Professional Documents
Culture Documents
Strategies For Digital Economy: Individual Assignment Facebook Jio Case
Strategies For Digital Economy: Individual Assignment Facebook Jio Case
Individual Assignment
Facebook Jio Case
Submitted By: -
Pancham Rathore -190301013
2.Should Jio Platforms aggressively pitch for 5G adoption in India? How will it benefit
the company?
Answer:
Reliance Jio is in a position where he can commercial launch services based on fifth-
generation or 5G Technology, following its network readiness. Therefore, Jio should
aggressively pitch for 5G adoption in India.
Reliance Jio would play a key role in the development of the 5G ecosystem in India based on
the market dynamics. Jio with its 5G-ready network and extensive fibre assets, would play a
key role in the development of the 5G ecosystem in India. Reliance Jio Infocomm Limited
revolutionised the telecom sector.
The scenario of Indian telecom market before JIO entered was: There were more than 1 billion
mobile users in India, out of which only 34%were connected to the internet. Only 12% from
these 1 billion used 3G data or above.
Then came Jio which took the market by storm by offering Data Centric plans and free
promotional data, They penetrated the Indian market with Cost leadership Strategy.
Post Jio Telecom Scenario in 2016 :-
Future driven technology Reliance Jio uses VoLTE 4G network which is scalable to
accommodate 5G and 6G technologies. This offers numerous avenues to Jio or future
expansion of bandwidth
Sr.
No PROS CONS
1. Small Shops gets wide number of In O2O business model.
prospective customers, thus giving Consumers cannot interact with
boost to their sales. the store owners during
selecting the products and
making the purchase.
Answer: Net Neutrality is the principle that states - Internet Service Providers (‘ISPs’)
should treat all internet content equally and should not implement discriminatory practises to
hinder or quicken access to certain services or content. The reasoning behind this principle is
that internet should be an equal opportunity, equal playing ground for all the players. The
primary argument for net neutrality is that if the ISPs give preferential treatment to certain
content, then newer players in the online market will have a difficult time competing for
customers and this is in turn will stifle innovation.
No hard data localisation. Cross border data transfers allowed subject to certain
conditions.
Special categories of personal data may be prohibited from being transferred
outside the country.
Cross border data transfer permitted with and without the authorization of the
relevant Supervisory Authority (depending on the nature of the data), subject
to certain restrictions.
PDP Bill: -
Notices need to be clear, simple and easy to understand and must contain all
relevant details including identity of the DC, contact details of the data
protection officer ("DPO"), among other things.
Valid consent (consent which is freely given, specific, informed, unambiguously
indicated through a statement/clear affirmative action and, capable of being
withdrawn) of the data subject should be procured before processing.
PDP Bill: -
Observation: -
Compliance with the GDPR is not equivalent to compliance with the PDP Bill’s
notice requirements. The PDP Bill offers relatively more clarity on the legal
consequences of consent withdrawal than what is provided by the GDPR. Unlike
the GDPR, the PDP Bill proposed a new type of entities for channelling consent,
i.e. ‘consent managers.
Data processing principles under the PDP Bill are similar to those in the GDPR.
In addition to the grounds listed in the GDPR, the grounds for processing
personal data are 'purposes relating to employment', and 'reasonable purposes
as specified by the DPA'.
Furthermore, all the grounds under the GDPR are placed on an equal footing
unlike the PDP Bill which considers consent as the primary basis and all other
grounds are considered as an exception.
Performance of a contract is still not a ground for processing data without
consent under the PDP Bill, while it is under the GDPR.
Observation: -
Under the GDPR, data can be retained for a longer time for
archiving/research/statistical purposes, whereas under the PDP Bill, data can be
retained for a longer time if explicitly consented to by the data principal or to
comply with any obligation under a law. The performance of contract is not a
ground under the PDP Bill, while it is a ground under GDPR. The PDP Bill does
not recognise ‘legitimate interests’ (as provided in the GDPR), but allows DFs to
process data for ‘reasonable purposes. However, unlike legitimate interests that
are determined by the DCs themselves, reasonable purposes will be specified
by the DPA. Thus, being compliant with the GDPR does not mean automatic
compliance with the PDP Bill.
GDPR: -
DCs are required to incorporate data protection by design. DPs and DCs are
obligated to enforce security safeguards for personal data. DCs are obligated
to perform Data Protection Impact Assessments ("DPIA") prior to processing
some kinds of personal data subject to limited prescribed exemptions.
Each DC is required to maintain a record of processing activities that it is
responsible for, with certain exceptions. Each Supervisory Authority is
empowered to investigate DPs and DCs through data protection audits.
PDP Bill
The PDP Bill requires DFs to prepare privacy by design policies. DFs may
subsequently have these policies certified. They are required to publish this policy on
their and the DPA's websites. DFs and DPs need to implement security safeguards.
Significant DFs are required to: (i) undertake DPIAs; (ii) maintain up-to-date records of
certain information in the form prescribed by the DPA; and (iii) have their conduct and
policies audited by an independent auditor.
The DPA will register experts in information technology, data science, and computer
systems as data auditors. The 2019 PDP Bill requires the data protection officers to
'review' the DPIA prepared by DFs and give their opinion on it.
Observation: -
In terms of privacy/data protection by design the PDP Bill and the GDPR are
broadly aligned, and both refer to similar concepts such as DPIAs, privacy by
design, and audits. There are, however, differences in approach. In the GDPR,
while all DCs have to undertake DPIAs and maintain records, under the PDP Bill,
only ‘significant DFs’ are required to do so. Further, the PDP Bill, allows the DPA
to notify regulations specifying the manner in which data auditors should
conduct their data audits, whereas the GDPR does not. Further, DFs getting their
policies certified under the PDP Bill will be eligible to participate in the data
sandbox. The GDPR does not propose a sandbox. The grounds for determining
if DPIA is necessary are wider under the GDPR. Further, the information to be
provided in the DPIA is narrower under the PDP Bill as compared to the GDPR.
Thus, complying with the GDPR may not be enough to ensure compliance with
the PDP Bill.
6. Breach notification:
GDPR: -
Under the GDPR, DCs are required to notify the Supervisory Authority of a
breach of personal data within 72 hours, with limited exceptions.
The data subject is required to be notified of the breach without undue delay if
there is a probability of significant harm to the rights of the data principals,
subject to the prescribed exemptions.
PDP Bill: -
The PDP Bill requires every DF to inform the DPA of any breach which is likely
to cause harm to data principals within the timeline stipulated by the DPA. DFs
have to notify data principals, only when required to do so by the DPA.
The DPA determines whether an individual should be notified, taking into
account the severity of the harm that may be caused to the data principal or
whether any action is required on the part of the data principal to mitigate such
harm.
Observations: -
The threshold for notification of breach are different in the GDPR and the PDP
Bill. In the GDPR, all breaches are to be reported to the supervisory authority,
unless the breach is unlikely to result in a risk to individuals. Under the PDP Bill,
breaches are to be notified the DPA if they are likely to cause harm to data
principals. Unlike the GDPR, under the PDP Bill, DFs have to notify data
principals only when required to do so by the DPA.
7. Data processors:
GDPR: -
DCs can only employ DPs who comply with the GDPR. For this, DPs have to provide
sufficient guarantees that they implement appropriate measures to comply with the
GDPR. This may be measured by a DP's adherence to an approved code of conduct or an
approved certification. A DP needs prior authorisation from the DC before engaging
another DP.
If the DP determines the purpose and means of processing, such DP shall be considered as
a DC for the purposes of the GDPR. The European Commission may lay down standard
contractual clauses for the contracts between DP and DCs.
PDP Bill: -
DFs can employ a DP through a valid contract to process data on its behalf. A DP may engage
another DP for processing data with the authorisation of the DF or if permitted under its
contract with the DF.
Observations: -
The PDP Bill appears to be slightly more relaxed in the requirements for
contracts with DPs, unlike the GDPR, where the DPs have to give the DCs
sufficient guarantees that they will adhere to the GDPR. In practice, however,
pursuant to the PDP Bill, DPs may have to provide similar guarantees to DFs.
The GDPR empowers the European Commission to prescribe standard
contractual clauses for the agreement between the DCs and DPs. The PDP Bill
does not expressly provide for a similar measure with respect to the DPA.
8. Storage limitation:
GDPR: -
Under the GDPR, the data is required to be kept in an identifiable form and
exceptions have been clearly laid down for increasing the storage period under
the GDPR. Exceptions such as public interest, scientific, historical and statistical
have been provided for.
PDP Bill: -
The PDP Bill requires that data shall not be retained beyond the period necessary
to satisfy the purpose for which it is collected and has to be deleted once the
purpose is fulfilled.
The PDP Bill requires 'explicit consent' of the data principal to retain data for a
longer period of time.
Observation: -
Unlike the GDPR, the PDP Bill requires explicit consent of the data principal in
order to store data for a longer period of time than is necessary to satisfy the
purpose for which it is collected. Therefore, compliance with GDPR may not be
enough to ensure compliance with PDP Bill.
9. Grievance redressal and penalties:
GDPR: -
DCs and DPs shall assist the DPO in carrying out any task related to grievance
redressal. The data subjects can contact the DPO to exercise their rights under
the GDPR.
Data subjects have the right to approach the Supervisory Authority to seek
judicial remedy in certain situations. Each member state shall make rules to
implement GDPR the provisions related to penalties.
The GDPR prescribes fines (of up to 10 million euros in certain cases) for the
DC, certification authority and monitoring body, variably, if they fail to comply
with their obligations under the GDPR.
PDP Bill: -
The data principal can raise concerns to an officer assigned for the purpose,
which grievance must be resolved within 30 days. Any person aggrieved by
an order made by the adjudication officer can appeal to the appellate tribunal.
The PDP Bill prescribes penalties (of up to INR 15 crores in certain cases).
Where no specific penalties have been provided, the person shall be liable to
pay a penalty of up to INR 1 crore (in case significant DF, as defined under
the PDP Bill) and up to INR 25 lakh (for other DFs and other specified entities
such as the data auditors).
Observation: -
The PDP Bill stipulates a time period of 30 days within which a grievance is to
be addressed. The GDPR does not prescribe such time period. Unlike the GDPR,
the PDP Bill states allows any person, as opposed to only a data principal, to
appeal to the appellate tribunal. The difference in amount between the penalties
imposed by the GDPR and the PDP Bill is significant.