The Personal Data Protection Bill, which allows the Central government to direct any entity to provide it non-personal data or data that is anonymised “to enable better targeting of delivery of services or formulation of evidence-based policies”, has the technology industry concerned. The provision also bypasses an ongoing ministerial committee formed to examine the topic of non-personal data. Various stakeholders have questioned the inclusion of non-personal data regulation in a law called the “Personal Data Protection” Bill.
To study this topic, the IT Ministry formed a Committee of Experts under the chairmanship of Infosys co-founder
S Gopalakrishnan. It included representatives from NASSCOM, National Informatics Centre, IIT Hyderabad, and IT Ministry.
Those who have been following the non-personal data committee are arguing there has been no public consultation on the topic. Stakeholders have said it violates right to privacy and intellectual property rules.
A senior executive at a multi-national technology company said, “It’s almost as if the government is saying, individual privacy is important, except in so far as it relates to us. When there is a Committee of Experts deliberating not only a framework for non-personal data, but also its very definition, there is no rationale for it to be included in a privacy legislation. This provision instead of improving privacy of Indian citizens, will only expose it to more threats, hurt innovation, stem foreign investment and can be seen as being tantamount to stealing the Intellectual Property of legal entities.”
Multiple stakeholders were specifically concerned that the provision requires data processors to provide data to government.
IT for Change director Parminder Jeet Singh, who is on the non-personal data panel, said: “For the first time in any law worldwide, there has been some kind of an explicit legal community ownership claim to data … though the language related to purposes for which data can be obtained can be improved.”