INC42, July 13, 2022
BSP MP Ritesh Pandey, a member of the JPC looking into the Bill, underscored the need for enacting a standalone personal data protection law before dealing with non-personal data
Mandatory reporting of NPD by private firms could lead to risks of intellectual property rights infringement and disclosure of trade secrets: CUTS International
Restrictive policies might not work in the space of supporting innovation. There should be a balance between innovation and guaranteeing safety and security: Software Alliance
The final draft of the Personal Data Protection Bill (PDPB), 2019 will likely exclude regulations related to non-personal data (NPD), a member of the Joint Parliamentary Committee (JPC) looking into the Bill said.
Addressing a virtual event, BSP Member of Parliament (MP) Ritesh Pandey said that the final draft of the PDPB, 2019 would skip all aspects of regulations related to NPD. He further underscored the need for enacting a standalone personal data protection law before dealing with NPD.
Parminder Jeet Singh, a member of the committee of experts on NPD, called for more ‘conceptual clarity’ on the definition and scope of non-personal data before bringing in legislation on the matter.
Vidushi Sinha, senior research associate at Consumer Unity & Trust Society (CUTS), which had organised the event, pointed out a slew of issues regarding NPD regulations. She said that the move could lead to possible over-burdening of the proposed Data Protection Authority (DPA) in the initial days if it is directed to regulate both forms of data.
She also said that mandatory reporting of NPD by private firms could lead to risks of intellectual property rights infringement and disclosure of trade secrets.
National Association of Software and Services Companies (NASSCOM) vice-president Ashish Aggarwal also urged the government to pursue voluntary enablement of data sharing for the private sector.
Software Alliance’s country manager Venkatesh Krishnamoorthy also warned against mandatory requirement for sharing of NPD, saying that data processors have contractual obligations with data fiduciaries, and at times lack data ownership.
“Restrictive policies might not work in the space of supporting innovation. There should be a balance between innovation and guaranteeing safety and security,” noted Krishnamoorthy.
Sinha specifically called for excluding non-personal data from the ambit of PDPB, 2019, adding that there was a need for two separate frameworks for personal and non-personal data. She also urged the Centre to narrow the scope and definition of NPD and for curbing unfettered government access to NPD.
What’s The Issue?
Even though Pandey said that the JPC would forgo regulating non-personal data, the last JPC recommendations had called for expanding the scope of the Bill to include personal data as well as non-personal data.
The JPC had tabled its recommendations in December last year and had sought renaming of the Bill to Data Protection Bill, 2021. Under the new Bill, NPD was defined as any data that is not personal in nature, adding that it was also the combination of all such information that could profile an individual.
The contentious parts of the Bill include provisions that seek to regulate NPD within the scope of a personal data protection framework. Critics are also up in arms against the Bill that gives the union government broad powers to access NPD for formulating policies and also empowers the DPA to investigate breaches of NPD.
The Bill is also being criticised for its sweeping data localisation mandates, which could prove a hurdle for smaller startups that have limited resources and work with international data transfers.
As per reports, the government is polishing the final draft of the Bill, which could be tabled in the Parliament during the monsoon session.
This news item can also be viewed at: