Strategies for Digital Economy

Individual Assignment
Facebook Jio Case

Submitted By: -
Pancham Rathore -190301013
2.Should Jio Platforms aggressively pitch for 5G adoption in India? How will it benefit
the company?
Answer:
Reliance Jio is in a position where he can commercial launch services based on fifth-
generation or 5G Technology, following its network readiness. Therefore, Jio should
aggressively pitch for 5G adoption in India.
Reliance Jio would play a key role in the development of the 5G ecosystem in India based on
the market dynamics. Jio with its 5G-ready network and extensive fibre assets, would play a
key role in the development of the 5G ecosystem in India. Reliance Jio Infocomm Limited
revolutionised the telecom sector.
The scenario of Indian telecom market before JIO entered was: There were more than 1 billion
mobile users in India, out of which only 34%were connected to the internet. Only 12% from
these 1 billion used 3G data or above.
Then came Jio which took the market by storm by offering Data Centric plans and free
promotional data, They penetrated the Indian market with Cost leadership Strategy.
Post Jio Telecom Scenario in 2016 :-

One of the biggest strengths of Jio to pitch in for 5G is

Innovative technology-Jio currently uses the latest 4G LTE technology which is one of the
world’s best technologies for the future. This is supported by Voice over LTE which makes it
scalable and supportive of 5G and 6G technologies which are expected to be the future in
wireless communication.
Jio already working on 5G-capable devices with plans afoot to launch new smartphones in
tandem with the commercial roll out of 5G services after allocation of spectrum post auction
which makes it only company who can pitch in 5G.
Jio’s own IMS (IP Multimedia Subsystem) solution (vIMS) for VoLTE and VoWiFi is live since
October 2019. It was previously using Nokia and Oracle’s IMS and related technology to offer
4G voice service. This is for the first time that an Indian product has replaced European and
American technologies. Eight billion calls per day and 4.5 billion SMSs per day are now
handled on Jio’s own technologies - TAS, IPSMGW and SMSC.
Reliance Jio says India is 5G-ready, rivals (such as Airtel, Vodafone etc) complain of
financial stress and lastly adoption of 5G will boost the job creation by telecom sector which
will enhance the digital economy and learning towards it.

Future driven technology Reliance Jio uses VoLTE 4G network which is scalable to
accommodate 5G and 6G technologies. This offers numerous avenues to Jio or future
expansion of bandwidth

How will it benefit the company?

With speed, 5G network is also expected to handle increased volumes of traffic leading to
software skills like cloud, virtualization, Dockers, Kubernetes will also experience a spike in
demand. The adoption of 5G will also see a greater adoption of IOT across sectors and thereby
opening up more avenues for professionals skilled in IOT.
Jio that forayed into pure-play fourth-generation or 4G services in September 2016, is the only
profit-making telco that intends to switch to a 5G network after bidding for airwaves in the
upcoming sale.
Reliance Retail, a subsidiary of oil-to-logistics conglomerate Reliance Industries Limited (RIL)
had parallelly launched cost-friendly 4G feature phones, under the LYF brand in January 2016
to complement Jio's telecom network.
Jio has designed its own hardware for the 5G technology, which could be made in India once
5G trials are successful along with the Internet of Things (IoT) gear. Having developed end-
to-end 5G technology, Jio would be able to bring a wide array of use cases like security and
surveillance using drones, industrial IoT and digitisation in the agriculture sector.
Jio is actively looking to build 5G and IoT technology capability in-house through a mix of
organic and inorganic approach. The move is unprecedented not only in India but also globally
as most operators have relied on technology vendors for network equipment.
Jio’s own IMS (IP Multimedia Subsystem) solution (vIMS) for VoLTE and VoWiFi is live since
October 2019. It was previously using Nokia and Oracle’s IMS and related technology to offer
4G voice service. This is for the first time that an Indian product has replaced European and
American technologies. Eight billion calls per day and 4.5 billion SMSs per day are now
handled on Jio’s own technologies - TAS, IPSMGW and SMSC.
I strongly feel that Jio is 5G-ready to make India ready, Jio-rivals complain of financial stress
and last but not the least, adoption of 5G will boost the Digital economy and job creation by
telecom sector.
Q4. What are the pros and cons of O2O model for retail business in India? Is this
the best marketing/ operational strategy which Reliance Jio can adopt, leveraging
its collaboration with Facebook?
O2O Model – In O2O Business Model, Consumer searched for product online or
service online but bought it through offline

Sr.
No PROS CONS
1. Small Shops gets wide number of In O2O business model.
prospective customers, thus giving Consumers cannot interact with
boost to their sales. the store owners during
selecting the products and
making the purchase.

2. Through O2O Business Model, Jio can Customer won’t be able to

work on Zero Inventory Model. No negotiate or won’t get the
need to spend money on Complex product on credits.
Supply Chain Models

3. Customers will be more comfortable O2O business models involve

in placing the order as they might have collecting and storing
Trust and rapport with Local Supplier. customer’s personal information
Customers will get relief from long like address and phone number,
Que at Kirana Store. there are data privacy concerns
that arise out of it
Yes, I believe that this is the best marketing/operational strategy which Reliance Jio
can adopt, leveraging its collaboration with Facebook
Through JioMart, RIL is offering an O2O (online-to-offline) marketplace. Apart from
leveraging the Facebook Database 400 million. They will connect with local retailers
and deliver products to the customers by procuring them from the nearest store
located in the customer's locality. customers were required to access Jio Mart
through a unique WhatsApp number on their phones. In response, JioMart would
send a link to the customer's WhatsApp chat window, valid for 30 minutes. This link
would direct the customer to a new page wherein he/she had to fill his address and
contact number, after which the catalogue of products was made available to order
from. Once the final order was placed, it would be shared with the local Kirana store
on WhatsApp. The customer will receive a notification with the order and the Kirana
store details on his number. The customer would also receive an alert as soon as the
Kirana store billed the order. The customer would then pick up his/her order from
the Kirana store and make payment in cash. They will target middle-class families
and will change their purchasing habit
The company goal is to reform the unorganized retail sector, benefiting local
shopkeepers whose businesses were being adversely affected due to competitive
pricing and warehousing strategies of other online retail stores. In addition to
increased sales and margins, these shopkeepers will be equipped with points of sale
(PoS) terminals, integrated billing applications, GST compliance, thereby easing
taxation and also upskilling them in inventory management and supply chain
management.
This way they will be able to tap the untapped Semi-Rural and Rural Segment of India
and can expand their user base and increase their overall revenue.
5. What do you understand by Net Neutrality? In the context of investment made by
Facebook in Jio Platforms, what is the likely impact of this duo on net Neutrality?

Answer: Net Neutrality is the principle that states - Internet Service Providers (‘ISPs’)
should treat all internet content equally and should not implement discriminatory practises to
hinder or quicken access to certain services or content. The reasoning behind this principle is
that internet should be an equal opportunity, equal playing ground for all the players. The
primary argument for net neutrality is that if the ISPs give preferential treatment to certain
content, then newer players in the online market will have a difficult time competing for
customers and this is in turn will stifle innovation.

 In the context of Facebook-Jio deal, Facebook investing a huge amount in Jio

platforms have made some observers curious that “Net Neutrality” issues might pop
up.
 It already happened once in India with Facebook’s Free Basics debacle, and eventually
TRAI had to force Facebook to withdraw Free Basics from India.
 There are speculations that Jio might give preferential treatment to Facebook and it’s
products like WhatsApp pay, by making it load faster than Gpay, Phonepay or any
other competitive payment system in a Jio network, which will be a clear violation of
net neutrality.
 However, Jio has rubbished such claims and has stated that Net Neutrality will be
respected.
6. What are the data privacy issues flagged in the case? How does the data protection
draft bill compare and contrast with GDPR adopted by EU countries?

Answer: The data privacy issues flagged in the case are –

 the vast amount of customer related data available with both companies (jointly known
as “data elephants” in the industry) would give both of them an unfair competitive
advantage.
 Justice BN Srikrishna has raised a red flag over the lack of a data regulator to oversee
privacy concerns emanating from Reliance Jio-Facebook deal.
Indian Data Protection Draft Bill (PDP) Vs GDPR adopted by EU

1. Territorial and material scope:

GDPR: -

 Has extraterritorial applicability in some cases. Applies to data that relates to

an identified/identifiable natural person (also called personal data) as well as
'special categories of personal data'.
 Relaxes certain requirements for data controllers ("DC") who pseudonymize
personal data. Excludes anonymized data from its application .
PDP Bill: -

 Has extraterritorial applicability in limited cases. Empowers the central

government to exempt certain agencies of the government of India from the
application of the bill. Further, allows the government to exempt DPs
processing the data of foreign nationals from the application of the bill subject
to certain conditions.
 Covers personal data, sensitive personal data ("SPD") and critical personal
data. There is no parallel to critical personal data under the GDPR.
 Further, the scope of SPD under the PDP Bill is wider than that of special
categories of data in the GDPR.
Observation: -
The GDPR does not govern anonymised data at all, while the PDP Bill allows the
government to access non personal data held by any DP or DF for specific
purposes under clause 91. Anonymization standards may differ between the
PDP Bill and the GDPR. Therefore, being GDPR compliant does not necessarily
make an entity compliant with the PDP Bill. Broader definition of SPD means that
entities in India will have to apply higher standards of data protection to more
categories of personal data in India, as compared to the GDPR. Entities will have
to be especially careful with their processing of ‘critical personal data’, which
has no parallel in the GDPR.
2. Data localisation and cross border data flows:
GDPR: -

 No hard data localisation. Cross border data transfers allowed subject to certain
conditions.
 Special categories of personal data may be prohibited from being transferred
outside the country.
 Cross border data transfer permitted with and without the authorization of the
relevant Supervisory Authority (depending on the nature of the data), subject
to certain restrictions.
PDP Bill: -

 Places no restriction on the processing and transfer of personal data outside

India. SPD to be stored only in India, but may be transferred outside India for
processing with explicit consent in limited conditions.
 Critical personal data to be stored and processed only in India but may be
transferred outside India in limited conditions.
Observation: -
Entities will have to comply with stricter standards of data localization under the
PDP Bill, as compared to the GDPR. The conditions for cross border data
transfer may differ between the Data Protection Authority (“DPA”) and the
Supervisory Authority. Therefore, compliance with the GDPR may not result in
compliance with the PDP Bill, since transfers outside India will depend on
approvals/ permissions either by the DPA or the central government. However,
there are some overlaps between the GDPR and the PDP Bill (for instance, intra-
group schemes or the broad idea of adequacy).

3. Notice and consent: -

GDPR: -

 Notices need to be clear, simple and easy to understand and must contain all
relevant details including identity of the DC, contact details of the data
protection officer ("DPO"), among other things.
 Valid consent (consent which is freely given, specific, informed, unambiguously
indicated through a statement/clear affirmative action and, capable of being
withdrawn) of the data subject should be procured before processing.
PDP Bill: -

 Notice requirements include the GDPR requirements plus notices in multiple

languages and data trust scores/other information as asked for by the DPA.
 Consent requirements are similar to those in the GDPR. SPD to be processed
only on the basis of explicit consent.
 A new class of entities called 'consent managers' have been introduced in the
PDP Bill to help manage the consent of data principals.

Observation: -
 Compliance with the GDPR is not equivalent to compliance with the PDP Bill’s
notice requirements. The PDP Bill offers relatively more clarity on the legal
consequences of consent withdrawal than what is provided by the GDPR. Unlike
the GDPR, the PDP Bill proposed a new type of entities for channelling consent,
i.e. ‘consent managers.

4. Data processing principles and grounds for processing personal data:

GDPR: -

 Data processing principles are lawfulness, fairness and transparency;

collection limitation; purpose limitation; accuracy; storage limitation; integrity
and confidentiality' and accountability.
 Grounds for processing personal data are consent, compliance with the law,
public interest, vital interest, performance of a contract, legitimate interests,
when data is manifestly made public by the data principal.
PDP Bill: -

 Data processing principles under the PDP Bill are similar to those in the GDPR.
In addition to the grounds listed in the GDPR, the grounds for processing
personal data are 'purposes relating to employment', and 'reasonable purposes
as specified by the DPA'.
 Furthermore, all the grounds under the GDPR are placed on an equal footing
unlike the PDP Bill which considers consent as the primary basis and all other
grounds are considered as an exception.
 Performance of a contract is still not a ground for processing data without
consent under the PDP Bill, while it is under the GDPR.
Observation: -
Under the GDPR, data can be retained for a longer time for
archiving/research/statistical purposes, whereas under the PDP Bill, data can be
retained for a longer time if explicitly consented to by the data principal or to
comply with any obligation under a law. The performance of contract is not a
ground under the PDP Bill, while it is a ground under GDPR. The PDP Bill does
not recognise ‘legitimate interests’ (as provided in the GDPR), but allows DFs to
process data for ‘reasonable purposes. However, unlike legitimate interests that
are determined by the DCs themselves, reasonable purposes will be specified
by the DPA. Thus, being compliant with the GDPR does not mean automatic
compliance with the PDP Bill.

5. Security and compliance:

GDPR: -
 DCs are required to incorporate data protection by design. DPs and DCs are
obligated to enforce security safeguards for personal data. DCs are obligated
to perform Data Protection Impact Assessments ("DPIA") prior to processing
some kinds of personal data subject to limited prescribed exemptions.
 Each DC is required to maintain a record of processing activities that it is
responsible for, with certain exceptions. Each Supervisory Authority is
empowered to investigate DPs and DCs through data protection audits.
 PDP Bill

 The PDP Bill requires DFs to prepare privacy by design policies. DFs may
subsequently have these policies certified. They are required to publish this policy on
their and the DPA's websites. DFs and DPs need to implement security safeguards.
 Significant DFs are required to: (i) undertake DPIAs; (ii) maintain up-to-date records of
certain information in the form prescribed by the DPA; and (iii) have their conduct and
policies audited by an independent auditor.
 The DPA will register experts in information technology, data science, and computer
systems as data auditors. The 2019 PDP Bill requires the data protection officers to
'review' the DPIA prepared by DFs and give their opinion on it.

Observation: -

In terms of privacy/data protection by design the PDP Bill and the GDPR are
broadly aligned, and both refer to similar concepts such as DPIAs, privacy by
design, and audits. There are, however, differences in approach. In the GDPR,
while all DCs have to undertake DPIAs and maintain records, under the PDP Bill,
only ‘significant DFs’ are required to do so. Further, the PDP Bill, allows the DPA
to notify regulations specifying the manner in which data auditors should
conduct their data audits, whereas the GDPR does not. Further, DFs getting their
policies certified under the PDP Bill will be eligible to participate in the data
sandbox. The GDPR does not propose a sandbox. The grounds for determining
if DPIA is necessary are wider under the GDPR. Further, the information to be
provided in the DPIA is narrower under the PDP Bill as compared to the GDPR.
Thus, complying with the GDPR may not be enough to ensure compliance with
the PDP Bill.

6. Breach notification:

GDPR: -

 Under the GDPR, DCs are required to notify the Supervisory Authority of a
breach of personal data within 72 hours, with limited exceptions.
 The data subject is required to be notified of the breach without undue delay if
there is a probability of significant harm to the rights of the data principals,
subject to the prescribed exemptions.
PDP Bill: -

 The PDP Bill requires every DF to inform the DPA of any breach which is likely
to cause harm to data principals within the timeline stipulated by the DPA. DFs
have to notify data principals, only when required to do so by the DPA.
 The DPA determines whether an individual should be notified, taking into
account the severity of the harm that may be caused to the data principal or
whether any action is required on the part of the data principal to mitigate such
harm.
Observations: -
The threshold for notification of breach are different in the GDPR and the PDP
Bill. In the GDPR, all breaches are to be reported to the supervisory authority,
unless the breach is unlikely to result in a risk to individuals. Under the PDP Bill,
breaches are to be notified the DPA if they are likely to cause harm to data
 principals. Unlike the GDPR, under the PDP Bill, DFs have to notify data
principals only when required to do so by the DPA.
7. Data processors:
GDPR: -
 DCs can only employ DPs who comply with the GDPR. For this, DPs have to provide
sufficient guarantees that they implement appropriate measures to comply with the
GDPR. This may be measured by a DP's adherence to an approved code of conduct or an
approved certification. A DP needs prior authorisation from the DC before engaging
another DP.
 If the DP determines the purpose and means of processing, such DP shall be considered as
a DC for the purposes of the GDPR. The European Commission may lay down standard
contractual clauses for the contracts between DP and DCs.

PDP Bill: -

 DFs can employ a DP through a valid contract to process data on its behalf. A DP may engage
another DP for processing data with the authorisation of the DF or if permitted under its
contract with the DF.

Observations: -
The PDP Bill appears to be slightly more relaxed in the requirements for
contracts with DPs, unlike the GDPR, where the DPs have to give the DCs
sufficient guarantees that they will adhere to the GDPR. In practice, however,
pursuant to the PDP Bill, DPs may have to provide similar guarantees to DFs.
The GDPR empowers the European Commission to prescribe standard
contractual clauses for the agreement between the DCs and DPs. The PDP Bill
does not expressly provide for a similar measure with respect to the DPA.

8. Storage limitation:

GDPR: -
 Under the GDPR, the data is required to be kept in an identifiable form and
exceptions have been clearly laid down for increasing the storage period under
the GDPR. Exceptions such as public interest, scientific, historical and statistical
have been provided for.
PDP Bill: -

 The PDP Bill requires that data shall not be retained beyond the period necessary
to satisfy the purpose for which it is collected and has to be deleted once the
purpose is fulfilled.
 The PDP Bill requires 'explicit consent' of the data principal to retain data for a
longer period of time.

Observation: -

Unlike the GDPR, the PDP Bill requires explicit consent of the data principal in
order to store data for a longer period of time than is necessary to satisfy the
purpose for which it is collected. Therefore, compliance with GDPR may not be
enough to ensure compliance with PDP Bill.
9. Grievance redressal and penalties:
GDPR: -

 DCs and DPs shall assist the DPO in carrying out any task related to grievance
redressal. The data subjects can contact the DPO to exercise their rights under
the GDPR.
 Data subjects have the right to approach the Supervisory Authority to seek
judicial remedy in certain situations. Each member state shall make rules to
implement GDPR the provisions related to penalties.
 The GDPR prescribes fines (of up to 10 million euros in certain cases) for the
DC, certification authority and monitoring body, variably, if they fail to comply
with their obligations under the GDPR.
PDP Bill: -

 The data principal can raise concerns to an officer assigned for the purpose,
which grievance must be resolved within 30 days. Any person aggrieved by
an order made by the adjudication officer can appeal to the appellate tribunal.
 The PDP Bill prescribes penalties (of up to INR 15 crores in certain cases).
Where no specific penalties have been provided, the person shall be liable to
pay a penalty of up to INR 1 crore (in case significant DF, as defined under
the PDP Bill) and up to INR 25 lakh (for other DFs and other specified entities
such as the data auditors).
Observation: -
The PDP Bill stipulates a time period of 30 days within which a grievance is to
be addressed. The GDPR does not prescribe such time period. Unlike the GDPR,
the PDP Bill states allows any person, as opposed to only a data principal, to
appeal to the appellate tribunal. The difference in amount between the penalties
imposed by the GDPR and the PDP Bill is significant.