental technical plans.
Interact with international agencies like APT, ETSI and ITU etc. for
Develop expertise to obtain the latest technologies and results of R&D.
Provide technical support to DOT and technical advice to TRAI & TDSAT.
Coordinate with C-DOT over the issues relating to technological
developments in the telecom sector for policy planning by DOT.
An Overview of Consumer Privacy Regulations for TSPs in India 14
3. Problem Definition
There are enough concerns already in relation to the protection of personal data
information, under the influence of the right to one‟s privacy. The right to privacy
refers to the right of an individual to control the collection, use and disclosure of
personal information. Personal information can be in the form of personal interests,
activities, family details, educational details, telephone records, medical records and
financial details, to name a few. Further, the advancements in technology have
spawned entirely new set of issues concerning privacy rights and data protection.
Privacy is a complex concept even before other concepts are lumped with it. The
concept of “privacy” needs to be carefully overviewed. It defies easy definition and
many proposals to protect privacy have gone forward without a clear understanding
of what privacy really is. Importantly, privacy is a personal and utterly subjective
One of the major flaws with the current telecom policy of India is the lack of adequate
privacy laws guiding them. For instance, until recently we did not had any proper
control over telemarketing calls. Telemarketing companies targeted Indian
consumers with all sorts of calls and schemes day and night. The Department of
Telecommunication (DoT) and Telecom Regulatory Authority of India (TRAI) think
that they have done their part by establishing the National Do Not Call (NDNC)
register, but in reality this is not enough. Consumer complaints have reduced to
certain levels but the numbers are still in thousands annually and many do not
complain due to the fear of wastage of time and money or the lack of knowledge to
do so. Clearly, the telemarketing lobby is toying with the telecom policies ingeniously
enough to keep them out of the hands of law and amount of fines.
Further, there is no effective mechanism through which telecom disputes of
consumers can be effectively handled in India. The establishment of TDSAT has not
been a success due to the lack of widespread publicity among the masses. Also the
consumer protection law of India needs to be fine-tuned, keeping in mind the
telecom disputes. Another concern with India is the absence of effective privacy law
and data protection laws. Essential and private details of telecom consumers were
openly available for sale in the markets in recent past. Telemarketing companies
An Overview of Consumer Privacy Regulations for TSPs in India 15
purchased this information and used the same without any fear of punishment as
there were no deterrent rules or regulations in this regard. People recently involved
themselves in the unconstitutional “Aadhar” project of India all around the country.
Under the project, biometric details of every Indian resident would be collected
regardless of the fact that there is no legal framework supporting such collection. On
combining it with the growing e-surveillance in India, lack of data protection and
privacy laws and unregulated telecom sector, it is not difficult to realize that others
know more about you than yourself.
With controversial activities like illegal phone tapping, imposition of Aadhar project,
launch of projects like National Intelligence Grid (Natgrid) and Crime and Criminal
Tracking Network and Systems (CCTNS), without any procedural safeguards, the
need of enactment of a dedicated and constitutionally sound privacy law has become
absolutely essential. While e-surveillance and electronic eavesdropping are
important for law enforcement and national security purposes, there is no justification
for deliberately keeping away from enacting suitable procedural safeguards against
their abuses towards the individuals. The Indian government in general and cabinet
committee on security (CCS) in particular must show seriousness about respecting
the constitution of India, and must operate all these projects within the constitutional
limits. For instance, we do not have a constitutionally valid phone tapping law in India
and India is probably the only democratic country in the world that engages in phone
tapping without a court warrant. Indian executive have misused constitutional powers
of Judiciary and Parliament of India in great disregard of the Constitutional
It is high time for the Parliament of India to enact strong cyber laws, effective privacy
laws and adequate data protection laws. Misusing the Judicial and Parliamentary
powers and making piece meal efforts would not solve the problem. In a similar
fashion, the projects like CCTNS, Natgrid, central monitoring system (CMS), etc.
must also be undertaken only after proper and effective constitutional safeguards are
An Overview of Consumer Privacy Regulations for TSPs in India 16
The telecom industry has enjoyed a spectacular success at absorbing Indians into its
fold resulting into the subscriber base that stands just over 951 million (TRAI, March
2012) with Tele-density standing at proud 78%. While this extensive penetration of
telecommunication has ignited an era of unprecedented access – truly a
„communications revolution‟ whose full effects may still be too early to grasp – it has
also led to the exposure of individuals to risks on a magnitude never before
witnessed. Firstly, during the normal course of their business, telecom companies
heap up vast volumes of personal data about their customers including copies of
identity documents, biographical information etc., which could potentially be
misused; Secondly, the fact that a vast amount of our communication now occurs
with the involvement of electronic media, has rendered us more susceptible to
invasive electronic surveillance - whether lawful or not; Thirdly, much of the
communications is now not merely ephemeral, but is stored in digital form for
unknown periods in corporate „data centres‟; Lastly, owning a mobile phone not only
enables us to communicate with our business partners and loved ones, but also
forces us to engage with a continual stream of „noise‟ – telemarketing calls and
SMSs, prank/hoax calls, calls troubling us for the payment of bills and
4.1. Issues with Privacy:
4.1.1. Contracts: It all begins with the signing of the piece of paper that forms
the basis for the parties to be able to form valid and legally binding
contract. Basic question relates to how the contracts can be formed,
performed and enforced for mutual benefit. Formation of any contract,
under the Contract Act, involves three main components. There has to be
an offer, there has to be an acceptance of the said offer without
modification and there has to be some consideration for the contract.
These components would be applicable to contracts with TSPs as well.
Regarding this, how do we know whether the offered has ACCEPTED the
offer? Additionally, the issue of the exact time of communication of
acceptance of the contract is important; as such a time is critical for
An Overview of Consumer Privacy Regulations for TSPs in India 17
determination of the rights of the parties. Further, various issues arise
where a person could be bounded by the terms of a contract without even
reading it or without being able to negotiate the terms. There are situations
where a subscriber signs the contract without even looking at the contract
or its terms and conditions. Would this amount to a contract with the
customer? Also, consumer related transactions often occur between
parties who have no pre-existing relationship, which may raise concerns of
the person‟s identity with respect to issues of the person‟s capacity,
authority and legitimacy to enter the contract.
The aforesaid points regarding the acceptance, timing and not reading the
terms creates a loophole in an effort to protect the consumer privacy. It
may be possible that the contract was signed due to some greedy offer
made by the offerer or maybe he was convinced beyond reason. The huge
list of terms and conditions discourages the consumer to search for the
privacy clause and thus leave himself vulnerable at the hands of the
company. The timing becomes essential when there is a change in the
policies and terms since the new consumers will have to follow the new
terms which may change the methods of handling private data.
4.1.2. Security: Security is of immense importance to ensure the good health of
telecom sector since almost all the work requires computer with internet
access. Companies that keep sensitive information on their servers must
ensure that they have adequate security measures to safeguard their
servers from any unauthorised intrusion. A company could face security
threats externally as well as internally. Externally, the company could face
problems from hackers, viruses and Trojan horses. Internally, the
company must ensure security against its technical staff and employees.
Security can be maintained by using various security tools such as
encryption, firewalls, access codes/passwords, virus scans and biometrics.
For example, a company can restrict access to the contents on its website
or servers only through the use of a password or login code. Similarly
confidential information on websites or servers can be safeguarded using
firewalls that would prevent any form of external intrusion. Apart from
An Overview of Consumer Privacy Regulations for TSPs in India 18
adequate security measures, appropriate legal documentation is also
needed. For example, a company can have an adequate security policy
that would bind the all people working in and with the company.
With the advancements in Internet, security breaches have become a daily
scenario. TSPs need to protect their websites and servers for loss of
private data since a company can also be held liable for inadequate
security procedures on its servers. Notwithstanding the standard
procedures can result in the loss of consumer privacy even though the
company did not intend to do so and then indulge in legal proceedings and
waste company‟s resources.
4.1.3. Telemarketing: Consumerism has grown tremendously all around the
world. In response, telemarketing provides a huge customer base by
making every individual a prospective customer for sales, it creates a flat
ground of customers irrespective of their interest, location, time,
profession, etc. Telemarketing is a method of direct marketing in which a
salesperson engages himself to entreat a prospective customer to buy
products or services, mostly over the phone or if possible through the
Internet. Most telemarketing calls are "cold calls". Cold calls are those
calls where the recipient of the call did not intend that the telemarketers
contact them. Though the real purpose of telemarketing is just to make a
sale, but in doing so it violates a great deal of individual privacy. It often
happens that telemarketers have personal information when they call a
customer, this information is obtained from other vendors who sell similar
products. Telemarketing, over the time, has become one of the most
controversial types of marketing.
It would be easier otherwise, if these services value-added to individual's
lives, but when the action negatively hampers the individual or his way of
life than his objection cannot be denied and certain checks and
countermeasures are required. And this gives rise to the very
“controversial” concept of privacy. Neither the damage done by these
telemarketing calls to privacy can be measured, nor can it be undone. And
An Overview of Consumer Privacy Regulations for TSPs in India 19
most commercial organisations have little or no interest in taking costly
measures, which are often unprofitable, to protect the privacy of
customers, indeed, their objective is quite the opposite, to share the data
and gain monetary advantage, and not recognise it as sensitive, so that it
is easier to avoid legal liability for lapses of security that may occur in the
future. Such behaviour makes telemarketing an unfair trade practice.
The policy decisions of TRAI pertaining to regulation of telemarketing calls
have not been successful. The deterring procedure for telemarketing
companies has been made too complicated and unproductive that it does
not benefit consumers at all. Further, even if a fine has been imposed, the
troubled consumer would not get the same. There is no incentive for taking
all the pain to get the guilty telemarketer held responsible. The
telemarketing guidelines are inherently faulty and are still violating privacy
rights of Indians without any fear or deterrent. It's high time, that instead of
blindly manipulating the policy makers, corporates should refer to global
telemarketing standards and transform business ethics into action.
4.2. Indian legal scenario regarding Privacy:
4.2.1. Constitution of India: Although not specifically referenced in the
Constitution, the Right to Privacy is considered a „penumbral right‟ under
the Constitution i.e. a right that has been declared by the Supreme Court
as integral to the Fundamental Right to Life and Liberty. In addition,
although no single statute confers a cross-cutting „horizontal‟ right to
privacy, various statutes contain provisions which either implicitly or
explicitly preserve this right. The idea behind this development is simply
that the penumbral right would be of no meaning without provisioning for
certain other rights by implication. An example may serve to show the
point: while freedom of the Press has nowhere been expressly provided
for in the Constitution, it continues to have a very definite presence by
virtue of the fact that it constitutes an integral part of Article 19(1)(a) which
guarantees the Right to Freedom of Speech and Expression in India. It is
in this context that the requirement of a right to privacy arises.
An Overview of Consumer Privacy Regulations for TSPs in India 20
Kharak Singh vs. State of U.P.: In the landmark judgement the
Supreme Court held that Article 21 of the Constitution includes
„Right to Privacy‟ as a part of the right to „Protection of Life and
R. Rajagopal vs. State of Tamil Nadu: The Supreme Court stated
that though the right to privacy was not enumerated as a
fundamental right, a citizen has a right to safeguard the privacy of
his own, his family, marriage, procreation, motherhood, child
bearing and education among other matters.
People’s Union for Civil Liberties (PUCL) vs. Union of India: The
Supreme Court held that the telephone tapping by Government
under S. 5(2) of Telegraph Act, 1885 amounts infraction of Article
21 of the Constitution of India, unless it was required in the rarest of
rare circumstances such as public emergency.
While it may appear that the right to privacy is protected, to some extent,
as a fundamental right, it is much needed to keep in mind that barring a
few exceptions, fundamental rights secured to the individuals are
limitations only against State actions. Thus, such an interpretation will not
protect an individual against the false actions of private parties.
4.2.2. Indian Telegraph Act, 1885 and Rules: The Indian Telegraph Act, 1885
was enacted with the main object being "to give power to the Government
and to any company or person licensed under section 4 of the Indian
Telegraph Act, 1876, and specially empowered in this behalf, to place
telegraph lines under or over property belonging whether to private
persons or to public bodies." The preamble of the ITA, 1885 states that its
main objective is to amend the laws relating to telegraphs in India. The law
being used by the police and intelligence agencies for tapping telephone
lines is the Section 5 of Indian Telegraph Act, 1885 read with rule 419 and
419A. In1997, the Supreme Court intervened and ordered the Government
of India to frame the proper rules for tapping the electronic
An Overview of Consumer Privacy Regulations for TSPs in India 21
communications. In the meanwhile, the technology has changed
dramatically from the yesteryear of 1885 from analogue to digital, where a
mobile phone is a computer which communicates through network of
computers to another mobile phone computer on behalf of persons
involved in communication. Thus at any point of electronic interception, the
communication is between two computer in digital format and not in analog
format over which Telegraph Act applies.
Section 5 (2) empowers the government to order the interceptions
of messages in cases of „public emergency‟ or „in the interest of the
public safety‟. The interception requires the written order from the
Central Government or a State Government or any officer specially
authorised in this behalf by the Central Government or a State
Section 11 empowers the telegraph authority to enter any property,
at any time, in order to repair or remove the telegraph line or post.
Section 23 imposes a fine of INR 500 on anyone brought in for
unauthorized access in telegraph office premises.
Section 24 makes it a criminal offence for a person to enter a
telegraph office “with the intent of unlawfully learning the contents of
any message”. Such a person may be punished with imprisonment
for a term of up to a year.
Section 25 further imposes a criminal penalty on anyone who
attempts to damage or tamper with any telegraph equipment with
the intent to prevent the transmission of messages or to acquaint
himself with the contents of any message or to commit mischief.
Punishment in this case could extend to three years imprisonment
or a fine or both.
Section 26 makes it an offence for a Telegraph Officer or other
official to alter, unlawfully disclose or acquaint himself with the
content of any message. This is also punishable with up to three
years imprisonment or a fine or both.
An Overview of Consumer Privacy Regulations for TSPs in India 22
Section 30 criminalizes the fraudulent retention or wilful secreting or
detention of a message which is intended for someone else.
Punishment may extend to two years imprisonment or fine or both.
4.2.3. Information Technology (Amendment) Act, 2008: Following the UN
Resolution of adopting UNCITRAL Model Law on e-commerce, India
passed the Information Technology Act 2000 in May 2000 and it became
effective on October 17, 2000.Information Technology Act 2000 addressed
the following issues:
Giving Legal Recognition to Electronic Documents
Giving Legal Recognition to Digital Signatures
Defining Offences and Contraventions
Establishing Justice Dispensation Systems for Cybercrimes
ITAA 2008 (Information Technology Amendment Act 2008), the newer
version of Information Technology Act 2000, has provided additional focus
on Information Security. It has added many new sections related to
offences like Cyber Terrorism and Data Protection. A new set of Rules
relating to Sensitive Personal Information and Reasonable Security
Practices (contained in section 43A of the ITAA, 2008) was released in
April 2011. The amendments received mixed reviews from cyber law
observers, criticizing on the ground of lack of legal and procedural
safeguards to prevent violation of civil liberties of Indians, and appreciating
about the amendments which serve to addresses the issue of Cyber
Section 43A makes a body corporate liable to pay compensation if it
is negligent in implementing and maintaining reasonable security
practices and procedures with respect to the sensitive personal
data or information of any person.
An Overview of Consumer Privacy Regulations for TSPs in India 23
Section 66C imposes a penalty on anyone who fraudulently or
dishonestly makes use of any unique identification feature of any
other person amounting to imprisonment extending three years and
fine up to INR one lakh.
Section 72A criminalizes the wrongful disclosure of personal
information of any person to any other person in breach of lawful
contract. Punishment may extend to three years imprisonment or
fine extending INR five lakh or both.
Section 84A vests the power in Central Government, for secure use
and promotion of e-governance and e-commerce, to prescribe the
modes or method for encryption.
Section 67C empowers Central Government to order intermediaries
to preserve and retain such information for such duration in such
manner as prescribed.
Section 69 empowers Central Government or State Government or
any officer thus assigned, for reasons to be recorded in writing, to
issue directions for interception or monitoring or decryption of any
information through any computer resource.
Section 69B empowers Central Government to authorize to monitor
and collect traffic data or information through any computer
resource for Cyber Security.
4.2.4. TRAI Guidelines and Licence Agreements: TRAI established the
Telecom Unsolicited Commercial Communications Regulations, 2007 in
an attempt to prevent Unsolicited Commercial Calls to telecom consumers.
Hereunder a National Do Not Call Register was established, which
contains information regarding consumers who do not wish to receive
UCC. The regulation also specifies the procedure for initiation of
complaints by consumers and for their adjudication and disposal. It also
imposes fines on telemarketers who initiate UCC with individuals who
have opted not to receive such communications.
An Overview of Consumer Privacy Regulations for TSPs in India 24
Clause 18 asks every Access Provider and the person authorized to
maintain the National Do Not Call Register keep confidential all the
information disclosed by the subscriber and entered in the National
Do Not Call Register maintained under these regulations.
February 2010, TRAI issued a direction to make sure that the
compliance of the terms and conditions of the licenses regarding
confidentiality of information of subscribers and privacy of communications
were carried out. TRAI Directs the Service Providers to:
To ensure confidentiality of information as provided in the license
To put in place appropriate safeguards required to prevent the
breach of confidentiality of information of the subscriber and privacy
To furnish to the Authority, within fifteen days of issuance of this
Direction, the details of steps taken by the service provider to
safeguard the confidentiality of information of subscribers and
privacy of communications.
The detailed guidelines regulating the behaviour of TSPs are contained in
the terms of the licences issued, which permit them to conduct business,
frequently, these licences contain clauses requiring TSPs to safeguard the
privacy of their consumers. Few examples can be cited:
Cellular Mobile Telephone Service Licence:
Clause 42.2 orders the licensee to ensure the confidentiality of
information regarding the third party, unless the third party agrees
to divulge it or it is in public domain.
Clause 42.3 requires the licensee to make sure the confidentiality of
Clause 43.5 ensures that in case any confidential information is
divulged to the licensee for proper implementation of the
An Overview of Consumer Privacy Regulations for TSPs in India 25
Agreement, it shall be binding on the licensee and its employees
and servants to maintain its secrecy and confidentiality.
Clause 44.4 requires the licensee to ensure protection of privacy of
communication and ensure that unauthorized interception of
messages does not take place.
National Long Distance Licence:
Clause 5.6 (xi) provides that in order to maintain the privacy of
voice and data, monitoring shall only be upon authorization by the
Union Home Secretary or Home Secretaries of the States/Union
Clause 41 orders the licensee to ensure protection of privacy of
communication and ensure that unauthorized interception of
messages does not take place.
Unified Access Service Licence:
Clause 5.G (xi) provides that in order to maintain the privacy of
voice and data, monitoring shall only be upon authorization by the
Union Home Secretary or Home Secretaries of the States/Union
Clause 60 orders the licensee to put in place mechanisms for
protection of privacy of communication and ensure that
unauthorized interception of messages does not take place.
Clause 70 ensures that in case any confidential information is
divulged to the licensee for proper implementation of the
Agreement, it shall be binding on the licensee and its employees
and servants to maintain its secrecy and confidentiality.
An Overview of Consumer Privacy Regulations for TSPs in India 26
4.3. International Norms:
4.3.1. European Union: The Data Protection Directive (95/46/EC) was
established to provide a regulatory framework to ensure secure and free
movement of personal data across the borders of the EU member
countries, in addition it provides a baseline of security to personal
information wherever it is stored, transmitted or processed. The Directive
came into force in October, 1998. This general Data Protection Directive
has been complemented by other legal instruments, such as the e-Privacy
Directive (Directive on privacy and electronic communications --
2002/58/EC) for the communications sector. There are also well defined
rules for the protection of personal data in policing and judicial cooperation
in criminal matters.
Directive 2002/58/EC is a constituent of the "Telecoms Package", a new
legislative framework developed to regulate the electronic communications
industry and amend the existing controls governing the
telecommunications industry. This Directive principally focuses on the
processing of consumers‟ personal data relating to the use of
The Directive addresses issues such as:
Processing security: The provider of a publicly available electronic
communications service must take appropriate measures to
safeguard security of its services and customer data from
unauthorized access and destruction. In case of a breach of
security the provider must inform the subscribers concerning such
Confidentiality of communications: Member States shall ensure the
confidentiality of communications over publicly available electronic
communications services, through national legislation. The
communication interception must be prohibited without the consent
of the users concerned. They have the option to withdraw their
consent on the processing of traffic data.
An Overview of Consumer Privacy Regulations for TSPs in India 27
Data retention: Traffic data and any other data must be erased or
made anonymous when it is no longer required, unless the
customer has given his/her consent for another use. The Directive
lays down provisions for the retention of data when it is required for
the purpose of investigation, detection and prosecution of criminal
Unsolicited communications: The Directive takes an "opt-in"
approach to automated calling systems without human intervention
for the purposes of direct marketing i.e. users must have prior
consent for such communications. However, in other cases users
may have to “opt-out”.
Public directories: Subscribers must give prior consent in order for
their telephone numbers (landline or mobile), e-mail addresses and
postal addresses to appear in public directories.
4.3.2. United States: Telecommunications in the United States is regulated by
Federal Communications Commission. FCC regulates how
telecommunications carriers and providers handle customers‟ personal
information regarding activities like telemarketing and junk faxes. The main
legislation used to regulate telecommunication carriers is the
Communications Act, 1934.The Act sets rules as to how carriers may use
and disclose “Customer Proprietary Network Information” which includes
billing information, type of service used, and the types of calls customers
usually make. FCC does provide a “total service approach”, that allows
carriers to use CPNI to market to existing customers, however, customers
are provided with a notice and opportunity to opt-out of marketing.
Additionally, customers are provided access to their information and
ensure that information must be destroyed after it has served the purpose
for which it was collected.
The Electronic Communications Privacy Act (“ECPA”) was passed in 1986
to expand and revise federal wiretapping and electronic eavesdropping
provisions. The main objective was to strike a fair balance between the
privacy expectations of citizens and the legitimate needs of law
An Overview of Consumer Privacy Regulations for TSPs in India 28
enforcement. ECPA includes the Wiretap Act, the Stored Communications
Act, and the Pen-Register Act. Individuals who violate ECPA can face up
to five years of jail time and a fine of about $250,000. Victims are also
entitled to a civil suit of actual damages, in addition to punitive damages
and attorney‟s fees. The United States itself cannot be charged for a
violation, but evidence that is gathered by illegal means cannot be
introduced in court.
ECPA prohibits interception and disclosure of Electronic communication,
however, an electronic device must be used to perform the surveillance;
mere eavesdropping with the unaided ear is not illegal under ECPA. Also
ECPA requires only single party consent; an individual can record his own
conversation without violating federal law. Pen registers and trap and trace
devices provide non-content information about the origin and destination of
particular communications. Because this information does not contain the
content of the communication, therefore, there is no reasonable exposure
of privacy in this information. In the context of phone calls, Pen-Registers
display the outgoing number and the incoming number. IP addresses and
port numbers associated with the communication are also fair game under
In May 2011, Senator Patrick Leahy, the Godfather of ECPA in 1986,
introduced the “Electronic Communications Privacy Act Amendments Act
of 2011”, which would serve to strengthen the protections for emails,
decrease the time duration before which law enforcement agency must
notify the subject that a search has occurred, and require the agency to
obtain a warrant before seeking mobile phone location data. Leahy‟s bill
would trigger the elimination of the distinction between emails and other
forms of electronic communications, mandating the law enforcement
agency to obtain a warrant before emails are produced by service
Title 47 U.S. Code § 222 states that every telecommunications carrier has
a duty to protect the confidentiality of private information of other
An Overview of Consumer Privacy Regulations for TSPs in India 29
telecommunication carriers, equipment manufacturers, and customers,
including telecommunication carriers reselling telecommunications
services provided by a telecommunications carrier. Other federal laws
cover some specific categories of personal information; these include
Right to Financial Privacy Act, Fair Credit Reporting Act, Video Privacy
Protection Act of 1988, Cable Privacy Protection Act of 1984, Family
Educational Rights and Privacy Act, 1974, Drivers Privacy Protection Act,
Telephone Consumer Protection Act, 1991, etc.
Other Countries: Several countries such as UK, Spain, Switzerland, Sweden,
Australia, Thailand, Singapore, among others, have enacted laws to protect data and
An Overview of Consumer Privacy Regulations for TSPs in India 30
The telecom sector in India has shown exponential growth for over a decade and
has potential for more. With increasing number of telecom operators the key to
attract new customers is to establish a brand image, which can foster reliability and
sensitivity between the company and the customers. Privacy of customer information
can act as one of the many key differentiating factors to promote loyalty among the
customers. To achieve a higher level of loyalty, telecom operators need to
understand the key objectives and methodologies to establish an effective customer
privacy program. A robust control framework implemented throughout the
organization and the third parties can assist the telecom operators in maintaining
adequate customer privacy.
Customer privacy needs to be ensured throughout the lifecycle of customer
information. This can be achieved by having a holistic framework which may include:
Identification of the right set of information that needs to be captured along
with the purpose, for the same, laid out clearly.
Identification of the right level of access to the information, based on the
classification of information and accessing personnel.
Privacy principles related to collection, processing, disclosure, etc. be an
integral part of business processes.
Enhancing the customer privacy protection across third parties by embedding
privacy norms in the service contracts.
Closely working with regulatory bodies to help better understand and
implement regulatory requirements.
Modifying business processes to make them more responsive towards
customer privacy requirements.
It is also suggested that they conduct periodic risk assessments of their
network establishment and modify their security programmes to adapt to the
ever-changing security environment.
An Overview of Consumer Privacy Regulations for TSPs in India 31
With increasing awareness of the customers regarding the delicacy of their personal
information the privacy protection has become an issue among the operators, but as
a matter of fact, the same has failed to gain momentum. Much has been written and
advocated concerning privacy issue but much lesser is in action. The efforts are
underway to secure the telecom equipment but the subject of privacy has been
neglected altogether. The reasons can be attributed to the following:
Government reluctance: With increasing sophistication of terrorist attacks involving
use of internet and mobile phones, it is increasingly becoming difficult for the
government to provide security with anonymity. Thus, in order to keep a better check
on miscreants government tends to do away with privacy and refrains from forming
any law. Further, the level of corruption prevalent among bureaucrats and politicians
prevents government from enacting any such law that can be used to fuel the
corruption or be used against normal legal proceedings.
Encryption policies: Encryption is the process of ciphering the readable text. It
provides a certain level of confidentiality to the data. Various telecom licences have
specific clauses relating to encryption which state that bulk encryption should not be
deployed by the licensee. The licensees are allowed to use up to 40 bit key length in
the symmetric key algorithms or its equivalent in other algorithms without obtaining
permission. However, if higher limits are to be deployed the licensee should take
prior written permission from licensor and deposit the decryption keys, split into two
parts, with the licensor. These lower limits in context of present high performance
systems prevent organizations from providing the adequate confidentiality to the
customer data. The security of decryption keys always remains an issue in such a
Cost factors: The Indian telecommunication sector is highly competitive and the long raging
price war has resulted in very low ARPUs. With increasing competition and decreasing
ARPUs it becomes difficult for the company to spend on the issues such as privacy. The
company focus is shifted to other factors which can help increase the ARPU, such as value
added services (VAS). Also, company take advantage of lack of awareness among users on
the subject matter and it does nothing to increase the awareness as well.
An Overview of Consumer Privacy Regulations for TSPs in India 32
In a view with the growth and complications of International trade, especially with the
influence of Internet and telecommunication, it is of utmost importance that a legal
framework be established setting specific standards relating to the manner and
purpose of assimilation of personal data offline as well as online. Consumers must
be made aware of sharing information at his/her will and no data should be collected
without explicit consent.
India is among the last countries to rollout 3G technologies whereas many countries
are already deploying 4G technologies. Owing to such developments, the
government still has to go a long way to introduce effective policies, regulations,
guidelines, etc. in the interest of not only the government or the telecom operators
but also in the interest of the end consumers and all this has to be done without
further delay. While the Government objective to protect the national security cannot
be overlooked, but the government needs to be careful that the industry does not
suffer because of over regulation, lack of transparency and possible loopholes.
For India to take full advantage of the great opportunities and benefits that Internet
presents to developing nations such as ours, effective risk management strategies
coupled with adequate legal documentation will go a long way in protecting and
nourishing the same.