Imagine this. It’s 2025, and for a decade now, you’ve been running a company at the forefront of innovation in healthcare: millions of customers have bought your fitness trackers, and use them to measure their heart rate along with cardiac monitoring and ECG, body temperature, sleep patterns, physical activity and fitness regimes, blood pressure, blood oxygen levels, dietary habits and nutrition intake, apart from also storing their medical tests reports.
Your business is at the center of an entire healthcare ecosystem that allows for health-scoring of patients, and access to cheaper healthcare and insurance, medical consultations through telemedicine, ordering of medicines online, booking of fitness trainers, and the ordering of healthy food. Using Artificial Intelligence you crunch millions of data points collected on each individual, and help users and their doctors identify potential health risks.
Business is booming, but you have a problem.
The 25,000 data points you collect on each user each day are at the core of your ability to differentiate. A competitor, launched recently, wants your company’s anonymised data. You’ve refused, but your competitor has now gone to the Non-Personal Data Authority to demand this data.
The uncertainty around this decision is impacting your next round of funding, and your prospective investors want to know how you’re planning to deal with this. Your existing investors have called a meeting to discuss how much of a risk this demand poses to their investment in your business.
This imagined scenario – a nightmare for both founders and investors – could become reality if the Indian government follows through on the report submitted to it by a Committee of Experts on Non-Personal Data, led by Infosys co-Founder Kris Gopalakrishnan.
A regime for mandatory sharing of data
The committee has recommended the creation of a regime — a law and a regulator — to enable both governments and businesses to acquire “non personal data” from various sources of data, including other companies and the government. Non personal data, according to the report, could be either factual data or analysis, which has been stripped of any personal identifiers.
Thus, while data of a particular user eats might not be available to competitors of an e-commerce company, details of people of which age group in which part of the country buy the most burgers via Zomato will be.
Factual information will mandatorily need to be made available for free, but data where there is value-add might be available to your competitors by the government, for a “fair, reasonable and non-discriminatory” price.
Large data businesses will have to register with the Indian government, and mandatorily make data available through “data pipes” to what is being called a Non Personal Data Policy Switch.
Flaws with the committee’s recommendations
The committee has highlighted two key rationales for the recommendations: firstly, that there is a need to disable the first mover advantage which leads to the establishment of walled gardens. However, this move would hamper innovation, given that, by definition, innovators are first movers.
Incidentally, dominant players like Google and Facebook have not been first movers in their segments. Lycos and Altavista, preceded Google. Before Facebook, there was MySpace and Orkut, and I even used a social network called like Bolt.com in 1998. What’s more, legally, dominance is not a problem, but abuse of dominance is. That is already being overseen by the Competition Commission of India.
Gopalakrishnan’s second key rationale is that enforcing sharing of data will unlock its value. While businesses which collect data might do it for one purpose, restricting access to it hinders usage for other purposes, especially by mixing it with other datasets.
There is some truth to this: in case of emergencies such as the COVID19 crisis, access to data from private entities can enable better decision making by the government. Data released by the government can help many businesses make better decisions. The idea of data trusts is being also explored by countries like Canada, to enable voluntary sharing of data for wider public use.
However, no country in the world makes it mandatory to share data.
How this will impact investment
Investors look for the ability of a business to create a competitive advantage for itself, of which, the ability to acquire data and use it to innovate is key. That competition – or even the government – can take business data away will significantly disincentivise investment in India’s technology ecosystem, and disable the creation of unicorn businesses like Paytm, Zomato, Flipkart and Ola.
It will also hurt exits and destroy value: why buy a business, when you can force it to give up its data by going to the government?
Is this about data sovereignty?
This report also needs to be seen in the larger context of India’s position on data: we have refused to sign the G20 agreement to enable free transfers of data across borders. Both the Personal Data Protection Bill, 2019 and this report place restrictions on data being sent beyond India’s boundaries. Importantly, India has claimed that the sovereignty of a country needs to extend to the data of its citizens.
Claims of data sovereignty, which are meant to address a key Internet governance issue of jurisdiction, are very different from this committee’s recommendation that a government authority can force a company to give away its data to the government or a competitor.
Enabling this control would mean an extension of the principle of Eminent Domain to datasets and intellectual property. Creating the technology enabled data sharing framework recommended in the report, would make such a forceful action the norm.
This isn’t data sovereignty.
It is nationalisation of data, and India would do well to not take such a drastic step in a domain as open and competitive as the Internet.
*
An edited version of this article was first published in The Economic Times. Read it here. Republished on MediaNama, with permission from the Economic Times.
*
Additional Reading
- Report on Non-Personal Data Framework released by MEITY’s Committee of Experts [MediaNama’s summary]
- Notes from MediaNama’s discussion in November 2019:
- No plans to sell govt-owned non-personal data, RS Prasad informs Lok Sabha [Read]
