The expert committee’s report on non-personal data (NPD) “should still remain in the committee’s ambit as opposed to going into the government just yet because the committee is a group of experts, and I don’t think we’re at that stage where the government can just take that document, at least the last form that you and I saw it in, and make it into something real. I think we need to prolong the process, I think we need more consultation on this, and the committee should put out one more draft for consultation,” Astha Kapoor, co-founder of Aapti Institute, said in an interview with MediaNama.
Kapoor also shared her thoughts on why NPD sharing is valuable, what are the challenges in sharing NPD, how can sharing be incentivised, what are some issues with the expert committee’s report on NPD and how are other countries dealing with regulating NPD. Here’s a video of the complete interview along with selected excerpts below.
You can also access Aapti Institute’s research report on NPD that dives into more detail here.
Why do we need sharing of non-personal data?
“There are certain categories of data that have a value attached to it. So if you look at just mobility data, the fact that Google Maps is able to tell us how much time things are going to take, it also helps cities plan for congestion, helps drivers plan their routes, etc. There’s a certain value for certain kinds of information and it needs to be shared better. It needs to be understood better. It needs to be harnessed better. And that’s at the core of why “non-personal data” needs to be shared.
Now, the question of who is that value important to how do we harness it? Who gets to decide what is the value of this data and how should we unlock it? Those are the questions that various regulations, and even the work that we’re doing, help to answer.”
Example: San Francisco’s data-sharing model for gig workers
“One of the models that we quote all the time and really enjoy the work of is an organisation which is a data cooperative based out of San Francisco that works with gig workers. And what they do is they take journey data from various gig workers, call them back and help them understand this is where you’re making more money on Lyft versus Uber, etc. And so they had them map out information that otherwise they don’t have. But also what they do is they aggregate all of this data and make it available to municipalities and drivers get to also weigh in on what municipalities should be given the data, what questions should they be able to answer from this?”
The expert committee report is progressive but doesn’t get into nitty-gritty details
“I think that was a very progressive piece of writing coming out of a government committee, and it was an excellent set of experts to ponder this. […] Broadly, the premise is right, and some of the intellectual views of rights were also correct to me. But then when it came to the actual nitty-gritty and figuring out how this was going to happen, what was the broader ecosystem that was required, all of that, I think that the committee sort of didn’t really flesh out.
I’m also even like considering the value of that report right now, where you and I are sitting at the beginning of March in 2022, where the first report came out, I guess in 2020. So it’s been a while, and since then, so much has happened.”
Should we have two separate regulators?
“I wouldn’t say we should have two separate regulators, but I think that non-personal data, if we are going down the route of regulating non-personal data, should be thought about separately. So there should be more discussion, debate about what is the ecosystem that’s required to govern non-personal data. […] I’m okay with there not being to regulators. In any case, it’s going to be a regulatory hot spotch. Nobody knows how that’s going to really work out.”
What can we borrow from other countries?
“So EU has an NPD sharing document, other than that, there’s some activity from other countries like Australia, which has some mandatory sharing in the automobile sector, etc. So I think it’s still very new in different parts of the world. And there isn’t a model that you can rely on.
We found that in places where a broader data-sharing ecosystem exists, that’s where the NPD sharing was better. So we looked at, say, Finland health data, and it was a 20-year cycle of getting to a point where health data for research can be shared. So I think that those are the kinds of things that needed to be done. Other countries had, for instance, made not sharing data, but interoperability was made mandatory first, for instance. […] I think that it’s a much longer process. And all the countries that we studied have actually invested in that long process where you digitise, do the pilots figure out what interoperability looks like, create that infrastructure.”
Example: Use of NPD in Bangalore vs France
“We looked at several active pilots that were done in Bangalore versus France, and we realized that even in the existing efforts, what’s happened is that India is so focused on data itself that you don’t really focus on the value of data and how to extract that. And so you just get really lost sitting on data. So we looked at the Bangalore–Mysore partnership between BMTC and PwC and Map Unity, and then we also looked at this similar effort in France. And what we realized is that in France, there was a lot of citizen interactions. So really, citizens were very much part of that process. The focus was on data utilisation and not on data extraction in that sense. So that can be changed the way stakeholders interacted. In the existing pilots in India, data was lying there, but it was underused because various stakeholders didn’t have the capacity.”
Do we need government push in India?
“It’s a tough one. If we had a data protection regulation, which we don’t at the moment, then my answer would be a little bit different. But I think that what India does need right now is a data protection regulation. We need to understand what our rights with regard to data are, where are our protections, what are the redressal [mechanisms], etc. Once that’s in place, I believe that a lot of innovation will occur.
I think what we [also] need to help understand the data value is technological systems that will allow for aggregation, anonymization and then, relatedly, the sharing infrastructure. How do we build trust in the process of sharing? If I know that if I share my mobility data it’s going to help solve the Bangalore traffic problem, am I going to be more inclined to do that?
If we are able to create both of those circumstances, where value is communicated and sharing is made safe and reliable, then innovation will occur, then these models will likely come up. Right now, we are in a place where I don’t trust the data sharing process and I don’t understand what I might get in return for sharing my data. So you’re in a bit of a deadlock. And I think the way to change that, of course, is the protections that the data protection bill will hopefully bring about and then creating this infrastructure that says this is how your data is made safe.”
- A Guide To Non-Personal Data Regulation In India
- Regulating Non-Personal Data: Why It Might Not Address Antitrust Concerns Like Data Monopolies And Barriers To Entry #NAMA
- Regulating Non-Personal Data: How To Share Data Voluntarily And Mitigate The Attendant Risks #NAMA
- Regulating Non-Personal Data: Is There A Need For An Overarching Policy? #NAMA
Have something to add? Post your comment and gift someone a MediaNama subscription.