Experts call for defining non-personal data before making laws on it

0


The Joint Committee of Parliament (JCP)’s recommendations on non-personal data (NPD) and anonymised personal data in last year’s draft Data Protection Bill will not work till NPD is defined clearly, cybersecurity and policy experts said on Tuesday.

Most experts who participated in a panel discussion by not-for-profit Consumer Unity & Trust Society (CUTS) International said that regulation of NPD when the definition of the term itself was still vague would be premature.

They said proper guardrails must be put in place before access to any NPD could be shared.

Ritesh Pandey, a Member of Parliament and JCP member, said the committee had held extensive discussions on whether the government should first look at personal data and regulations surrounding NPD subsequently.

“At a certain point it was suggested by a few members but the Bill took a different turn where the word ‘personal’ was removed, which showed that the ambit of the Bill was increasing, and they wanted to include non-personal data as well,” Pandey said.

Pandey said in his view he wanted personal data to be dealt with as a standalone subject and look at NPD only if the need arose.

Discover the stories of your interest



Regulating NPD calls for harder work in terms of ecosystem and enablement, and cannot be ordained by just writing a policy or law, said Ashish Aggarwal, head of policy and vice president at IT industry body Nasscom.

“It is much more than thinking of it as raw data. There is a lot of processed data or information when we talk of digitization, citizen services or e-governance in general,” Aggarwal said.

There is a need for a comprehensive cybersecurity framework to protect NPD, he said, which is why when the Bill talks about data breaches it steps into the domain of cybersecurity and moves away from the domain of personal data.

Shopkeepers’ data, for example, could be considered both individual and commercial, Parminder Jeet Singh, executive director at IT for Change, said.

“Without identifying the subject of non-personal data, it is not even meaningful to talk about protection, therefore it is futile without identifying to whom the protection would accrue,” Singh added.

The panel discussion was also attended by Daniel Castro, vice president at Information Technology and Innovation Foundation; Astha Kapoor, co-founder at Aapti Institute and Venkatesh Krishnamoorthy, India country manager at BSA.

The priority globally is to protect the personal data of users, and non-personal data should be kept as a separate entity, Castro said.

“In both cases, the goal should be to maximise the use of data and its economic value. But personal data needs exceptional protection,” he said, adding that personal privacy and data rights, and data portability were required to

the consumer.

The economic value of data and the sheer quantity of data flow make approaches to data regulation important.

Despite being the fastest-growing digital economy and having a flourishing IT industry, India lags in its data protection regime and, unlike many other countries, does not have a dedicated regime for protecting personal data or NPD, said Amol Kulkarni, director, research, CUTS International.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.



Source link

Denial of responsibility! Planetconcerns is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment