Logo
Data Protection and Privacy in the developing
world
International Conference of Data Protection and
Privacy Commissioners, Mauritius. 14 October 2014
© GSMA 2013
Restricted - Confidential Information
© GSM Association 2013
All GSMA meetings are conducted in full compliance with the
GSMA’s anti-trust compliance policy
GSMA By The Numbers
7.2
3.6
© GSMA 2013
2
ASEAN
Our ASEAN people, in all
their diversity and creativity,
are the most crucial factor
on our journey. We need to
continually
engage
the
private sector as the key
partner in making the AEC
success
© GSMA 2013
Data Protection and Privacy: patchwork of laws, regulations
and industry approaches
• Provides individual
rights
• Obliges transparency
of processing
• Imposes data
minimisation and
purpose limitation
• Can process only by
consent/contract/lega
l obligation
• Restricts overseas
transfers
• Security obligations
• Data Retention and law
enforcement obligations
• Mandatory SIM Card
Registration (biometric)
• Restrictions on use of
data for VAS without
consent
• Restrictions on 3rd party
sharing of data
• Network and
communications security
• Prohibitions on overseas
transfers
• Prior approval to deploy
bulk encrytption
© GSMA 2013
• SIM Card
Registration
• Access to private
sector data
• eGov services
• eID
Data Protection
law
Government
ePrivacy/Telco
regulation/licence
conditions/Codes
of Conduct
Standards/vertical
• OpenID Connect
• ISO 29100 Privacy
framework
• ISO 29101 Privacy
architecture framework
• ISO 24760 A framework
for identity management
• Healthcare, education,
banking
• ETSI/3GPP/IETF/IEEE
It’s not just about the law: consumer attitudes
matter
© GSMA 2013
GSMA approaches
© GSMA 2013
Mobile – is it different?
© GSMA 2013
Thank you
pat [at] walshe [dot] gsma [dot] com
www.gsma.com/mobileprivacy
© GSMA 2013
8