Key Takeaways
No compelling case for NPDA: The revised report does not make enough of a compelling case that the state needs to be involved in Non Personal Data sharing, or that a Non Personal Data Authority needs to be created.
Local governments in better place to address data needs: Local or subnational governments may be in a better position to take advantage of private companies’ Non Personal Data, for instance by entering into MOUs or paying a mutually acceptable fee.
Conflicts with other bodies: An NPD authority may conflict with other institutions, such as the forthcoming Data Protection Authority (DPA) of India or the Competition Commission of India (CCI), and will need to be in constant deliberations with such organisations to succeed in its goals.
#NAMA: Issues with definition of communities, public good, and unabated sovereign access to non-personal data
Key Takeaways
Issues with definition of communities: The definition of a community is too broad and ambiguous. Besides, several digital communities, which would produce data, may not even be real world communities.
Need to seek more accountability from data trustees: Trusts don’t necessarily ensure transparency, and as a result, data trustees need to be held to a higher regard. They should publish annual transparency reports highlighting the high value datasets (HVD) they create, and should be open to judicial scrutiny.
High value datasets may have privacy implications: Since the definition of a data trustee and a high value dataset are too broad, high value datasets might potentially contain personally identifiable information (PII), giving way to privacy concerns.
We are getting ready for our discussion on revised report by the
Committee Of Experts On the Non Personal Data Governance Framework. MediaNama is hosting the session online on Friday (January 15), with a curated and invite-only audience of policymakers, lawyers, businesses, technology professionals, and researchers.
Registrations will close shortly, but you can still apply to attend here.
The Committee of Experts
which is accepting comments until January 27, 2021 has defined parameters regarding who can seek Non Personal Data, High Value Datasets, what a community is and who can represent it as a trustee, rights over non personal data, sovereign access to data, meta-data directories, and addressed intellectual property concerns. They’ve exempt entire raw databases from data requests, taken private data access out of the ambit of this framework, and defined purposes for which data can be accessed. Above all, it recommends a separate Non Personal Data legislation for gov
What stood out:
Business purpose requests: Private entity to private entity mandatory data sharing requests are not considered to be in the scope of the committee’s recommendations.
NPD Legislation: The Committee of Experts has proposed that the Non Personal Data (NPD) framework become the basis of a new legislation for regulating NPD.
Sovereign purpose requests exempt: the Non Personal Data Authority will not adjudicate the validity of data requests under Sovereign purpose (national security, law enforcement etc).
Entire raw data databases exempt: The committee has limited data requests to specific data-fields, and no requests can be made for entire databases.