NEW DELHI: The electronics ministry may come up with a report on non-personal data such as community data, anonymised data and ecommerce data held by companies including Uber, Google and Amazon— which will be used to chalk out a policy on non-personal data regulation.
A senior official told ET that the government may also consider leaving it to the ministries or regulators concerned to define which kind of data should come under the purview of such a policy. This comes after the latest round of select stakeholder consultation over the draft Personal Data Protection (PDP) Bill, in which the government has also sought opinion on the contours of a policy for non-personal data besides seeking feedback on issues such as data localisation.
The official cited earlier said the ministry of electronics and IT (MeitY) had sought the views of 10-15 stakeholders on non-personal data. “The views received through this consultation can form the ground for a whitepaper which can be opened for wider public consultation before a policy is formed,” the official said, adding that “it’s a grey area” and no country has so far been able to come up with a policy on how to deal with public data.
In its latest feedback letters sent on Friday, MeitY had asked whether there is a case to mandate free access to community data, anonymised data, ecommerce data, etc. It also asked whether the Data Protection Authority should be the regulator in respect of all non-personal data. “The ministries or the regulators say health or ecommerce can only take a call on this, how can we define it for others,” said the official, adding that MeitY can only come up with a broader framework for such data.
Rama Vedashree, CEO of the Data Security Council of India (DSCI), said the government should not complicate the PDP Bill with non-personal data and should first focus on protection of people’s privacy, since the Bill has some way to go before being enacted.
Vedashree was a member of the Justice BN Srikrishna Committee which was constituted to draft the PDP Bill. The panel submitted its report and the Bill last July. She, however, refused to divulge if DSCI has given an official submission to MeitY in its latest round of consultation.
“Companies invest hugely towards getting the data, its processing and analysis. The framework has to respect the commercial business operations and IPR of the companies,” Vedashree said, adding that there needs to be an industry and public consultation by the government on what could be the reasonable monetisation of such data and which could be shared on a voluntary basis. However, she was categorical that PDP Bill should not expand to non-personal data.
Globally, there’s a debate on who owns data of the public held by companies such as Uber or Google Maps, and whether if released in the open in an annomysied fashion, can it help policy makers and researchers in framing better policies in areas like traffic management or urban mobility.
Stakeholders were given a week’s time to respond to the letter which also sought feedback on storing personal data in India. ET has learnt that a section of the stakeholders have responded, reiterating their earlier position that India doesn't need to have hard localisation.
“Our stand on data localisation remains the same, even though the intent of the government is good, we believe any kind of data localisation is easily bypassable. What is important is that companies which operate in India have to follow the Indian law. There has to be a proper consent regime which is tight, and in case of an incident, the government should have access to the data irrespective of where it resides,” said an official of an organisation which has sent its feedback to MeitY.
A senior official told ET that the government may also consider leaving it to the ministries or regulators concerned to define which kind of data should come under the purview of such a policy. This comes after the latest round of select stakeholder consultation over the draft Personal Data Protection (PDP) Bill, in which the government has also sought opinion on the contours of a policy for non-personal data besides seeking feedback on issues such as data localisation.
The official cited earlier said the ministry of electronics and IT (MeitY) had sought the views of 10-15 stakeholders on non-personal data. “The views received through this consultation can form the ground for a whitepaper which can be opened for wider public consultation before a policy is formed,” the official said, adding that “it’s a grey area” and no country has so far been able to come up with a policy on how to deal with public data.
In its latest feedback letters sent on Friday, MeitY had asked whether there is a case to mandate free access to community data, anonymised data, ecommerce data, etc. It also asked whether the Data Protection Authority should be the regulator in respect of all non-personal data. “The ministries or the regulators say health or ecommerce can only take a call on this, how can we define it for others,” said the official, adding that MeitY can only come up with a broader framework for such data.
Rama Vedashree, CEO of the Data Security Council of India (DSCI), said the government should not complicate the PDP Bill with non-personal data and should first focus on protection of people’s privacy, since the Bill has some way to go before being enacted.
Vedashree was a member of the Justice BN Srikrishna Committee which was constituted to draft the PDP Bill. The panel submitted its report and the Bill last July. She, however, refused to divulge if DSCI has given an official submission to MeitY in its latest round of consultation.
“Companies invest hugely towards getting the data, its processing and analysis. The framework has to respect the commercial business operations and IPR of the companies,” Vedashree said, adding that there needs to be an industry and public consultation by the government on what could be the reasonable monetisation of such data and which could be shared on a voluntary basis. However, she was categorical that PDP Bill should not expand to non-personal data.
Globally, there’s a debate on who owns data of the public held by companies such as Uber or Google Maps, and whether if released in the open in an annomysied fashion, can it help policy makers and researchers in framing better policies in areas like traffic management or urban mobility.
Stakeholders were given a week’s time to respond to the letter which also sought feedback on storing personal data in India. ET has learnt that a section of the stakeholders have responded, reiterating their earlier position that India doesn't need to have hard localisation.
“Our stand on data localisation remains the same, even though the intent of the government is good, we believe any kind of data localisation is easily bypassable. What is important is that companies which operate in India have to follow the Indian law. There has to be a proper consent regime which is tight, and in case of an incident, the government should have access to the data irrespective of where it resides,” said an official of an organisation which has sent its feedback to MeitY.
No comments:
Post a Comment