wordpress blog stats
Connect with us

Hi, what are you looking for?

Expert committee supports having a separate non-personal data regulator: Report

The panel of experts and the IT Ministry appear to take different sides on the issue.

A national non-personal data protection (NPD) authority must be established by the Indian government according to a recommendation by a committee led by Infosys co-founder Kris Gopalakrishnan, Economic Times reported. The recommendation has been made in the draft Bill and the final report submitted to the Ministry of Electronics and Information Technology (MeitY) two months ago, the report added.

The final report also classifies companies that control high amounts of data as “data businesses” and explains what constitutes a “high value data” set; the government or other companies will be able to access these data sets at a price decided by the market forces, as per ET.

The expert committee had come out with a draft in July 2020, and released a revised version on which it invited comments from stakeholders in December 2020. The final report takes into account all the feedback received by the expert committee. The committee’s job was to study use cases of NPD and prescribe a regulatory structure for NPD in the country.

NPD can be defined as data without any Personally Identifiable Information such as:

  • Data not related to individuals/national persons (weather, from industrial sensors, from public infrastructure).
  • Data that has been anonymised or aggregated so that individual data is not identifiable.

An authority on NPD is crucial in implementing the law laid down by the government, however, it is likely that a separate authority for NPD will clash with the authority envisaged in the draft bill for personal data. 

Concerns around the regulatory body

The Indian government has not yet released the copy of the report or acknowledged its receipt publicly so it is difficult to comment on what is the scope of the authority.  

Advertisement. Scroll to continue reading.

Need for regulation not established: Alok Prasanna Kumar, co-founder and lead, Vidhi Centre for Legal Policy Karnataka, in MediaNama’s discussion on the revised report on a Non-Personal Data Governance Framework, was not convinced if the state “should be involved as a regulator yet”. “The concerns (around NPD) raised are valid, it’s just that they don’t necessarily lead to the conclusion that we need a non-personal data authority, or rather, that we need regulation, which will necessarily help us for sovereignty,” Kumar said. 

Conflict with other bodies: Kumar said that the proposed Non-Personal Data authority could be in conflict with other institutions. “One is the proposed Data Protection Authority under the PDP bill. Another is the Competition Commission of India, and the third is the Central Information Commission. A lot of the data that we’re talking about might be sitting with government agencies and it might be possible to get some of this data by filing an RTI application,” Kumar said.

MoS IT bats for a single regulator: “We should not have a proliferation of regulators—a personal data regulator and a non-personal data regulator. There are some businesses that enjoy this kind of arbitrage opportunity that is represented by multiple regulators. I will have no problem if there is a convergence of regulatory entities or institutions for the entire data economy,” said Rajeev Chandrasekhar, Minister of State for Electronics and Information Technology, at CyFy 2021 in a session on regulation of the digital ecosystem in India.

It remains to be seen whether these lacunae have been addressed in the final report. 

Understanding the NPD authority

The committee recommended that the focus of the regulatory body for governing Non Personal Data, should be on “unlocking value in non-personal data for India.”

“Unlike CCI”, the committee report says, the Non Personal Data Authority “will be a proactive actor providing early and continued support for Indian digital industry and startups, and ensuring that necessary data is available for the community.”

Advertisement. Scroll to continue reading.

Here are some of the committee’s recommendations regarding the NPDA:

  • Industry Participation: It must be created with industry participation.
  • Regulatory harmonisation: It should be harmonised with other bodies (DPA, CCI etc)
  • Functions: The NPDA will create,
    • An Enforcing framework for:
      1. Establishing the rights of India and its communities over NPD
      2. Address privacy, reidentification of anonymised personal data and prevent misuse of and harms from data
      3. Adjudicate only when a data custodian refuses to share data with data trustee
    • An Enabling framework for:
      1. Unlocking economic benefit from NPD for India and communities
      2. Create a data sharing framework
      3. Manage meta-data directory of data businesses in India
  • Sectoral regulators can build additional data regulations over those developed by the NPDA

MediaNama’s take: Giving a regulator competing goals (unlocking economic benefit from data versus consumer protection – addressing privacy and misuse harms) is a bad idea, and will create complications when the regulator has to balance the risk of privacy and misuse harms when it comes to enabling access to certain datasets.

It will only be clear whether the committee has accounted for these issues once the government releases the final report to the public.

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

I cover several beats such as Crypto, Telecom, and OTT at MediaNama. I can be found loitering at my local theatre when I am off work consuming movies by the dozen.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

News

This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.

News

It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...

News

Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ