Key takeaways: No end-use restrictions on data requesters: There are no audit mechanisms to see if entities that seek data are, in fact, using it for stated purpose (public good or sovereign). Businesses don’t have a say in data sharing: There is no proper mechanism for data businesses to reject requests for data from data trustees. Businesses will have to deal with high compliance costs: Businesses, small and big, will have to think about compliance mechanisms for both PDP and NPD frameworks. Proxy issue a real concern: A company could theoretically set up a Section 8 company to set up a HVD, and seek data from other data businesses.