What data protection should look like in India

Mozilla recently filed comments with the Telecom Regulatory Authority of India (TRAI) in response to their consultation paper “Privacy, Security, and Ownership of Data in the Telecom Sector.” In our filing, we argued that adopting a strong data protection framework should be a national policy priority for India, and outlined what we think such a law should look like.

This consultation comes at an auspicious time. In response to several lawsuits and a national debate over the Aadhaar, India’s national biometric identity database, the Supreme Court of India ruled unequivocally that privacy is a fundamental right guaranteed by the Indian Constitution. It is now incumbent upon the government to enact a law protecting this right, even as litigation around the Aadhaar continues. The TRAI consultation is one of several parallel processes to help shape the country’s first comprehensive data protection law; others include the Ministry of Electronics and Information Technology Committee of Experts (the Srikrishna Committee), efforts by the Indian Parliament, as well as the Prime Minister’s Office.

At a time when the Government of India is making authentication through Aadhaar mandatory for an increasingly large number of services, and Aadhaar is being integrated by private companies for everything from signing for FedEx deliveries to being printed on Jet Airways boarding passes, the need for meaningful user privacy protections has never been greater.

The thorough and thoughtful TRAI consultation paper asked several important questions, including: what should be the definition of personal data? How can users be empowered with choice and control? When should consent from users be obtained? What should be the responsibilities of data controllers? What should enforcement look like? What measures should be considered in order to strengthen and preserve the safety and security of telecommunications infrastructure and the digital ecosystem as a whole? And many more.

While you can read our answers in full in our comment, Mozilla’s work in this area is guided first and foremost by the Mozilla Manifesto, which states: “Individual security and privacy is fundamental and must not be treated as optional online” (Principle 4). Our commitment to this principle can be seen both in the open source code of our products as well as in our policies such as Mozilla’s Data Privacy Principles:

No surprises

Use and share information in a way that is transparent and benefits the user.

User Control

Develop products and advocate for best practices that put users in control of their data and online experiences.

Limited data

Collect what we need, de-identify where we can and delete when no longer necessary.

Sensible settings

Design for a thoughtful balance of safety and user experience.

Defense in depth

Maintain multi-layered security controls and practices, many of which are publicly verifiable.

Given this strong commitment to user security and privacy, we look forward to working with TRAI and other Indian stakeholders as work to develop India’s first comprehensive data protection law progresses.

One comment on “What data protection should look like in India”

Maaz Kalim wrote on November 19, 2017 at 7:22 pm:

Where do you keep your fact-check in international matters, guys?? Yes, the SCOI did rule-out initially the “Privacy is a Fundamental Right” guaranteed under the Constitution but then budged from its stance saying “it ain’t absolute” [vide interim-rulings in cases against enforcement of UID India].

Open Policy & Advocacy

What data protection should look like in India

One comment on “What data protection should look like in India”

Maaz Kalim wrote on November 19, 2017 at 7:22 pm:

Mozilla Weighs in on State Comprehensive Privacy Proposals

Mozilla’s Comments to FCC: Net Neutrality Essential for Competition, Innovation, Privacy

Global Privacy Control Empowers Individuals to Limit Privacy-Invasive Tracking

Mozilla applauds CFPB for taking on the Data Broker Ecosystem

Mozilla Supports Updates to the Health Breach Notification Rule

Mozilla Mornings: Choice or Illusion? Tackling Harmful Design Practices

Mozilla Asks US Supreme Court to Support Responsible Content Moderation

The Revival We Need: The FCC Takes On Net Neutrality

Mozilla Meetups – Code to Conduct in AI: Open Source, Privacy, and More

Mozilla Meetups with CDT: Talking Tech Transparency

Continuing to Protect our Users in Kazakhstan

Continuing to Protect our Users in Kazakhstan

It’s time for the G20’s first digital agenda

Mozilla provides feedback to ACM’s DSA Guidelines

Global Network Fee Proposals are Troubling. Here are Three Paths Forward.

Mozilla Mornings on addressing online harms through advertising transparency

The EU’s Current Approach to QWACs (Qualified Website Authentication Certificates) will Undermine Security on the Open Web

Mozilla files comments with the European Commission on safeguarding democracy in the digital age

Mozilla applauds CFPB for taking on the Data Broker Ecosystem

Mozilla Weighs in on Accountability Legislation: Public policies like PATA can help to keep the Internet in the public’s best interest.

Open Fibre Data Standard: Understanding the True Extent of the Internet

Mozilla Meetups: The Building Blocks of a Trusted Internet

The FTC and DOJ merger guidelines review is an opportunity to reset competition enforcement in digital markets

Mozilla submits comments to the California Privacy Protection Agency

European Parliament’s version of the CRA threatens cybersecurity and open source development

Mozilla weighs in on the EU Cyber Resilience Act

Enhancing trust and security on the internet – browsers are the first line of defence

Working in the open: Enhancing privacy and security in the DNS

The Van Buren decision is a strong step forward for public interest research online