{"id":1321,"date":"2017-11-14T15:11:14","date_gmt":"2017-11-14T23:11:14","guid":{"rendered":"https:\/\/blog.mozilla.org\/netpolicy\/?p=1321"},"modified":"2017-11-14T15:11:14","modified_gmt":"2017-11-14T23:11:14","slug":"trai-data-protection-comment","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/","title":{"rendered":"What data protection should look like in India"},"content":{"rendered":"<p>Mozilla recently filed <a href=\"https:\/\/blog.mozilla.org\/netpolicy\/files\/2017\/11\/Mozilla-TRAI-Data-Protection-Filing.pdf\">comments<\/a> with the Telecom Regulatory Authority of India (TRAI) in response to their <a href=\"http:\/\/trai.gov.in\/consultation-paper-privacy-security-and-ownership-data-telecom-sector\">consultation paper<\/a> \u201cPrivacy, Security, and Ownership of Data in the Telecom Sector.\u201d In our filing, we argued that adopting a strong data protection framework should be a national policy priority for India, and outlined what we think such a law should look like.<\/p>\n<p>This consultation comes at an auspicious time. In response to several lawsuits and a national debate over the <a href=\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/05\/26\/aadhaar-isnt-progress\/\">Aadhaar<\/a>, India\u2019s national biometric identity database, the Supreme Court of India <a href=\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/08\/24\/mozilla-applauds-india-supreme-courts-decision-upholding-privacy-fundamental-right\/\">ruled<\/a> unequivocally that privacy is a fundamental right guaranteed by the Indian Constitution. It is now incumbent upon the government to enact a law protecting this right, even as litigation around the Aadhaar continues. The TRAI consultation is one of several parallel processes to help shape the country\u2019s first comprehensive data protection law; others include the Ministry of Electronics and Information Technology Committee of Experts (the Srikrishna Committee), efforts by the Indian Parliament, as well as the Prime Minister\u2019s Office.<\/p>\n<p>At a time when the Government of India is making authentication through <a href=\"http:\/\/www.hindustantimes.com\/interactives\/aadhaar-mandatory-schemes-timeline\/\">Aadhaar mandatory for an increasingly large number of services<\/a>, and Aadhaar is being integrated by private companies for everything from <a href=\"http:\/\/images.fedex.com\/downloads\/downloadcenter\/in\/know-your-customer.pdf\">signing for FedEx deliveries<\/a> to being <a href=\"https:\/\/www.medianama.com\/2017\/09\/223-jet-airways-printing-aadhaar\/\">printed on Jet Airways boarding passes<\/a>, the need for meaningful user privacy protections has never been greater.<\/p>\n<p>The thorough and thoughtful TRAI consultation paper asked several important questions, including: what should be the definition of personal data? How can users be empowered with choice and control? When should consent from users be obtained? What should be the responsibilities of data controllers? What should enforcement look like? What measures should be considered in order to strengthen and preserve the safety and security of telecommunications infrastructure and the digital ecosystem as a whole? And many more.<\/p>\n<p>While you can read our answers in full in our <a href=\"https:\/\/blog.mozilla.org\/netpolicy\/files\/2017\/11\/Mozilla-TRAI-Data-Protection-Filing.pdf\">comment<\/a>, Mozilla\u2019s work in this area is guided first and foremost by the Mozilla Manifesto, which states: \u201cIndividual security and privacy is fundamental and must not be treated as optional online\u201d (Principle 4). Our commitment to this principle can be seen both in the open source code of our products as well as in our policies such as Mozilla\u2019s <a href=\"https:\/\/www.mozilla.org\/en%20-%20US\/privacy\/principles\/\">Data Privacy Principles<\/a>:<\/p>\n<ol>\n<li><b> No surprises<\/b><\/li>\n<\/ol>\n<p>Use and share information in a way that is transparent and benefits the user.<\/p>\n<ol start=\"2\">\n<li><b> User Control<\/b><\/li>\n<\/ol>\n<p>Develop products and advocate for best practices that put users in control of their data and online experiences.<\/p>\n<ol start=\"3\">\n<li><b> Limited data<\/b><\/li>\n<\/ol>\n<p>Collect what we need, de-identify where we can and delete when no longer necessary.<\/p>\n<ol start=\"4\">\n<li><b> Sensible settings<\/b><\/li>\n<\/ol>\n<p>Design for a thoughtful balance of safety and user experience.<\/p>\n<ol start=\"5\">\n<li><b> Defense in depth<\/b><\/li>\n<\/ol>\n<p>Maintain multi-layered security controls and practices, many of which are publicly verifiable.<\/p>\n<p>Given this strong commitment to user security and privacy, we look forward to working with TRAI and other Indian stakeholders as work to develop India\u2019s first comprehensive data protection law progresses.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mozilla recently filed comments with the Telecom Regulatory Authority of India (TRAI) in response to their consultation paper \u201cPrivacy, Security, and Ownership of Data in the Telecom Sector.\u201d In our &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/\">Read more<\/a><\/p>\n","protected":false},"author":1138,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[283226,847,69],"tags":[],"coauthors":[290387],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What data protection should look like in India - Open Policy &amp; Advocacy<\/title>\n<meta name=\"description\" content=\"Mozilla filed comments with the Telecom Regulatory Authority of India on what the country&#039;s first comprehensive data protection framework should look like.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jochai Ben-Avie\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/\",\"name\":\"What data protection should look like in India - Open Policy &amp; Advocacy\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\"},\"datePublished\":\"2017-11-14T23:11:14+00:00\",\"dateModified\":\"2017-11-14T23:11:14+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/a395fd3aefaa3e67aa7f86da1763b5ac\"},\"description\":\"Mozilla filed comments with the Telecom Regulatory Authority of India on what the country's first comprehensive data protection framework should look like.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/netpolicy\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What data protection should look like in India\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/\",\"name\":\"Open Policy &amp; Advocacy\",\"description\":\"Mozilla&#039;s official blog on open Internet policy initiatives and developments\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/a395fd3aefaa3e67aa7f86da1763b5ac\",\"name\":\"Jochai Ben-Avie\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/67fc7caaeaface9c3805055361fb9bb6\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/21e143a706b700b1ba58339b18512056?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/21e143a706b700b1ba58339b18512056?s=96&d=mm&r=g\",\"caption\":\"Jochai Ben-Avie\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What data protection should look like in India - Open Policy &amp; Advocacy","description":"Mozilla filed comments with the Telecom Regulatory Authority of India on what the country's first comprehensive data protection framework should look like.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/","twitter_misc":{"Written by":"Jochai Ben-Avie","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/","url":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/","name":"What data protection should look like in India - Open Policy &amp; Advocacy","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website"},"datePublished":"2017-11-14T23:11:14+00:00","dateModified":"2017-11-14T23:11:14+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/a395fd3aefaa3e67aa7f86da1763b5ac"},"description":"Mozilla filed comments with the Telecom Regulatory Authority of India on what the country's first comprehensive data protection framework should look like.","breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/11\/14\/trai-data-protection-comment\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/netpolicy\/"},{"@type":"ListItem","position":2,"name":"What data protection should look like in India"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website","url":"https:\/\/blog.mozilla.org\/netpolicy\/","name":"Open Policy &amp; Advocacy","description":"Mozilla&#039;s official blog on open Internet policy initiatives and developments","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/a395fd3aefaa3e67aa7f86da1763b5ac","name":"Jochai Ben-Avie","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/67fc7caaeaface9c3805055361fb9bb6","url":"https:\/\/secure.gravatar.com\/avatar\/21e143a706b700b1ba58339b18512056?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/21e143a706b700b1ba58339b18512056?s=96&d=mm&r=g","caption":"Jochai Ben-Avie"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/1321"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/users\/1138"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/comments?post=1321"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/1321\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/media?parent=1321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/categories?post=1321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/tags?post=1321"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/coauthors?post=1321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}