Info-tech

Independent authority should verify requests for de-anonymisation of data: BK Syngal

Our Bureau Mumbai | Updated on September 18, 2020 Published on September 18, 2020

Data must be shared only when national security or sovereignty is at risk

De-anonymisation of data should only be permitted in the circumstance where national security or sovereignty is at risk but the validating of such requests must be done by an independent authority, according to BK Syngal, former Chairman, VSNL

“Provision for de-anonymisation of data should only be permitted in the circumstance where the national security or sovereignty is at any risk. This examination must be done by an independent and empowered authority who would verify the data, when to be shared, with whom to be shared and why to be shared under the aegis of national security and sovereignty,” Syngal said in his submission to Kris Gopalakrishnan, Chairman of the Committee of Experts looking into non-personal data regulations.

‘Government working on strong legal frameworks for data handling’

‘Inherent contradiction’

Commenting about the Committee’s framework for sharing of non-personal data, Syngal said, “While the principle of mandatory data sharing may be workable for some businesses in India, however, for a number of business entities such a mandatory obligation may be difficult to comply with since, as a part of their business processes, they would have the right to handle data only on behalf of their customers, and may also be prohibited from accessing data unless expressly agreed to do so. Thus, legally, such entities may not have the right to share data, since sharing of data would be subject to security and privacy risks.”

“The purpose stated in the Report for mandatory sharing of data at the outset appears to be very wide and may essentially lead to the inference that all data held by a company falls within the scope of mandatory sharing obligations. Further, there appears to be an inherent contradiction between the Report and the basic premise of competition law that data should not be shared with competitors and in turn protecting consumers and not competitors. Sharing of resources (Non-Personal Data) between companies could restrict incentives to invest, innovate and compete thereby reducing the quality of products and services available to consumers,” Syngal added.

In the present version of the draft report submitted by the Expert Committee, the role of the Non-Personal Data Authority (NPDA) is subject to regulatory confusion as at least four regulators are set to be incubated for the digital ecosystem — including the proposed NPDA, Data Protection Authority, an ECommerce Regulator and the Central Consumer Protection Authority, he said.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on September 18, 2020
This article is closed for comments.
Please Email the Editor