NEW DELHI: The electronics ministry may come up with a report on non-personal — community, anonymised and ecommerce — data held by companies, including Uber, Google and Amazon, to be used to chalk out a policy on nonpersonal data regulation.A senior official told ET the government may also consider leaving it to the ministries or regulators to define which kind of data should come under the purview of such a policy. This comes after the latest round of select stakeholder consultation over the draft Personal Data Protection (PDP) Bill, in which the government has also sought opinions on the contours of a policy for non-personal data, besides feedback on issues such as data localisation.The official cited earlier said the ministry of electronics and IT (MeitY) had sought the views of 10-15 stakeholders on non-personal data. “The views received through this consultation can form the ground for a white paper that can be opened for wider public consultation before a policy is formed,” said the official, adding that “it’s a grey area” and no country has so far been able to come up with a policy on how to deal with public data.In its latest feedback sent on Friday, MeitY had asked if there was a case to mandate free access to community, anonymised or ecommerce data, among others. It also asked whether the Data Protection Authority (DPA) should be the regulator in respect of all non-personal data. “The ministries or the regulators say health or ecommerce can only take a call on this, how can we define it for others,” said the official, adding that MeitY can only come up with a broader framework for such data.Rama Vedashree, chief executive, Data Security Council of India (DSCI), said the government should not complicate the PDP Bill with non-personal data, but first focus on protection of people’s privacy, since the Bill has some way to go before being enacted.Vedashree was a member of the Justice BN Srikrishna Committee which was constituted to draft the PDP Bill. The panel submitted its report and the Bill last July. She, however, refused to divulge if DSCI has given an official submission to MeitY in its latest round of consultation.“Companies invest hugely towards getting the data, its processing and analysis. The framework has to respect the commercial business operations and IPR of the companies,” Vedashree said, adding that there needs to be an industry and public consultation by the government on what could be the reasonable monetisation of such data and which could be shared on a voluntary basis. However, she was categorical that PDP Bill should not expand to non-personal data.Globally, there’s debate on who owns data of the public held by companies such as Uber or Google Maps, and whether, if released in the open in an anonymised fashion, it can help policy makers and researchers to frame better policies in areas like traffic management or urban mobility.Stakeholders were given a week’s time to respond to the letter which also sought feedback on storing personal data in India. ET has learnt that a section of the stakeholders have responded, reiterating their earlier position that India doesn't need to have hard localisation.“Our stand on data localisation remains the same,” said an official of an organisation which has sent its feedback to MeitY on request. “Even though the intent of the government is good, we believe any kind of data localisation can be easily bypassed. What is important is that companies which operate in India have to follow the Indian law. There has to be a proper consent regime which is tight, and in case of an incident, the government should have access to the data irrespective of where it resides.”
from Economic Times https://ift.tt/2UlY4DU
No comments:
Post a Comment