Legal experts have raised objections to the government committee report on Non-Personal Data (NPD) due to the excessive focus on economic interest rather than public good.
Last month, the government-appointed Committee of Experts, headed by Infosys co-founder Kris Gopalakrishnan, was tasked with laying down a framework on NPD .
In a 72-page report, the committee had touched upon the sensitivity of NPD, gave it the same weightage as sensitivity of personal data, recommended consent mechanism for anonymisation, and usage of such data. The committee had also suggested a need for a separate regulator to oversee issues related to NPD.
Podcast | Legal experts oppose govt committee report on non-personal data
This, many believe, is an overreach, considering that the Personal Data Protection Law (PDPL) has been referred to a Joint Parliamentary Committee before it is passed into a law. It advocates citizen’s rights over everything else. “It cannot be like data is available in abundance and since there is an economic value, let’s build a law around it. “Law is first and foremost designed to protect an individual’s rights,” said former Supreme Court judge BN Srikrishna.
Not a fundamental right
Experts are of the view that NPD is not a fundamental right and, hence, developing legislation around it should follow once the main PDPL is in place. Regulation should start its journey from citizen rights to other objectives and not the other way round, according to Gowree Gokhale, Partner at Nishith Desai and Associates.
She suggested that the report should only focus on the aspect of public interest rather than economic interest and evolve mechanisms to curb harms associated with NPD. “To my mind, data belongs to individuals and not ride hailing or e-commerce companies,” said Bipul Chatterjee, Executive Director, CUTS International, a think-tank.
The issue related to the requirement of a separate regulator has been objected to. “Under the PDPL, the Data Authority can adjudicate over these matters and there is no need to have another regulator,” said Chatterjee.
Further, the committee’s recommendations are not clear on the regulation of NPDand fails to achieve a level-playing field. “There should be provisions regarding compensation for personal data in case of non-compliance. Liabilities of data custodians, businesses, trustees are also not sufficiently laid down. There is a power imbalance, which needs to be corrected,” stated Chatterjee.
For instance, a giant company collects data and when an e-commerce company collaborates with it for using the data, others could be at a disadvantage. This is a raging debate globally and in the recent US Senate hearings, anti-competitive practices by tech multinationals such as Amazon, Google, Facebook and Apple were brought up.
Also, government’s overreach in terms of data for national security purposes or other citizen services also needs to be clarified. “If a user opts to keep the data ‘anonymous’ in a company’s platform, and the government says it wants this datasaying it will be used for community good, then it is trampling on individual rights,” said Srikrishna. Industry watchers have also raised questions about inadequate protection for data of Indian residents.