BSP MP Ritesh Pandey, a member of the JPC analyzing the bill, stressed the need to enact a separate personal data protection law before dealing with non-personal data. Mandatory NPD Reporting by Private Companies Could Lead to Risks of IPR Infringement and Trade Secret Disclosure CUTS International. Restrictive policies might not work in the innovation support space. There must be a balance between innovation and ensuring safety and security.
The final draft of the Personal Data Protection Bill PDPB, 2019 will likely exclude regulations related to non personal data NPD, said a member of the Joint Parliamentary Committee JPC investigating the bill.
Read Also : Tata Neu Logs 7 Mn Downloads In 7 Weeks
Addressing a virtual event, BSP Member of Parliament MP Ritesh Pandey said that the 2019 PDPB final draft would omit all aspects of NPD related regulations. Furthermore, he underlined the need to enact a separate personal data protection law before dealing with NPD.
Parminder Jeet Singh, a member of the NPD expert committee, called for more conceptual clarity on the definition and scope of non-personal data before legislating on the issue.
Vidushi Sinha, senior research associate at the Consumer Unity & Trust Society CUTS, which had organized the event, pointed to a number of issues related to NPD regulations. He said the move could lead to a possible overload of the proposed Data Protection Authority DPA in the first few days if it is aimed at regulating both forms of data.
He also said mandatory NPD reporting by private companies could lead to risks of intellectual property rights infringement and disclosure of trade secrets.
National Association of Software and Services Companies NASSCOM Vice President Ashish Aggarwal also urged the government to seek voluntary enablement of data sharing for the private sector.
Software Alliance country manager Venkatesh Krishnamoorthy also cautioned against mandatory NPD sharing, saying data processors have contractual obligations to data trustees and sometimes lack ownership of the data.
Restrictive policies might not work in the innovation support space. There needs to be a balance between innovation and ensuring safety and security, said Krishnamoorthy.
Sinha specifically called for non-personal data to be excluded from the scope of the PDPB, 2019, adding that two separate frameworks were needed for personal and non personal data. He also urged the Center to reduce the scope and definition of NPD and restrict unrestricted government access to NPD.
What’s The Issue?
The JPC had submitted its recommendations in December last year and had sought to change the name of the Bill to the Data Protection Bill, 2021. Under the new bill, NPD was defined as any data that is not of a sensitive nature. personal, adding that it was also the combination of all that information that could profile an individual.
The contentious parts of the Bill include provisions that seek to regulate the DNP within the scope of a personal data protection framework. Critics have also taken up arms against the bill that gives the union government broad powers to access the NPD to formulate policy and also empowers the DPA to investigate breaches of the NPD.
The bill is also being criticized for its broad data localization mandates, which could prove a hurdle for smaller startups that have limited resources and work with international data transfers.
The government is reportedly polishing the final draft of the bill, which could be tabled in Parliament during the monsoon session.