India's Non-Personal Data (NPD) framework

Parminder Jeet Singh is a member of the Committee of Experts (CoE) which drafted the Non-Personal Data (NPD) report - Version 1 and Version 2.

In this session, Parminder explained:

1. The rationale underlying the Non-Personal Data (NPD) governance and the Report, as it has been framed.
2. How the gradual rollout of NPD will take place.
3. Concerns startups have about data sharing eroding competitive advantage; versus NPD as building data infrastructure.

Below is a summary of these three points:

1. Rationale underlying the Non-Personal Data (NPD) Report:

• Most people focus on personal data because the general agreement is that the person is the subject of governance.
• The Committee of Experts (CoE) addresses the “community as a collective subject of data.” The NPD Report establishes a community’s rights in its data by looking at two aspects: one, to prevent harm; second, for the community to decide the benefits of the data. The proposal for High Value Datasets (HVDs) has accordingly been made to strengthen the community’s control over data, Parminder explained.
• Need to establish data infrastructures: The CoE believes that certain kinds of data is of infrastructure quality. Global corporations have captured this data infrastructure. NPD attempts to set right this imbalance in the distribution of power.
• High Value Dataset (HVD) is that data which is considered under certain circumstances to have infrastructure value, necessary for businesses in that category to to be able to function properly. If this infrastructure is captured by big tech - Google, Amazon, Twitter or Facebook - then it becomes an unequal situation because startups cannot leverage this infrastructure early.
• Proprietary rights about data are referred to as a way to suggest that NPD governance is not required. But IP laws do not guarantee real legal right on data. Certain kinds of community data, which is sourced from outside - from people, communities and public infrastructure - will be called community data. The community will have a right over this. The CoE has therefore tried to establish very high degrees of duty of protection, harm protection, and also measures to use this data, when necessary, for building data infrastructures. According to Parminder Jeet Singh, this shift is important to establish because all talk about voluntary data, sharing data and altruism, simply doesn’t work. “Realistically, we are on a legal ground when you’re talking about data, the most valuable resource of society,” he emphasizes.
• The other rationale for NPD governance is the inequitable distribution of power and the geo-politics. US and China are powerful economies because their “Artificial Intelligence (AI) sucks all the data”. Nation-states - and their representatives and institutions - are at loggerheads with big tech because platform economies are powerful. Parminder cited the example of Donald Trump who was shut down by Twitter, and the Australian government which has a conflict with Google over payment to content creators, to make his point.

2. Gradual rollout of NPD:

• Data sharing, as mandated by NPD, will take place in a gradual manner.
• Gradualness has been established through HVDs, where only such data which is recognized and consented by the Non-Personal Data Authority (NPDA) as being infrastructual in nature, will be asked for. This includes specifications of the kind of data which can be asked, and the grounds for data sharing i.e., NPDA will determine the fields for sharing; the entire database will not be asked for.
• The CoE consistently refers to the term infrastructure because that is key to understanding what the CoE is trying to do. Data, which is of infrastructure in nature, will be taken one by one.
• Health data is the pilot dataset with which NPD rollout will be initiated. The learnings from this rollout will be incorporated into the mechanics for future data sharing.
• The idea is to enforce the notion of community property, and establish the community’s legal right in the data. “The right only kicks in in a very constrained process. The process has been defined. Its guidelines will be made clearer. So, there is a lot of certainty for the balances,” Parminder suggested.

3. Concerns about competitive advantage versus building data infrastructure:

• Parminder mentioned that a Data Act is being drafted by Europe, which will come into effect in 2021. This Data Act will include compulsory data sharing across businesses, giving B2B right to access data. However, the European law does not employ community rights which the CoE has used in the NPD framework. “We only did addressed right of community of natural people. Some EU frameworks are focussed on rights of groups of business users of platforms,” Parminder explains.
• According to Parminder, startups function with a six to eight month vision where their goal often is to sell to the big digital corporations and exit, thereby reinforcing the power of big tech.
• “NPD is about building infrastructure”, Parminder elaborates, “I don’t think things will change too much because the whole process of this Committee’s report’s implementation is to go one by one. Even in one sector, where they start with the health sector, the NPDA will go for very few datasets from health sector, which are supposed to be compulsorily shared. We will learn. But finally, like we had in the industrial age, certain data will be infrastructural, which will be Commons. Other data will be proprietary, on which competitive advantage will be built.”
• Parminder concluded by suggesting to startups, “My vision is to have infrastructure of data on top of it, have intelligence services, which are your competitive advantage. Don’t make data hoarding your competitive advantage. Things will start shifting in that direction, and this is what this Committee has tried to do.”