“The non-personal data (NPD) regulation should be to promote this one (market) through very soft-touch regulations. There are chances of market failure, once the market is developed then the regulation has to be a little stronger than before,” said Dr. Amar Patnaik at the launch of the EY-IAMAI report on the impact assessment of the Non-Personal Data Governance (NPGD) framework. Patnaik is a Rajya Sabha MP and one of the members of the Joint Parliamentary Committee tasked with studying the draft Data Protection bill.
He stressed that the main purpose of the NPGD framework should be to promote a market like the Union government had envisioned in the telecom sector with Telecom Regulatory Authority of India (TRAI) in the past. “The question of possible misuse of non-personal data to create disharmony in society will happen later,” he said.
“Respecting data as an asset, and for using this asset to generate revenue or income, a market has to be developed but the (expert) committee’s report assumes (the market) by identifying different categories which then will be used for different purposes. The assumption is esoteric,” Dr. Patnaik asserted in his speech.
Patnaik’s involvement in the PDP bill review puts him in a position where his thoughts on the shape of a NPD framework could reverberate with stakeholders.
Key takeaways from Dr. Patnaik’s address
Difference between personal and non-personal data: “The basic differentiating factor is the privacy element in personal data. We cannot put non personal data on the same pedestal because the purpose of non personal data is completely different. The only thing NPD can deliver to the citizens is services in the form of improved care, benefits, and utilities. It has been pitched as a public good therefore. A watertight distinction between personal data and non-personal data is difficult, and they cannot be kept separate because technology will catch up to re-identify the data at some stage,” Dr Patnaik explained to his virtual audience.
Seventh Schedule conflict: “I foresee the Seventh Schedule legal problems could arise while implementing the NPD framework because these are issues in which the best use of data happens when data flows across departments, borders between States, and between the Centre and the states. If there are problems in this data flow because of legislation then the full benefit will not pass on to citizens. The consultation with states should happen; the state governments all want separate state-level data protection authority for personal data when we visited Maharashtra and Karnataka,” he advised.
Friction with constitutional authorities: “It [data protection laws] has caused a problem in the Philippines recently and there could be friction with constitutional authorities like the Election Commission of India. The Personal Data Protection bill is a statutory authority as it is created by a statute. It’s not given by the Constitution. The ideal way to pass this bill would have been through a constitutional amendment which has not been thought of currently,” Dr. Patnaik suggested.
Distinction of a data principle: Dr. Patnaik said that there has to be a distinction between non personal data with the data principle and without the data principle. He adds: “There would be more complexity, and more problems without that distinction. The use of non-personal data without a data principle can have a lot of possibilities.”
Competitive advantage: “There is no privacy in non personal data, and therefore, data generators, data processors, data custodians, whoever is using the data have a genuine argument in saying that their competitive advantage would probably be lost if this is completely democratized but it will depend on the use case,” the Biju Janta Dal politician opined.
Eschew one-size-fits-all approach: “The regime of using non-personal data for various purposes is definitely going to be dependent in different ways. The one-size-fits-all approach will probably be dispelled by subsequent papers or subsequent writings. The use cases will determine what kind of regulation has to be put in place.” Dr. Patnaik disclosed.
Single regulator: “The first thing now should be to see how the PDP law will play out and then wait for other frameworks. My view is, of course, to have one single authority. My experience in bureaucracy says that the more organizations you create then the incentive is to run that organization more than to reach the goal of the regulation,” Dr Amar Patnaik told the panel.
Open Government Data initiative: “…which is a part of the current system itself but it has not really been put in motion in many states unfortunately. Companies and governments will have to think about the return on information. The data has to be used in such a manner that they deliver an ROI because management of data has a cost and it has to align with the returns,” Dr. Patnaik remarked.
What’s in the EY-IAMAI report, briefly
Many data businesses “have mixed opinions with respect to the need for a separate Non-Personal Data Governance framework (NPDG),” according to the report by EY and the Internet and Mobile Association of India (IAMAI). The mixed reaction reveals that there is no consensus on whether the NPDG framework should be a part of the PDP Bill or separate legislation, as per the report, a copy of which was reviewed by MediaNama.
The report made it clear, however, that the PDP Bill (Personal Data Protection) must be implemented first before the government deals with the NPDG framework. The consultations undertaken during the drafting of the report put forth that jurisdictions of personal data and non-personal data regulation must be outlined to avoid categorising all non-personal data as public resources.
How far along is NPD legislation in its approval?
A national non-personal data protection (NPD) authority was recommended by the expert committee led by Infosys co-founder Kris Gopalakrishnan, as per an Economic Times report recently. The final report was submitted to the Ministry of Electronics and Information Technology (MeitY) two months ago, the report said. The government has not released the submission to the public.
The expert committee had come out with a draft in July 2020, and released a revised version in December 2020 in which it invited comments from stakeholders. The final report takes into account all the feedback received by the expert committee. The EY-IAMAI’s report is based on the expert committee’s revised report released in December last year.
There are also indications that the government might be inclined to incorporate provisions on NPD in the PDP Bill itself which is slated to be introduced in the first week of the winter session of Parliament on November 29.
- #NAMA: What would a Non Personal Data Authority’s role be? Is one even required?
- Summary: Revised Draft Report on Non Personal Data
- #NAMA: Issues with the non personal data authority, and treating non personal data as a ‘common resource’
- Expert committee supports having a separate non-personal data regulator: Report
Have something to add? Post your comment and gift someone a MediaNama subscription.