Emerging Technologies

The Role of 5G in forwarding the digital revolution in India

Shreya Kumar January 17, 2021

0 3,920 17 minutes read

POLICY CONCERNS

CHINESE SPYWARE IN 5G

Allegations have been made that cellular network devices coming from Chinese companies, may contain spyware enabling the Chinese government to exercise hidden surveillance as a part of its international intelligence activity.[xxiii] Moreover, recent provisions of the Chinese law such as Article 77 of the National Security Law, compels companies, individuals to furnish personal information at the behest of government agencies. Australia, Canada, New Zealand, and the US have declared the usage of Huawei (Chinese telecom giant) equipment to be posing a significant security risk. Barring Canada, which is reviewing its decision on a potential ban, all the aforesaid countries have completely banned the company’s technology, which includes its 5G model. Fearing manipulation by China in spying and disrupting vital communications in other countries has led to such drastic steps being taken. A country’s national security, autonomy, privacy, personal data of its citizens stand at risk.

In India, the government has now included the Chinese telecommunication company Huawei in working groups for the deployment of 5G networks in the world, following restrictions on Chinese investment in India and the prohibition of over 200 Chinese mobile applications. In eight fields, including agriculture, Fintech, transport, and training, 5G rollout workgroups were formed by the Department of Telecommunications (DoT). Huawei will be one of the working groups undertaking a 5G rollout analysis in the health sector and fintech.[xxiv]

RISK TO CYBERSECURITY, PRIVACY, DATA

Since the network has moved from hardware-based to software-based digital routing, it has lost the potential for proper inspection and control. An attacker gaining control of the software can manipulate the entire network. With the coming of 5G, the future holds a promise of managing our day-to-day activities such as traffic safety to matters of national concern such as a battlefield. However, if not properly secured, this increased connectivity can risk a serious loss of private data, cyber-attacks, and veiled surveillance. For example, Microsoft reported that Russian hackers were invading IoT devices to gain network access.[xxv] 5G facilitates the transmission of data across various types of networks and devices. This makes it hard for law enforcement authorities to perform digital investigations or track offenders, complicating the processing and surveillance of digital evidence.[xxvi]

The primary legislation on cybercrimes in India is the Information Technology, Act, 2000 (“IT Act”). Sections 43 and 66 of the IT Act penalize a range of activities, including hacking, data theft, the introduction and spread of viruses through computer networks, computer damage, and more. With the most recent amendment happening in 2008, the law remains outdated. A major overhaul is required involving the strengthening of laws, simplification of electronic evidence procedure, creation of more capacity building/ sensitization among police, law enforcement agencies, judiciary, etc.

Mr. Ajit Doval, the National Security Adviser (NSA), said that the Central Government is planning the 2020 National Cyber Security Strategy 2020 for a safe, stable, confidential, resilient, and dynamic cyberspace for prosperity in India.[xxvii]

COMPETITION CONCERNS: MONOPOLY OF JIO

In 2016, Jio disrupted the telecom market with its customer-friendly services offering free services of data and calls to its users for 3 months. India which is a highly price-sensitive market, had a massive population shifting their subscriptions to Jio. This led to market rivals being forced to dramatically alter their charges, disturbing their prevailing business rates. Telecom operators like Bharti Airtel have called into question the above-mentioned Jio scheme, claiming that they are protected under predatory pricing, as a breach of the provisions of Section 4 of the Competition Act, 2002. In the 2017 case of Bharti Airtel Limited Vs. Reliance Industries Limited & Reliance Jio Infocomm Limited[xxviii], the Competition Commission of India ruled in favor of Jio citing no violation of Section 4 of the Act.

During this quarter, the national COVID-19 lockdown and work-from-home increased data usage. Jio telecom unit of Reliance Industries announced a three-fold jump in its net profit to Rs 2840 crore for the second quarter ending on September 30, 2020[xxix]. For the same period, Vodafone Idea announced that its losses decreased to Rs 7,218.2 crore while Bharti Airtel saw a consolidated net loss of Rs 763 crore.[xxx] In nine of the past 10 years, government-owned organizations such as MTNL have registered losses, and BSNL has also been losing since 2010. Similarly, in the case of subscribers, all telecom companies suffered major losses with the exception of Jio and BSNL. It can be clearly seen that Jio exercises monopoly being the only company experiencing profits as well as user popularity in the telecom industry.

With an increasing subscriber base, rising profits as well partnership with top-notch companies such as Qualcomm for 5G network and Google for developing affordable smartphones, Jio will be the only viable option for offering an efficient 5G network. The other private players, including the likes of Airtel, Vodafone-Idea will have to increase their tariffs to cope with rising debts and losses. State-owned entities such as BSNL, MTNL in spite of having a good consumer base and proposed government funding; lack the relevant technology, efficiency, customer service, or profits to effectively compete with these private players in the 5G network.

COMPARATIVE ANALYSIS BETWEEN INDIA’S DATA PROTECTION LEGISLATION AND GDPR

In order to allow the EU (European Union) nationals and organizations to better monitor their personal data, the General Data Protection Regulation (GDPR) was implemented in 2018. One of its key statutory goals is to ensure that the entities taking control of the individual’s personal data remain transparent and accountable in their approach so as to reduce the possibility of misuse. In India, cyber law, data privacy, and protection, cybersecurity is dealt with by the Information Technology Act, 2000 as well as the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”). The SPDI Rules provide for permissions to be taken from users regarding their personal data, failing which penalties would be imposed. The Personal Data Protection Bill, 2019 (“PDPB”) which has been tabled in the Indian Parliament for ratification is an important statutory step in securing the personal data of citizens. Presently, a Joint Parliamentary Committee (JPC) is reviewing the Bill in collaboration with experts and stakeholders. The Committee plans to submit its report before the winter session of Parliament[xxxi]

In 5G, the idea of who owns the data is equally important as where the data is stored. The exploitation of user information would be steered by many companies in vertical industries. The infrastructure is shared between multiple operators and users. Voluminous data will move between countries at a hyper-speed posing serious threats to data confidentiality, ownership. The following issues might arise in the 5G regime and we analyze how the relevant GDPR, Indian Legislations will deal with them.

ISSUE: In response to an unmanageable amount of data processing across 5G networks, higher speeds will result in a failure to notify the data subject about the elements of their data processing. Rectification and erasure rights (right to rectification, right to be forgotten, right to restriction of processing, right to be informed of rectification or erasure) may also be impacted by high data rates due to rapid transmission and sharing of data. When an enormous amount of data processing happens without human involvement, drastic privacy issues emerge by data subject profiling.

COMPARISON BETWEEN GDPR & PDPB: While the basic framework of the PDPB is quite similar to GDPR, on a closer look some differences can be seen. [xxxii]

TOPIC	GDPR	PDPB
Consent	When contrasted with PDPB, GDPR’s definition of consent seems more stringent. While the GDPR mandates consent for separate processing purposes to be taken separately, there is no such provision in the PDPB.	The concept of consent under the PDPB is more linked to transparency as contrasted with GDPR’s concept of consent which is more linked to specific and meaningful control. There is no such provision for consent regarding separate processing purposes to be taken separately
Accuracy requirements for data	Article 5, 1(d) only talks about the accuracy of data, does not differentiate between a fact and opinion like the PDPB.	PDPB’s accuracy requirements for data seem more specific than GDPR’s, with PDPB talking about many factors and distinguishing between a fact and opinion in data.
Confidentiality and Integrity Principle	Article 5, 1(f) elucidates the confidentiality and integrity principle	The PDPB does not have any provision explicitly mentioning the confidentiality and integrity principle
Storage of Data	GDPR allows retaining data in a form that does not identify the individual. Does not have a provision for periodic review like the PDPB.	PDPB requires deletion after the requirement for which the data is collected is satisfied. The PDPB also has a provision for conducting a periodic review which the GDPR lacks.
Legal basis for the processing of an individual’s personal data.	GDPR lists 6 lawful bases. GDPR specifies a legal basis that is a necessary requirement in the performance of a contract.	PDPB lists 7 lawful bases. The PDPB does not specify any legal basis that is a necessary requirement in the performance of a contract.
The right to portability means the transfer of personal data from one fiduciary to another generally done via automated means. The coming of 5G will lead to massive data portability, with large volumes of data being transferred.	Right to Portability under the GDPR will have a narrower scope as it is limited data processed on a legal basis.	Under the PDPB, the right to portability is wider than the equivalent GDPR right, since it is not limited to data processed on such legal bases.
Right to be Forgotten	GDPR uses the right to erasure interchangeably with the right to be forgotten. No distinction has been made between the two rights like in the PDPB. The responsibility for assessing the extent of operation of the Right to be Forgotten has been placed on the Controller. GDPR does not mandate the Controller to balance interests however they have to take exceptions into consideration. Thus, the Right to be Forgotten under GDPR may be interpreted more widely than in PDPB.	PDPB distinguishes between two different rights: one for erasure and one for limiting personal data disclosure (i.e. the Right to be Forgotten). The PDPB 2019, in comparison to the GDPR, has placed the responsibility for assessing the extent of operation of the Right to be Forgotten on the Adjudicating Officers named by the DPA (Data Protection Authority), rather than the controller. By asking Adjudicating Officers to take into account a number of factors, balancing various interests it is highly likely that the Right to be Forgotten will be interpreted more narrowly as compared to the corresponding GDPR right.

COMPARISON IN PUNISHMENT: While both the GDPR as well as the Indian statutes comprising of the IT Act or the Parliament tabled PDPB contains provisions for fines as punishment, the GDPR imposes only civil liability but the IT Act has the power to impose criminal liability as well.

CONCLUSION

It is anticipated that 5G will pave the way for a hyper-connected world, a world that sees all forms of connectivity converge wired, fixed, and local wireless. With extremely precise data arriving at higher speeds, laws, and bills such as the GDPR, PDPB, IT Act, etc. must concentrate on ensuring that organizations are transparent in the use of users’ private data and gain consent in real-time for data processing activities. With increasing digitization and increasing interconnectivity, the privacy of any person is more threatened than ever. In the case of 5G, for example, with towers closely positioned, location data would be more reliable than ever with operators monitoring each move on a real-time basis. For individuals that may be targeted for political, religious, or commercial purposes, this may increase vulnerability. However, if data can be tracked using 5G technology, the same 5G can aid in gaining consent and informing users about privacy violations on a fast real-time basis. Apps could be created for the same, users could also feed their privacy preferences into the app, modifying it as per their convenience. Devices could be linked with the app, operating as per the preferences of the user.[xxxiii] Data privacy can be a tricky subject as the Government which legislates laws to protect its citizens, can be the same operator tracking each and every move in the name of security. Similarly, if all the companies and their products in the market, compulsorily require access to private data, what choice does the consumer have, if availing of the service is a necessity? Regarding data privacy, it is suggested that individuals best exercise their discretion and pay attention to the fine print before getting ready to divulge their personal details.

This article can be cited as:

Shreya Kumar, The Role of 5G in forwarding the digital revolution in India, Metacept- InfoTech and IPR, accessible at https://metacept.com/the-role-of-5g-in-forwarding-the-digital-revolution-in-india.

[i] Sandhya Keelery, Number of internet users in India from 2015 to 2020 with a forecast until 2025, STATISTA, 16 October 2020, https://www.statista.com/statistics/255146/number-of-internet-users-in-india/. Accessed 2 December 2020.

[ii] Id.

[iii] Id.

[iv] ETTelecom, India to have 820 million smartphone users by 2022, ECONOMIC TIMES, Jul. 9, 2020, https://telecom.economictimes.indiatimes.com/news/indian-to-have-820-million-smartphone-users-by-2022/76876183.

[v]5G VS 4G: What’s The Difference?,THALES, 8 October 2020. https://www.thalesgroup.com/en/worldwide-digital-identity-and-security/mobile/magazine/5g-vs-4g-whats-difference. Accessed 2 December 2020.

[vi] Id.

[vii] Id.

[viii] Id.

[ix] Len Calderone, 5G Is Coming to Agriculture, AGRITECH TOMORROW, 14 June 2020, https://www.agritechtomorrow.com/article/2020/07/5g-is-coming-to-agriculture/12275. Accessed 2 December 2020.

[x] Rose Eveleth, Doctors are controlling scalpel-wielding robots in real operations from afar, finds Rose Eveleth. Is this the future of surgery?, BBC FUTURE, 16 May 2014, https://www.bbc.com/future/article/20140516-i-operate-on-people-400km-away. Accessed 2 December 2020.

[xi] Press Trust of India, India set to become third-largest consumer market by 2030: WEF-Bain report, BUSINESS STANDARD, 9 January 2019, https://www.business-standard.com/article/current-affairs/india-poised-to-become-third-largest-consumer-market-by-2030-wef-report-119010900296_1.html#:~:text=India%20is%20poised%20to%20become,Economic%20Forum%20report%20said%20Wednesday. Accessed 2 December 2020.

[xii] Harsh V. Pant, Aarshi Tirkey, The 5G Question and India’s conundrum, OBSERVER RESEARCH FOUNDATION, 26 September 2020, https://www.orfonline.org/expert-speak/the-5g-question-and-indias-conundrum-74194/. Accessed 2 December 2020.

[xiii] 5G India 2020, DEPARTMENT OF TELECOMMUNICATIONS, https://dot.gov.in/5g-india-2020. Accessed 2 December 2020.

[xiv] Report of Committee -B on leveraging A.I. for identifying mational missions in key sectors, MINISTRY OF ELECTORNICS & INFORMATIO TECHNOLOGY, July 2019. Accessed 2 December 2020.

https://www.meity.gov.in/writereaddata/files/Committes_B-Report-on-Key-Sector.pdf.

[xv] Yuthika Bhargava, How will a 5G network power the future?, THE HINDU, 8 June 2019, https://www.thehindu.com/business/how-will-a-5g-network-power-the-future/article27698653.ece. Accessed 2 December 2020.

[xvi] 5G India 2020, supra note 5.

[xvii] Bhargava, supra note 6.

[xviii] Population of India, STATISTICS TIMES, 17 May 2020, http://statisticstimes.com/demographics/country/india-population.php#:~:text=65%25%20of%20the%20people%20of,0%2D14%20is%2026.16%20percent. Accessed 2 December 2020

[xix] Samrat Sharma, Modi’s ‘Digital India’ still a far-fetched dream for hinterland; not even 30% of rural India has internet, FINANCIAL EXPRESS, 17 September 2020, https://www.financialexpress.com/economy/modis-digital-india-still-a-far-fetched-dream-for-hinterland-not-even-30-of-rural-india-has-internet/2085452/. Accessed 2 December 2020.

[xx] Id.

[xxi] Katya Naidu, Top three telecom companies’ debt is at ₹3.9 lakh crore — that’s half of India’s fiscal deficit, BUSINESS INSIDER, 30 August, 2019, https://www.businessinsider.in/mukesh-ambanis-telecom-war-escalates-telecom-industry-debt-to-3-9-lakh-crore/articleshow/70906000.cms. Accessed 2 December 2020.

[xxii] AGR Judgement Day HIGHLIGHTS: SC allows 10 years for payment of AGR dues; telcos to pay dues on Feb 7 annually, FINANCIAL EXPRESS, 1 September 2020, https://www.financialexpress.com/industry/sc-agr-verdict-live-pending-dues-payment-plan-timeframe-insolvent-telcos-bharti-airtel-vodafone-idea-ibc/2071137/. Accessed 11 December 2020.

[xxiii] Ishita Guha, Huawei part of DoT groups to prep India’s 5G roadmap, MINT, 2 December 2020, https://www.livemint.com/industry/telecom/huawei-part-of-dot-groups-to-prep-india-s-5g-roadmap- 11606881807725.html. Accessed 2 December 2020.

[xxiv] Id.

[xxv] Dan Goodin, Microsoft catches Russian state hackers using IoT devices to breach networks, ARS TECHNICA, 6 August, 2019. https://arstechnica.com/information-technology/2019/08/microsoft-catches-russian-state-hackers-using-iot-devices-to-breach-networks/. Accessed 11 December 2020.