Non Personal Data regulation – Part II

ECONOMY/ GOVERNANCE

Topic: General Studies 3

• Indian Economy and issues relating to planning, mobilization, of resources, growth, development and employment. 
• Government policies and interventions for development in various sectors and issues arising out of their design and implementation. 

Non Personal Data regulation – Part II

Click Here for Part I of the Article 

Criticism of the report 

1. The data sets will heavily favour big tech companies.

• Only big tech companies possess the capital and infrastructure to create such large volumes of data. Others will find it difficult to match the capabilities of these technology giants. 

2. Issues with IPR

• As a signatory to Trade-Related Aspects of Intellectual Property Rights (TRIPS), India extended copyright protection to computer databases in 1999. 
• In such a scenario, there is a challenge of demarcation between non-personal data that cannot be shared, and non-copyright non-personal data that can be used as a public resource. 

3. Issues with Data Communities

• The idea of communities as data principals is introduced ambiguously by the report.  
• While it provides examples of what might constitute a community, e.g. citizen groups in neighbourhoods, there is little clarity on the rights and functions of the community.  

4. Issues with Data Custodians

• Data custodians are thos who undertake collection, storage, processing, and use of data in a manner that is in the best interest of the data principal.  

• It is not specified if the data custodian can be the government or just private companies 
• Suggestion that data custodians can potentially monetise the data they hold is especially problematic as this presents a conflict of interest with those of the data principal communities. 

5. Issues with Data Trustees

• Data trustees is envisaged by the report as a way for communities to exercise data rights. Trustees can be governments, citizen groups, or universities.  

• However, the relationship between the data principal communities and the trustees is not clear. 
• It is also not clear how trustees are empowered to act on behalf of the community.  

6. Issues with Data Trusts

• The report explains data trusts comprising specific rules and protocols for containing and sharing a given set of data.  

• Trusts can hold data from multiple custodians and will be managed by public authority.  
• The power, composition and functions of the trust are not established. 

7. There is no clarity over thegrievance redressal mechanism in the committee’s report. 

8. For a country that does not have a personal data protection bill, the setting up of a committee to regulate non-personal data seems premature.

Way Ahead 

• Balance Economics & Public Interest: Like many other countries, India too will have to define non-personal data in a manner that protects intellectual property rights, serves genuine public interest and promotes innovation. 
• France Model: India can learn from France’s National Strategy on Artificial Intelligence policy, which encourages economic players to share and pool their data with the state acting as a trusted third party. 

• France’s policy even empowers public authorities to impose openness on certain data because of its societal benefits. 
• EU’s philosophy on NPD: India can also look towards the European Union’s Regulation on the Free Flow of Non-Personal Data, which recognises the free flow of non-personal data as a prerequisite of a competitive economy. 

Connecting the dots 

• K.S. Puttaswamy Case & Right to Privacy 

• Justice BN Srikrishna committee report on data protection law