When it comes to personal data protection, there is a need for adequate consultation between the Centre and state governments, which has not happened, to get optimal results, said MP Amar Patnaik, a member of Joint Parliamentary Committee (JPC), on the Personal Data Protection Bill.
Speaking at the launch of 'Impact Assessment of Non-Personal Data Governance (NPDG) Framework' report by Internet and Mobile Association of India (IAMAI) and EY, Patnaik said, “The consultation with the states (on data protection authority) should happen, which has not been done by either of the committees. When we went on a visit to Maharashtra and Karnataka recently, the state governments all wanted a separate state level data protection authority for the personal data. So I think this state level consultation has not happened. That is a problem.”
According to him, this consultation is important given that this could cause legal issues under the seventh schedule of the constitution, and that could impede regulation of the non-personal data.
“The best use of data happens when data flows across departments and between states, and it flows vertically with the Centre and states. Now, there are problems created in this data flow because of legislation, then actually the full benefit of utilising that data for the benefit of citizens will not happen,” he added.
Patnaik also added that the non-personal data requires only soft touch regulation, compared to personal data, where privacy is an issue. According to Patnaik, the use of NPD will play out differently in different sectors such as education or healthcare, and will need to be seen to what extent the government will regulate it.
The government set up a committee headed by Infosys co-founder Kris Gopalakrishnan to regulate non-personal data. The idea was to set up a framework to unlock the economic value of this data and also address concerns arising out of such data.
Non-personal data can be categorised as information that is not personal and those that cannot directly be associated with an individual. This can be divided as public (collected by the government), community and private (data processed by private entities).
This data can be shared for sovereign purposes, for public good and to create economic value.
While the government’s move to use non-personal data could unlock economic value emerging out of non-personal data, the report revealed that 76 percent of the companies reported that it might impact the business growth. The report was based on the survey done by IAMAI and EY with multiple stakeholders including startups, corporate lawyers, and think tanks.
“While stakeholders appreciated the efforts of the government to leverage data to be a public good, they believed that the current recommendation could dampen the growth prospects of foreign as well as domestic firms. In this context, experts were of the opinion that the specific use of public good must be studied more closely,” the report said.
According to the stakeholders surveyed, the non-personal data governance framework could increase the compliance costs for startups. This is also unlikely to create a level playing field. The report also revealed that there is a need for more clarity on definition for sovereign purpose and public good.