Venkata Pingali

Venkata Pingali

@pingali

Thoughts on Report by the Committee of Experts on Non-Personal Data Governance Framework (Dec 24, 2020)

Submitted Jan 2, 2021

Overall

  1. Overall proposal is looking reasonable and feasible, even though a
    lot of details have to be worked out.

  2. Proposal is demonstrating the commitment to the larger direction of
    data sovereignity and data markets. Economic value is major goal.

  3. It eliminates major concerns from the previous versions:
    (a) missing institutional guarantor of the system
    (b) guarantor of the quality of data
    (c) anybody and everybody having access to any/every data
    (d) flow of information not being tracked
    (e) lack of metadata standards

  4. The proposed approach is a combination of Aadhaar-like “switch” and
    Account-Aggregator-like standards and coordination mechanisms.

  5. Metadata management and discovery will become a first class
    activity. Every organization has to now submit metadata.

Legal and Economic Framework

  1. Unclear if it will withstand scruitiny but there is a fairly
    detailed argument around the legal underpinnings of the NPD
    proposal. It helps that Rahul Matthan, Ex-Trilegal is associated
    with the committee.

High-Value Datasets

  1. Proposal puts a price (a non-profit to be created etc.) on data by
    allowing only data trustees to define and access data.
    Organizations cant demand/access any and all data.

  2. Any access to data is only through organizations - which gives
    government/law ability impose costs for misbehavior.

  3. It moved the hard part of identifying HVD to thirdparty - which
    is the right approach.

Data Processor

  1. Moved the responsibility of data access to controller - simplifying
    the legal/compliance aspects of the processor.

Questions

  1. Data processor may not share data but it still has to submit
    metadata. If clients are abroad, the clients may object to sharing
    the metadata. Declaration to this effect is a requirement under
    GDPR DPA (Data Processor Agreement).

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more