The government wants unfettered access to all non-personal data, officials told Tech2, staking out a position that is bound to ruffle feathers in the fast-growing digital economy.
If the government has its way, anonymised and aggregated non-personal data with entities such as ecommerce providers, social media firms and retail companies will have to be opened to public authorities without any restrictions.
This gambit comes ahead of two key developments that will shape the future of citizens’ digital privacy as well as the data economy—the Personal Data Protection Bill which has been listed for introduction in Parliament during the ongoing Winter Session and the upcoming report on non-personal data by a committee headed by Infosys cofounder Kris Gopalakrishnan.
"The thought process of the government is that it should have access to all non-personal, aggregate and anonymised data at all times and on-demand," said a top government source. "The data doesn't necessarily need to be stored with the government but it should be able to regulate how, when and where the data is being used."
Data can be categorised into two broad types—personal and non-personal. Personal data, which comprises information such as name, age, gender or phone number, identifies an individual and is more easy to define. Non-personal data is any data that is NOT personal data.
The Personal Data Protection Bill in Parliament will govern how our personal data is accessed and managed while the report of the Gopalakrishnan committee could form the basis of government policy on non-personal data.
“The government wants to regulate how, when and where the data is used, shared and stored. Also, it wants to have sovereign right of aggregate data,” said a second source.
The rationale for the government’s argument is that that data with, say, large ecommerce companies like Amazon and Flipkart, and with internet giants like Google and Facebook, is a 'natural resource' that can be 'used for the public good'. Data from large companies can potentially be used by startups to build their businesses and by the government to improve the functioning of public bodies.
The debate about data is vitally important because of the role it will play shaping the future of the economy. As the popularity of smartphone usage, ecommerce and social media surge, the size of the digital economy in India has the potential to reach $1 trillion by 2025, according to the Commerce Ministry. And data will form the key to understanding patterns and making intelligent decisions.
Europe, which is a pioneer in personal data protection and privacy with its General Data Protection Regulation, addressed the issue of non-personal data through regulation earlier this year. The European Union, which projects that the data economy will account for 5.4 percent of its GDP by 2025, makes available non-personal data for regulatory control.
A person connected to the committee on non-personal data said that the panel is also waiting and watching to see what the government does on the personal data front. "We are a data-rich country and looking at how economic activity can happen on top of this data,” this person said on condition of anonymity. “There are issues that need to be debated and discussed. But our role is to make the recommendations; the government's role is to make the policy."
While there is the “natural resource” argument on one side, there is also a feeling that giving government complete authority over non-personal data would be akin to applying socialistic idea in the digital economy.
LocalCircles, a community social media platform that enables citizens and small businesses to come together in online communities and escalate key issues for policy intervention to the government, believes that India should have an anonymised data policy to start with. It has submitted the findings of its survey of startups and citizens on anonymised data to key government departments. The results show that only 29 percent of startups agree that the government has the right to data any time. Fifty-three percent believe that the government can have access to data only in situations that involve law and order or investigations.
Aggregate data belongs to the companies and for most companies its collection is a result of time and resources and in many cases is critical to their current and future operating strategy and growth. “If the government becomes its custodian, the companies are in essence sharing a privately-built asset with rest of the industry and the government, which is unfair,” said Sachin Taparia, Founder and Chairman of LocalCircles, who made a presentation on the subject to the IT Ministry on November 11.
The concerns of companies and privacy experts are not limited anonymised data. “The access to control anonymised data can be one step in the direction to gain access to personal data of individuals as well,” said an executive of a large ecommerce company, on the condition of anonymity. “The confusion remains (about) what is raw data and what is intellectual property of companies.”
Taparia added that even though the risk of the data being used for mass surveillance is low as it is stored at an aggregate level and anonymised, it can very well be misused by getting insights at, say, at the level of a district or constituency level and then manipulated to draw likely conclusions at the level of the community.
A top executive at another ecommerce company said liability is also an issue. “Who should be accountable if the data gets misused at the government’s end and if there are frauds?”