Data Privacy: Need for stronger laws

We are living in a digital age, much more so after the onset of Covid-19. Business, meetings, interaction, banking, even education has shifted to online mode. Every person is accessing and sharing so much of data that it is very scary as one never knows who hands your data lands up in.

With this, concerns about data privacy have become more important than ever before in everyone’s mind.

Data can be classified into two categories as personal and non-personal. With the advancement of digital technology, there is a tremendous upsurge in storage, handling and processing of data by companies and humans in digital format.

It reflects the need to establish distinct regulatory mechanism for handling and processing of personal and non-personal data to preserve the confidentiality and secrecy of such data.

The Central Government is on course to develop a mechanism for regulating the collection, storage and usage of personal data and non-personal data separately.

Work on the non-personal data bill is going in parallel with the Personal Data Protection Bill, 2019. The Central Government had constituted a panel to develop a draft report on non-personal data governance.

The prime job of panel is to perform extensive research and to study all vital aspects associated with governance and regulation of non-personal data.

According to the draft report, non-personal data means data which is not personal. The panel has submitted its report to Central Government for review. The Central Government has invited comments from general public along with all stakeholders concerned by 13-8-2020 in this regard.

The idea of seeking comments from public is to give final shape to draft in progress to address all concerns and issues related to non-personal data in a comprehensive method.

An interesting outcome of the research by panel is that companies with largest data pools are unbeatable and have techno-economic advantages over small-medium companies.

According to available statistics, few startups established during the period (1990-2000) has emerged as larger corporations with economic capacity of USD 1 trillion market due to their stronghold in collection and analysis of users’ data.

Some interesting facts about larger corporations:

(a) 60% of internet advertising market in the United States is being dominated by Google and Facebook.

(b) 37% of online e-commerce market controlled by Amazon in United States.

These statistics reflects the power of right collection and processing of data.

According to the draft report, companies which are gathering and collecting data beyond certain limits will come under the ambit of a “data business” and have to register as “data business” in India. Such companies need to report the method of data collection and mode of data usage to regulatory authority.

Development of a data sharing framework is critical to:

(a) address and resolve privacy concerns in a timely manner;

(b) condense the side effects related to non-personal data processing; and

(c) generate social, public and economic value creation.

Establishment of data sharing platform reflects in transparency in data usage and handling, quantify efficiencies and better quality services.

It is expected that sharing of non-personal data could encourage companies to come up with new and innovative services and products to cater the needs of public at large.

Establishment of regulatory authority is a decisive connection in non-personal data governance – such authority should be empowered with the right set of legal and administrative tools to monitor data sharing acts of companies, collection and reviewing of data from companies and to resolve data privacy-related disputes.

Certain companies are misusing the data for their benefit causing considerable data privacy issues to the users — it is about time to develop distinct laws and mechanism for handling, processing and usage of personal and non-personal data to curb misuse of personal and non-personal data by companies.

Inception of separate laws for regulation of personal and non-personal data along with right implementation would result in:

(a) streamline the process of data handling and collection;

(b) make companies collecting and processing data more accountable and responsible;

(c) improve transparency standards in collection and usage of data; and

(d) provide more control to users on the aspect of collection and usage of their data.


*Bhumesh Verma is Managing Partner at Corp Comm Legal and can be contacted at bhumesh.verma@corpcommlegal.in. **Paruchuri Baswanth Mohan, Research Associate and can be contacted at  paruchuribaswanthmohan@gmail.com

Join the discussion

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.