The EU has moved up a gear in recent times, and it is producing new legal tools for companies to maximize the possibilities to collect and make use of data (including personal data) in.
1.
Guiding principles for NPD regulation: While even
the Old Report alluded to a separate legislation to govern NPD in
India, the New Report lists the following guiding principles on
which the regulation will be based: (i) India has rights over data
of India, its people and organisations; (ii) benefits of data must
accrue to India and its people; (iii) innovation, new models and
algorithms for the world. (iv) misuse, reidentification and harms
must be prevented; (v) regulations should be simple, digital and
unambiguous; (vi) data should be freely available for innovation
and entrepreneurship in India.
2.
Exclusion of business-to-business data sharing:
What stood out:
Business purpose requests: Private entity to private entity mandatory data sharing requests are not considered to be in the scope of the committee’s recommendations.
NPD Legislation: The Committee of Experts has proposed that the Non Personal Data (NPD) framework become the basis of a new legislation for regulating NPD.
Sovereign purpose requests exempt: the Non Personal Data Authority will not adjudicate the validity of data requests under Sovereign purpose (national security, law enforcement etc).
Entire raw data databases exempt: The committee has limited data requests to specific data-fields, and no requests can be made for entire databases.