Home >Companies >People >Non-personal data regulation is a huge opportunity for India: Kris Gopalakrishnan
Kris Gopalakrishnan said regulation around sharing of non-personal or anonymized data is a big opportunity for India,
Kris Gopalakrishnan said regulation around sharing of non-personal or anonymized data is a big opportunity for India,

Non-personal data regulation is a huge opportunity for India: Kris Gopalakrishnan

Kris Gopalakrishnan said regulation around sharing of non-personal or anonymized data is a big opportunity for India,

Data is generated by the people and, as a public good, it can be democratized and put to the best possible use, the economic survey released by chief economic adviser K.V. Subramanian had said in July 2019. A year later, the government is taking steps to allow sharing of non-personal data. Earlier this month, a nine-member committee, headed by Infosys co-founder Kris Gopalakrishnan, had put out a draft non-personal data government framework, seeking broader ideas, and public response.

In an interview, Gopalakrishnan said regulation around sharing of non-personal or anonymized data is a big opportunity for India, as it will be the first country to introduce forward-thinking directives, which will benefit everyone, including industry and citizens. Edited excerpts:

Is it the right time to introduce a non-personal data governance framework, more so, as India is yet to pass the personal data protection law?

See, the opportunity in data is really huge. The Nasscom-McKinsey study projects that this could be a $500-billion (opportunity) over the next five years, by 2025. This is an area that is emerging as a huge opportunity and, if we are the early adopters, then we will spend less and we will create our own businesses that leverages this opportunity. In case of personal data, it is coming from 1.3 billion people in India, so we can provide services, leveraging this data to the economic benefit of the people in this country.

How will startups and small businesses afford the data?

Every business will benefit from data sharing. If it is a small business, they get access to this data. If it is a large business, they get access to more data, including government data. All of us are working towards making data shareable, available for businesses to provide better services, and that it is helpful for every company, every business. Citizens will benefit as they will get better services.

For example, if you look at traffic patterns in the city, and we need to provide the best route, it is a service based on data and triangulating multiple data sources to understand traffic patterns. These are services that can be provided and in many cases, as this data comes from different sources, businesses and, many a times, from government sources. The portability comes in when a government department or a private organization decides to share this data by collecting it from different sources, and creates a data exchange, or a warehouse (a collection of data stored in a particular way so that people can access it). The government can also provide it free of cost. The private industry may charge a small amount to use those services. These are all possible.

Who decides on the pricing?

Pricing will be market-driven. Somebody may decide to give it free of cost. The government, for example, may give it free of cost, or may charge a small fee. Even when it comes to the private industry, some things will be offered free of cost, some things may be offered at a small price. Some things may be subsidized by other services, such as advertising, etc. There are many different models. We are not prescribing anything.

Can you tell us more about the new concept of data business? Why is there a need for registration beyond a certain threshold?

Data business is a new type of business we are introducing, wherein an organization that collects and provides services using that data becomes a data business. They need to disclose that they are a data business to the non-personal data authority. In order to make it easy for smaller companies, we can say that registration is optional when you are small, but above a threshold, it is mandatory. The threshold will be decided by the different departments of the government, and they may have different thresholds. In health, you have a particular threshold, in retail or commerce and industry, or e-commerce, you may have a different threshold. Or you may have a single threshold. Right now, we have come up with a concept, ideas and recommendations. Now, this has to be converted to a bill. That is when these things will be decided.

How do you plan to implement data sharing?

Any company, big or small, needs to disclose what data they are collecting and what services they are providing, after reaching a threshold. Let’s say, you set up a business and you want to find out who all have data with respect to that business, which is beneficial to that business. You can raise a request for this meta data, and find out who is collecting what data and make a request that please share this data. If they share, you get the data. If they do not share, you have the right to go to the NPDA (non-personal data authority) and say that I have made a request and it has been refused. NPDA will evaluate and see if it is a genuine request. If it is genuine, they will ask the raw data to be shared. That’s how you get access to it.

Will it not make the process cumbersome?

Hopefully not. We are creating a culture of data sharing of non-personal data. As companies understand the overall benefits that will come to the country, to the society, and even to their own businesses, once they get access to other data sources, we believe will transition to a more data-sharing kind of an economy. The request to NPDA will come down over time. The most important thing is making this data available for many people to innovate and create new businesses. That’s what we are proposing. Now, when we go through the implementation, or look at how the bill has to be written, we may come up with some additional ways to smoothen it. We have tried to keep the overhead as low as possible. That’s why we have disposed with the requirement of a licence. We have said it is a disclosure-based regulation. We are saying that when you are small, you don’t need to disclose, it is optional, but when you are big, you need to disclose. We are trying to make it easy for smaller companies to become a data business, to get access to data. If you are a larger business, you anyway have the wherewithal to comply.

Who sets up NPDA? Since the government has already proposed a Data Protection Authority (DPA) under the draft Personal Data Protection Bill, do we still need a separate regulator? Wouldn’t there be an overlap?

These authorities are typically set up by the government. So, the government will set up NPDA. We have recommended that there has to be representative from the industry in the authority because this is a complex, highly technical area, and there is a need for a knowledgeable person from the industry to be a part of it.

Second, this is fast evolving, and we may need to tweak things as we go along, as well as learn, and implement it. Again, we need industry feedback. We want to increase the trust that the public and industry have in these authorities. Now, who is this, will be decided when the government decides to set up this authority. And, that will happen once the report is accepted by the government.

Since there are a multiplicity of authorities, we have said (in the report) that the roles have to be harmonized and a single authority is enough. Though, typically, the role of the authority in the (draft) Personal Data Protection (legislation) is to protect the privacy of an individual and protect their rights over data, in case of NPD authority, the role is more enabling, since we want companies to help in sharing data. But there is scope of an overlap.

Is there is any scope for a single regulator then?

I don’t know. That will be the government’s decision.

Not every company would like to share data. Can this hurt business sentiment in any way?

That everybody will be protective about data is a statement that we want to push back, because we need to ask that one question: who does that data belong to?

We are establishing that the economic right of the data about India is in India. It is a transition. Once people understand and work with this framework, I believe, there will be enough business, enough value. I am not saying don’t collect data or don’t do business in this. We are just saying that if somebody makes a request to share the data, then you need to share the raw data. Now, they have to figure it out.

Raw data gives you access to only the bare minimum. You (the company) will have to figure out what algorithms will have to be used, what business can be created on top of that. Just because you have data doesn’t mean you become economically viable. That depends on the business that needs to be created around it, and how successful that will be.

We want to create an opportunity to access that data. It is left to the company to make full use of that.

Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.

Click here to read the Mint ePapermint is now on Telegram. Join mint channel in your Telegram and stay updated

Close
×
My Reads Redeem a Gift Card Logout