Non personal data protection law should focus on citizens’ rights, says B.N. Srikrishna
PremiumB.N. Srikrishna said that the roles of data principles, data fiduciary, non-personal data protection authority has not been clearly laid out to understand what is the right and obligation each one of them will have
The government needs to come up with finer details on the regulation pertaining to non-personal data governance framework, as in its current shape, it appears that the government can have a ‘blank cheque’ and ask for data from a private company for the benefit of the community, former Supreme Court judge B.N. Srikrishna said on Tuesday.
“The law will have to focus in citizens’ rights and see how from there you can develop the right. The way it has been recommended it seems like government can have a blank cheque and whenever it wants, it can make a requisition and say it is for the community’s benefit and take away is in the hands of private company," he said at a webinar organized by CUTS International.
Regulation should make a journey from citizen rights to other objectives and not the other way round, he said.
Justice Srikrishna, was the key architect of the first draft bill of the personal data protection law that has been referred to a joint parliamentary committee, before it is passed by the Parliament.
He said that the roles of data principles, data fiduciary, non-personal data protection authority has not been clearly laid out to understand what is the right and obligation each one of them will have.
Last month, government-appointed panel, headed by former Infosys Ltd vice chairman Kris Gopalakrishnan, called for a new law to regulate the sharing, commercial use and privacy of non-personal information. The committee has sought feedback from interested parties by 13 September, after which the government will finalize a detailed legal framework regarding the same.
Non-personal data is information that cannot identify a person and can be details such as weather conditions, data from sensors and public infrastructure. It also includes data, which was initially personal, but was later made anonymous, according to the definition in the draft document.
The retired judge said that the definition of non-personal data must be more specific and clear as the current shape can lead to confusion can overlap with the meaning of personal data. Besides, there is a lack of clarity on methodology of ‘consent’ in the draft.
Srikrishna also said that some issues have not been addressed in the draft and the government also need to think about how to deal with such issues. “How does someone deal with non personal data when you have to transfer it across the border…how will you treat it? As government property or personal property…This has not been addressed (in the draft)," he said.
