The Non-Personal Data Governance Framework's recommendation for a new law, new regulator and a compulsory data sharing architecture is “premature” and has “little global precedent for the regulation of NPD [non-personal data]”, BSA, the software alliance, wrote in its submission to the committee of experts. The key problem with the framework is that it is “overly broad” and undermines innovation. “Forced data sharing policies will undermine innovation and investment, and risk stifling Indian businesses and startups,” the submissions states. BSA, whose members include Cicso, Amazon Web Services, Microsoft, and Salesforce, said that mandatory obligations are counterproductive for data processors, such as enterprise software and cloud service providers, as they handle data only on behalf of their clients, and “may be prohibited from accessing that data except to carry out their customers’ instructions”. The group has also recommended doing away with local storage requirements and restrictions on cross-border transfers of non-personal data. It has also suggested incentivising data sharing, instead of mandating it. Deters innovation, increases security risks: Problems with the report Mandatory data sharing obligations are counterproductive for data processors because they are not data businesses or data custodians and hold data on behalf of their clients. Thus, they may lack the technical ability or legal right to share such data. This may also create security and privacy risks, and it is difficult to apply consent requirements to data processors. Deterrent to creation of databases and innovation: The submission argues that creating and structuring datasets, including raw datasets, is a…
