Sigfox, a French Internet of Things (IoT) operator, is one of the unexpected respondents to a consultation on data protection by the Telecom Regulatory Authority of India (TRAI). An open house meeting in this regard will be held on January 31 in New Delhi. Sigfox captures ambient data in the form of personally-identifiable information. Its participation is unexpected because India does not have spectrum allocated specifically for IoT. However, given the potential for IoT in India, and the fact that IoT has been a key part of the discussions on privacy, their submission is worth looking into. Here are the broad points that Sigfox makes around privacy. Definition of personal data and data classification Sigfox is of the view that beyond technological innovation, the definition of personal data in non-obvious context (e.g. identifiers, names, etc.) will vary in some cases and thus, a flexible approach is needed, to allow stakeholders and consumers to negotiate the right level of data control and liability between each other. It says: An overall framework of data protection should differentiate Personal Data, as the data identifying individuals and requiring a specific protection for end-users, and other non-personal data that would help to grow such data market by offering new data-based services to users and end-users. Particularly in the IoT ecosystem, non-personal data is likely to be the sole kind of data processed. So a more flexible approach to data protection could help encourage the creation of new data based businesses. Sigfox points out that although there…
