Hardly 2 days back , I blogged ( - and sent it as E
Mail to Shri RaviShankar
Prasadji ) :
Data Division Debate [
07 Dec
2019 ]
where I said :
“ Are we about to enact a law which , on one
hand, is not implementable and on the other hand , might lead to unending
litigation ? “
No great “ insight / foresight “ here when you
read what newspapers reported today !
Eg :
[ A ]
Extracts :
Ø Bill which has
proposed a new provision allowing
the government to ask any data fiduciary to part with non-personal information — such as the number
of cars on ride-hailing platforms like Uber — for better targeting of services,
framing of policies and better governance.
Ø “When you give
discretionary powers and authority to ask for the data whenever the needs
arise, who would have the
discretionary power is the challenge,” said an industry executive.
Ø “For
cybersecurity-related cases, they come with a court or magistrate’s orders and
only then such information is shared. There you have an extra layer of
authenticity,
apart from the executives who are seeking such data,” the person added
Ø Now that the
provisions have become part of the Bill, which will apply to all companies and any
organisation which is processing data of individuals, the issue is
expected to gain much more prominence.
Ø “Globally, no country
has regulations around non-personal or community data so far, so there is no
precedence for the subject
which is also very complex,”
Ø An industry executive
said: “The government first
needs to get clarity on who is the owner of data.
According to Justice BN Srikrishna Committee (on
data protection), the individual is the owner of his or her personal data so by that basis, the ownership of any derivative of
personal data should also lie with the individual.
If the company invests in an IP and the
proposition is so interesting to a user that that person agrees to share
his/her personal data, then how can the
government argue that such data belongs to the community ?
Ø “Most of leading
countries are building their AI strategy on data sharing, we will lose out if
we don’t,” this expert added.
=========================================================
[ B ]
National e-commerce
policy to lay down terms for treatment of non-personal, commercial data [ Hindustan
BusinessLine ]
Extracts :
Ø We have started stakeholder consultations on how to treat non-personal data. It is a highly sensitive matter as different stakeholders have
different views on it.
Ø For instance, Nasscom has its set
of opinions, while industry body CII
has its own views.
Ø “We will try to see that the e-commerce policy
is finalised soon. This (treatment
of non-personal data) is the only sensitivity which has to be worked out,” Mohapatra said (Secretary, Department of
Policy for Industry and Internal Trade )
Ø The Ministry of Electronics and Information
Technology (MeitY), while working on the Personal Data Bill, had made a
separate committee comprising IT experts and officials from key Ministries to
look at whether there should be a free flow of non-personal
and anonymised data across borders or it should be localised.
=========================================================
[ C ]
Ø According to its
provisions, personal health data falls under the category of ‘sensitive data’,
which can be processed only
based on ‘ explicit consent ’ by individuals.
Ø Pradeep Dadha, CEO of
Netmeds.com, an online pharmacy said: “There should be more clarity on what are the
activities that require consent – if information is
required for transactions then obviously, we should not be required to take
specific consent, but if such specific consent is indeed required, then we will
have to make changes to
the terms and conditions (on our websites) to suit that.”
Ø The clause on ‘fair and
responsible processing’ of data in the Bill also needs to be clarified and cannot be left open to
interpretation, he added.
Ø Since companies in the
space also employ Artificial Intelligence based algorithms to process consumer
data to better map and offer products and services to consumers, founders said more details would be
required on how anonymised personal and non-personal data can be processed for
use in such algorithms.
Ø “In data science and
AI, healthcare is one of the largest applications – we need to work with a lot
of consumer data that is not personally identifiable. We have to make sure
that the policy does not dissuade the processing of data and creation of new
AI models of healthcare,” said Prashant Tandon, CEO of 1mg.
Ø Though the Bill does not define
non-personal data explicitly, it can include community data, anonymised
data, ecommerce data, among some types of data. “There needs to be enough flexibility to use
non-personal data as well,” Tandon added.
Ø Gopichand Katragadda,
former chief technology officer of Tata Sons and founder of deep technology
startup Myelin Foundry, said consumer data would be best protected if there are guidelines that require
explicit consent of individuals. “If their data is to be used by a business for various
purposes, then consent should be clearly taken for each purpose,” he said.
=========================================================
Above mentioned
differing “ views “ are just a small beginning
Wait till the
full text of the bill is put up in public domain
When that
happens , expect following questions :
Ø As far as user granting “ explicit consent “
is concerned, will the Govt ( and the Courts ), get satisfied with web sites /
mobile apps, just insisting that users click on :
“ Hereby, I accept all the TERMS & CONDITIONS of this service
, including granting my explicit and specific permission to :
# permanently STORE all of my data (
whether submitted here voluntarily ) or acquired
by this service from any source “ ONLINE “or “
OFFLINE “
# PROCESS or get processed by third parties,
all such data, with or without use of AI –
Machine Learning – Blockchain and similar
technologies
# TRANSFER such data to third parties, within
India or abroad
# SELL such data to any person or
organization for monetary consideration
# In case of any one filing
a court-case against this site/ app / service, under the DATA
PROTECTION LAW, I absolve the site / app /
service , from my side and undertake
not to hold them liable
for any damages
Ø Since
the bill specifically states that the “ data (
whether personal or non-personal / sensitive or otherwise / identifiable or anonymized
/ direct or derivative ), belongs to the individual (
even if he has never used internet / web ), then under our Constitution, does
he not have the FUNDAMENTAL RIGHT to be able to SELL his own
data to anyone / anytime / at any price – since he is the sole / exclusive data-owner?
Read :
PRIVACY
for SALE [ 26 Aug 2017
]
Ø If Govt reserves the right to force/require any “ Data Fiduciary “ to
handover my non-personal / anonymized data, why should not the
user be compensated by the Government – even if
fiduciary is not paid anything – and even if such data is used only for
improving e-governance ?
This argument must be viewed
in the context of the fact that the Government , itself has started SELLING such
anonymized user data ( - not at all difficult to connect up with the data-owner
and clearly identify him ! ), and become a DATA MERCHANT !
Read : Bulk
Data Sharing / Selling Policy ? [
12 March
2019 ]
Govt is in the process of
setting up the required PLATFORM for this as per following announcement made a
few months ago
Read :
Thanks
, Shri Piyush Goyalji , [
28 June
2019 ]
Extract :
The government is planning
to set up a national data governance centre to hold all public data, and
establish guidelines for the management, sharing and monetisation of information.
State agencies and even startups could access the data through this facility.
Public data relates to
freely available information that is collated by various agencies or companies
in the course of their operations and which
can be traded without restrictions or
be used for public utility purposes. This includes traffic and illness
patterns.
“Data has an economic value,
but who, when and where uses that, that would then lie under a national
data-sharing policy to be developed under the data
governance centre,
But recently, commerce
minister Piyush Goyal directed his ministry to take out the data elements from
the draft ecommerce policy, leaving the PDP Bill to handle those.
“Shouldn’t all this
community or public data be available at one centralised location with the
government, so that it can be used by
everyone, including government
agencies to make relevant laws and even help startups
========================================================
10 Dec
2019
hcp@RecruitGuru.com