November 12, 2020
Our Bureau Mumbai | Updated on September 18, 2020 | Published on September 18, 2020
Data must be shared only when national security or sovereignty is at risk
De-anonymisation of data should only be permitted in the circumstance where national security or sovereignty is at risk but the validating of such requests must be done by an independent
authority, according to BK Syngal, former Chairman, VSNL “Provision for de-anonymisation of data should only be permitted in the circumstance where the national security or sovereignty is at
any risk. This examination must be done by an independent and empowered authority who would verify the data, when to be shared, with whom to be shared and why to be shared under the
aegis of national security and sovereignty,” Syngal said in his submission to Kris Gopalakrishnan, Chairman of the Committee of Experts looking into non-personal data regulations.
‘Government working on strong legal frameworks for data handling’
Commenting about the Committee’s framework for sharing of nonpersonal data, Syngal said, “While the principle of mandatory data sharing may be workable for some businesses in India, however, for a number of business entities such a mandatory obligation may be difficult to comply with since, as a part of their business processes, they would have the right to handle data only on behalf
of their customers, and may also be prohibited from accessing data unless expressly agreed to do so. Thus, legally, such entities may not have the right to share data, since sharing of data would be subject to security and privacy risks.”
“The purpose stated in the Report for mandatory sharing of data at the outset appears to be very wide and may essentially lead to the inference that all data held by a company falls within the scope of mandatory sharing obligations. Further, there appears to be an inherent contradiction between the Report and the basic premise of competition law that data should not be shared with competitors and in turn protecting consumers and not competitors. Sharing of resources (Non-Personal Data) between companies could restrict incentives to invest, innovate and compete thereby reducing the quality of products and services available to consumers,” Syngal added. In the present version of the draft report submitted by the Expert Committee, the role of the Non-Personal Data Authority (NPDA) is subject to regulatory confusion as at least four regulators are set to be incubated for the digital ecosystem — including the proposed NPDA, Data Protection Authority, an ECommerce Regulator and the Central Consumer Protection Authority, he said.
View File