The idea of a non-personal data governance framework and a regulator for the same may be “premature and not entirely necessary” in India as of now as the country is yet to have a personal data protection regime in place, startups and tech policy bodies have said in their submissions to the nine-member non-personal data governance committee.
“I think its very early stage to discuss about non-personal data. This is the primary view that we have. Because we have not settled a law for personal data itself. We want this to be settled now. In that context, there should be some more time before we indulge into non-personal data,” Panduranga Acharya, director legal at food delivery start-up Swiggy, said.
The committee headed by Infosys co-founder Kris Gopalakrishnan had sought public comments on the draft non-personal data governance framework rules till September 13.
In its draft recommendations, the committee had suggested that non-personal data generated in the country be allowed to be harnessed by various domestic companies and entities. The committee had then also suggested setting up of a new authority which would be empowered to monitor the use and mining of such non-personal data.
Mandating startups and tech companies to compulsorily share the data they mine with other companies may however, prove counterproductive to the idea of developing a data sharing ecosystem, other experts said.
“The proposed mandatory data access policies will likely deter investment and innovation in the Indian market, raising the costs of acquiring such data in the first place while also disincentivising data collection activities, resulting in increased costs for end-users and reduced incentives for developing new technology,” software alliance group BSA, which has Amazon Web Services, Cicso, and Microsoft among its members, said in its submission.
The Krish Gopalakrishnan-headed committee had in its draft classified classified non-personal data into three main categories, namely public non-personal data, community non-personal data and private non-personal data.
Depending on source of the data and whether it is anonymised in a way that no individual can be re-identified from the data set, the three categories had been divided. There will, however, have to be more clarity on who owns these kinds of data sets as the draft just talks about the classifications and has not delved into the ownership structures, Kazim Rizvi, founding director of public policy research group The Dialogue, said.