By Subhashish Bhadra
Late last year, the Government-appointed committee on non-personal data released its second report. The first report, released in Sept ’20, had raised fears of ‘nationalisation of data’ and harming the commercial interests of data-based companies. The second report addresses several issues that were raised, and is a substantial improvement over the first. For a detailed comparison of the first and second report, you can read Ikigai Law’s summary.
There’s much to like in this new report. First among them is the fact that it restricts itself to a narrow goal of opening up non-personal data for public good purposes. It explicitly stays away from being a general non-personal data governance framework, which would have included direct government access to such data and B2B sharing of data (as was there in the first report). While not explicitly stated, this narrow goal also speaks to a market failure that data has positive externality, i.e. it can ben
#NAMA: Issues with definition of communities, public good, and unabated sovereign access to non-personal data
Key Takeaways
Issues with definition of communities: The definition of a community is too broad and ambiguous. Besides, several digital communities, which would produce data, may not even be real world communities.
Need to seek more accountability from data trustees: Trusts don’t necessarily ensure transparency, and as a result, data trustees need to be held to a higher regard. They should publish annual transparency reports highlighting the high value datasets (HVD) they create, and should be open to judicial scrutiny.
High value datasets may have privacy implications: Since the definition of a data trustee and a high value dataset are too broad, high value datasets might potentially contain personally identifiable information (PII), giving way to privacy concerns.
Key takeaways:
No end-use restrictions on data requesters: There are no audit mechanisms to see if entities that seek data are, in fact, using it for stated purpose (public good or sovereign).
Businesses don’t have a say in data sharing: There is no proper mechanism for data businesses to reject requests for data from data trustees.
Businesses will have to deal with high compliance costs: Businesses, small and big, will have to think about compliance mechanisms for both PDP and NPD frameworks.
Proxy issue a real concern: A company could theoretically set up a Section 8 company to set up a HVD, and seek data from other data businesses.
We are getting ready for our discussion on revised report by the
Committee Of Experts On the Non Personal Data Governance Framework. MediaNama is hosting the session online on Friday (January 15), with a curated and invite-only audience of policymakers, lawyers, businesses, technology professionals, and researchers.
Registrations will close shortly, but you can still apply to attend here.
The Committee of Experts
which is accepting comments until January 27, 2021 has defined parameters regarding who can seek Non Personal Data, High Value Datasets, what a community is and who can represent it as a trustee, rights over non personal data, sovereign access to data, meta-data directories, and addressed intellectual property concerns. They’ve exempt entire raw databases from data requests, taken private data access out of the ambit of this framework, and defined purposes for which data can be accessed. Above all, it recommends a separate Non Personal Data legislation for gov