Non Personal Data Governance Authority under the new recommendations should not interfere with DPA

The revised recommendations on the Kris Gopalakrishna Committee on Non Personal Data reiterates the significant role that the Non Personal Data Authority.

It may be noted that the Committee has ab-initio been influenced by the industry to include a recommendation that it must be created with “Industry Participation” . This recommendation has to be taken with circumspection.

While NPDA has to consult industry and have persons with industry experience in its constitution, “Regulation” has to be segregated from the industry. If industry organizations become part of the regulatory agency, the regulatory functions will be corrupted.

Hence the committee’s suggestion “NPDA must be created with industry participation” needs to be rejected.

The NPDA’s  Enabling functions include

a) Ensuring unlocking of economic benefit from non-personal data

b) Creating a data sharing framework

c) Managing the meta data directory of data businesses in India

NPDA’s Enforcing functions include

a) Establishing rights over Indian Non-Personal data in the digital world

b) Address privacy, re-identification of anonymized personal data, prevent misuse of personal data

c) Adjudication when a data custodian refuses to share data with the data trustee.

In defining the enforcing functions, mention of “Privacy” indicates a deliberate attempt to create overlapping powers against the Data Protection Authority being created under PDPB 2019.

While the report says that the roles of NPDA should be harmonized with the CCI and DPA, there is an element of overlapping of regulatory functions which need to be consciously avoided.

As regards “Privacy”, the DPA under PDPB 2019 should be given the unambiguous authority. When there is a doubt the NPDA should refer the Privacy issue including the re-identification of anonymized personal data or misuse of personal data to the DPA for necessary adjudication and corrective action as may be required. 

This has to be kept in mind when the new Non Personal Data Regulation Act is framed.

Naavi

 

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.