Mozilla's submission to DPIIT, accessible here, outlines a position of reforming the policy to take into account greater consideration of security of the data of Indian users and a more strategic approach to enabling competition in e-commerce. The submission is summarised below. Medianama is compiling a list of submissions made to the DPIIT here. Data as a National Asset Objects to the framing of data of Indian as a collective resource held by the government in trust to which it may permit rights. Conflates government's interests with users' interest: This framing is prone to undermining individual rights of users. "Data as an asset" violates Supreme Court's judgment in Puttaswamy v. Union of India as well as India's commitments under the ICCPR treaty. Replaces the notion of the fundamental right to individual privacy with the concept of ownership of data and thereby encroaches on individual autonomy. Regulating data without Data Protection Law is risky: Regulating community-oriented datasets without a legal framework to secure individual rights over one's data opens up user data to abuse by governments as well as companies. On Storage, Sharing, and Cross-border Data Flow The policy fails to outline an objective behind the mandate to restrict the storage of data within India and restrictions on sharing data outside India. Objective of data protection would be better served by a data protection law, already in the works, and substantive surveillance reform. Without this, the policy makes user data susceptible to abuse by law enforcement authorities. Fails the test of Proportionality: Any…
