Thoughts on Report by the Committee of Experts on Non-Personal Data Governance Framework (Dec 24, 2020)
Overall
-
Overall proposal is looking reasonable and feasible, even though a
lot of details have to be worked out. -
Proposal is demonstrating the commitment to the larger direction of
data sovereignity and data markets. Economic value is major goal. -
It eliminates major concerns from the previous versions:
(a) missing institutional guarantor of the system
(b) guarantor of the quality of data
(c) anybody and everybody having access to any/every data
(d) flow of information not being tracked
(e) lack of metadata standards -
The proposed approach is a combination of Aadhaar-like “switch” and
Account-Aggregator-like standards and coordination mechanisms. -
Metadata management and discovery will become a first class
activity. Every organization has to now submit metadata.
Legal and Economic Framework
- Unclear if it will withstand scruitiny but there is a fairly
detailed argument around the legal underpinnings of the NPD
proposal. It helps that Rahul Matthan, Ex-Trilegal is associated
with the committee.
High-Value Datasets
-
Proposal puts a price (a non-profit to be created etc.) on data by
allowing only data trustees to define and access data.
Organizations cant demand/access any and all data. -
Any access to data is only through organizations - which gives
government/law ability impose costs for misbehavior. -
It moved the hard part of identifying HVD to thirdparty - which
is the right approach.
Data Processor
- Moved the responsibility of data access to controller - simplifying
the legal/compliance aspects of the processor.
Questions
- Data processor may not share data but it still has to submit
metadata. If clients are abroad, the clients may object to sharing
the metadata. Declaration to this effect is a requirement under
GDPR DPA (Data Processor Agreement).
{{ errorMsg }}