Telecommunications providers are not categorized as sub-processors under Alohi’s GDPR framework because their role is strictly limited to facilitating the transit of Customer Content rather than engaging in processing activities involving personal data.
This position is supported by several key factors:
- Nature of Data Transit: Customer Content simply traverses the telecommunications network without any substantive processing, and robust legal safeguards ensure that these providers are unable to access or modify the communication details.
- GDPR Definition of Processing: The GDPR defines “processing” to include activities that involve disclosure through transmission. In contrast, the mere transmission of data, without any alterations, does not constitute processing.
- Complexity of the Telecommunications Value Chain: The telecommunications ecosystem is inherently complex, involving multiple parties in the origination, transit, and termination of Customer Content. Assigning a processing role to any single entity within this chain would be impractical.
In essence, telecommunications providers operate solely as conduits for transmitting Customer Content—they do not initiate transmissions, select recipients, alter content, or retain data beyond the temporary storage necessary for transmission.