Sense seems to have prevailed as the revised draft of the non-personal data report has dropped the mandatory sharing of non-personal data, at least between private entities, which could result in a conflict with intellectual property (IP) rights.
Some industry voices feel regulating non-personal data is not warranted if the market has not developed, while others believe that data sharing to some extent is required for India to become an artificial intelligence superpower.
India made global headlines when it became the first country to announce plans to regulate non-personal data, in September 2019. The Ministry of Electronics and Information Technology tasked a committee of experts to come up with a regulatory framework.
More than 1,500 submissions were made by various stakeholders, with most of them opposing the mandatory sharing of data, as this would conflict with their IP rights. This forced the committee, headed by Infosys co-founder Kris Gopalakrishnan, to go back to the drawing board and revise the report, which was released for public consultation on 27 December 2020.
Only data necessary for the creation of “high-value data sets”, and those for reasons of the public good, would be subject to mandatory sharing requirements. Public-good purposes could include policy making and improving public services. Proprietary information and trade secrets would not fall under the mandatory sharing obligations.
Gopalakrishnan reportedly said recently that data sharing between private parties was outside the committee’s purview since this involved a commercial transaction. He added that “public good” needed to be defined, even for private entities sharing data.
The revised report has also done away with any reference to the Personal Data Protection Bill, 2019, to ensure that there are no regulatory overlaps. The latest draft proposes that any reference to non-personal data should be removed from the bill, and points to the need for strengthening the conditions on obtaining consent for the collection of anonymized data.
India will be the first to come out with comprehensive non-personal data legislation, with the idea of unlocking economic, social and public value from the use of data, while addressing privacy concerns. Legal experts say that the latest draft spells out that individuals must be given the option to opt out of having their data anonymized.
Bagmisikha Puhan, an associate partner at TMT Law Practice in New Delhi, tells India Business Law Journal that the revised draft clearly addresses concerns raised by stakeholders on the lack of clarity, in terms of the definitions and the scope of applicability. It also clarifies that in the case of any conflicts with the data privacy legislation, the latter will prevail over the proposed framework.
Puhan says it also helps that the framework reaffirms the idea where any data that is re-identified will continue to be treated under the impending personal data protection legislation.
The Business Law Digest is written by Freny Patel