Restoring the broken oversight mechanisms of Parliament

Restoring the broken oversight mechanisms of Parliament

Authors: Rohit Kumar and Bhavani Pasumarthi
Published: March 26, 2021 in the Hindustan Times

India’s Parliament recently passed the National Capital Territory of Delhi (Amendment) Bill, 2021, which significantly increases the powers of the Lieutenant-Governor (L-G) of Delhi. The bill requires the elected Delhi government to seek the opinion of the L-G before taking executive action. This is a major amendment that significantly alters the way the government in Delhi functions. It also recasts India’s federal construct and makes the Centre even more powerful than it already is, while chipping away at the power from the duly elected government in Delhi.

Despite the nature of the sweeping changes this bill proposed, it was not sent to a parliamentary committee, and there was no formal consultation with stakeholders, civil society, or experts before it was quickly rushed through both Houses of Parliament. The bill, first reported by media early this month, was introduced in the Lok Sabha on March 15 and passed by both Houses by March 24. Even before citizens had any time to absorb its implications or make up their mind, the bill was already on its way to becoming law.

“Mandating scrutiny for every bill passed is not a big ask. It is necessary to uphold the quality of legislation, and by extension, the quality of governance. A strong committee system is probably the only way to ensure Parliament’s relevance in the law-making process.”

For a parliamentary democracy, this is unusual. Typically, bills of such significance are sent to parliamentary committees for closer scrutiny. Unfortunately, sidelining committees is increasingly becoming the norm in India. Over the last few years, Parliament has been sending fewer and fewer bills to committees. Data compiled by PRS Legislative Research shows that only 25% bills were referred to committees in the 16th Lok Sabha (2014-2019) as compared to 60% in the 14th (2004-2009) and 71% in the 15th Lok Sabha (2009-14).

This trend is worrying. In the constitutional scheme of things, Parliament is supposed to maintain oversight on the government and keep its power in check. By circumventing due diligence in Parliament, we run the risk of weakening democracy.

While fewer bills have been going to committees, data also shows that Parliament has been working more in recent years, discussing bills for longer durations and passing more bills than before. The 16th Lok Sabha (2014-19) for instance, worked for over 1,615 hours, 20% more than the previous Lok Sabha, and passed 133 bills, 15% more than the 15th Lok Sabha. Interestingly, even in the case of the NCT amendment, the Rajya Sabha stayed back till 9:30 pm to finish its deliberations and pass the bill before adjourning.

So, if Members of Parliament (MPs) are spending more time on direct deliberations on the floor of the House, why is bypassing committees a cause of worry?

Spending more time on direct discussions is not a substitute for committee deliberations. There is rarely enough time for a thorough analysis of any legislation on the floor of Parliament. Most MPs are also not subject matter experts on the topics being discussed — they are generalists who understand the pulse of the people but rely on advice from experts and stakeholders before taking decisions. What committees are meant to do is help MPs seek expertise and give them time to think about issues in detail. This is why the committee system was expanded in 1993.

Today, we have several committees in Parliament — each dealing with a different subject matter. All committees have MPs representing different parties, in roughly the same proportion as their strength in Parliament. When bills are referred to these committees, they are examined closely and inputs are sought from various external stakeholders, including the public. By virtue of being closed-door and away from the public eye, discussions in committee meetings are also more collaborative, with MPs feeling less pressured to posture for media galleries.

Although committee recommendations are not binding on the government, their reports create a public record of the consultations that took place and put pressure on the government to reconsider its stand on debatable provisions. The Companies Bill, 2009, is an example of a legislation that was withdrawn, and later reintroduced with significant changes, due to the issues flagged by the committee that examined it.

In the Indian system, unfortunately, it is not mandatory for bills to be sent to committees. It’s left to the discretion of the Chair — the Speaker in the Lok Sabha and Chairperson in the Rajya Sabha. In countries such as Sweden and Finland, all bills are sent to committees. In Australia, a selection of bills committee, which includes members from the Opposition, is tasked with identifying the bills that should go to committees.

It is perhaps time for India to mandate a similar requirement to avail the benefits of the committee system that we have taken for granted so far. By giving discretionary power to the Chair, the system has been especially rendered weak in a Lok Sabha where the ruling party has a brute majority.

Mandating scrutiny for every bill passed is not a big ask. It is necessary to uphold the quality of legislation, and by extension, the quality of governance in the country. A strong committee system is probably the only way to ensure Parliament’s relevance in the law-making process.

With design changes, Svamitva scheme can be a game changer

With design changes, Svamitva scheme can be a game changer

Author: Shivani Gupta
Published: April 21, 2021 in the Hindustan Times

The Survey of Villages Abadi and Mapping with Improvised Technology in Village Areas or Svamitva scheme, launched in April 2020, can play a key role in ensuring secure property rights for rural India. The scheme aims to provide an integrated property validation solution for rural India through the demarcation of inhabited areas using drones. By providing a Record of Rights (RoRs) to village household owners in inhabited rural areas, it attempts to create accurate land and property records, which can be pivotal in reducing property-related disputes and facilitating monetisation of rural residential assets for credit and other financial services. By providing clear records of land ownership, it also envisages improved tax collection through the gram panchayat institutions. As of March, drone survey has been completed in over 31,000 villages, and property cards distributed to about 230,000 property holders in 2,626 villages.

But the scheme’s legal, social and economic design needs more thought. One, property cards distributed under the scheme need legal validity in order to enable citizens to establish their title and to avail financial services. The Framework for Implementation of the Svamitva Scheme places the responsibility of carrying out appropriate amendments to the revenue laws for this purpose on the respective state revenue departments. As these departments make the required changes, a careful consideration of the laws will ensure that no legal loopholes impact its effectiveness.

For example, in Haryana, the Svamitva scheme has been implemented under section 26 of its Panchayati Raj Act. However, section 26 of the Act only empowers the panchayat to prepare the maps of the said area, not to create the associated RoRs. Panchayats, in this case, may not be the competent authority to complete this process of entrusting property titles to rural residents. Thus, there is a possibility of disputes if due legal process is not followed. To ensure such inconsistencies do not arise, a review of the state laws related to land and revenue impacting the legality of property cards should be undertaken. These experts could be tasked with drafting amendments to the existing laws or framing new laws to create legally admissible property cards.

Two, at 12%, single women form a significant share of the population but are often devoid of property ownership. The scheme presents an opportunity to enable recognition of women’s ownership rights as it issues property cards based on “possession” and not “inheritance”. To ensure this, states can also consider including details of more than one owner on the property cards, and recognising joint ownership of property by women.

Madhya Pradesh and Odisha have existing schemes that provide homestead land to weaker sections such as Dalits and single women. Svamitva can strive to include those in possession of these lands and also include low-income families and SC/ST communities who have been residing in village commons for generations. There is also scope to rope in civil society organisations for gender and caste-based sensitisation of field functionaries.

Third, the Fifteenth Finance Commission report has emphasised the importance of property tax as “the most effective instrument for revenue mobilisation by local bodies”, thereby encouraging the administration to “build a framework for property taxation with universal coverage.”

To ensure that Svamitva is able to achieve the objective of building financially resilient local governments, legal changes are needed to empower panchayats to both collect and utilise property tax. Gram panchayats may also be authorised to revise property tax records at the time of land record updates (registration, mutation) to ensure robust and consistent revenue collection. A Geographic Information System-based-based software may be provided to panchayats to manage property and taxation records. Such software is available for municipal corporations and urban local bodies. As more states gear up for the implementation of Svamitva, including these design principles could ensure the realisation of rural India’s aspirations.

Looking at social protection for gig workers through a gender lens

Looking at social protection for gig workers through a gender lens

Authors: Aparajita Bharti and Soumya Kapoor Mehta
Published: October 30, 2020 in the Hindu Business Line
The Labour Codes’ provisions for gig workers are welcome. But more needs to be done to help women workers.

Among the labour code Bills passed in the just concluded Parliament session, the provisions regarding social protection for gig economy workers have been a topic of much discussion. The need for such provisions was felt acutely during the pandemic-induced lockdown.

As the country came to a grinding halt, gig workers were left without any economic cushion. Among them, women were further disadvantaged as a majority of them are engaged in occupations such as beauty and wellness that cannot be undertaken with social distancing. Many others also had to forego available work to take care of increased domestic chores.

India had recorded an exponential growth in its gig economy even before the pandemic hit the nation. It is now the 5th largest country offering flexi-staffing, according to a report by Invest India.

Flexi-hours

This sector is a big draw for semi-skilled and skilled labour, but especially for women. A recent report by IWWAGE supported by the Asia Foundation surveyed women working with a prominent gig platform in India and found that an overwhelming majority (nearly 85 per cent of the surveyed women) associate with the platform as it allows them flexibility in working hours.

In urban areas where there is a higher burden of unpaid care work and domestic responsibilities due to nuclear family structures, flexibility is a critical factor for women. The survey respondents also reported an average income of ₹1,552 per day, depending on the number of tasks performed.

This is significantly higher compared to a typical salon job (where average monthly income ranges between ₹8,000-10,000, with a relatively long average working day of 10 hours or so). Most of these salon jobs are also in the informal economy, operating outside of any formal social security net. Therefore, while 81 per cent workers surveyed were reportedly dissatisfied due to lack of maternity benefits, it is evident that for most women, platform work is a step better than their existing options.

Legislative space

In this backdrop of a growing gig economy, the new social security code has created legislative space for Central and State governments to announce schemes for platform workers. It proposes a National Social Security Board which will recommend suitable schemes relating to life and disability cover, accident insurance, health and maternity benefits, old age protection, crèche or any other benefits. Aggregators employing gig workers will have to contribute 1-2 per cent of their annual turnover, with the total contribution not exceeding 5 per cent of the amount payable to such workers.

Three models

These provisions are in line with regulatory developments across the world which can be categorised into three models.

First is a model proposed in California under which companies are legally obliged to classify gig workers as employees and provide the requisite benefits that go along with such classification. This has been met with a huge pushback from companies like Uber and Lyft, which threatened to shut down in response.

The second model is followed by the EU, which aims at ensuring basic rights in employment terms and conditions for gig workers without entering the independent contractor/employee debate.

The third model is more of a voluntary agreement on standards as envisaged by the Singapore government, wherein companies are nudged to provide facilities such as accident insurance and upskilling to gig workers.

Middle ground

As the government starts to mull over specific schemes under the social security code, it must find a middle ground between these three models and ensure an adequate level of social protection while allowing space for the growth of the platform economy.

Unlike developed countries, where platform work is more informal than the rest of their economy, in India, platform work is already a step towards formalisation and its flexibility is an attractive feature especially for women who may not be able to work otherwise.

A new report by the Fairwork Foundation suggests five principles using which social security and decent work standards may be designed for platform workers, including women. These include fair pay, fair work conditions (prevention from infection, and payment to workers if they fall ill), fair contracts, fair management (e.g. no loss of bonus or incentive levels despite temporary deactivation of workers), and fair representation (e.g. engagement with worker associations, including organisations representing women).

Building on these principles, the government needs to balance the obligations of aggregators and social protection offered by the state through other mechanisms. Schemes which put large onus on industry are likely to be met with pushback.

For a bigger state role

This is even more relevant for women; the ILO has noted that placing undue financial costs on women’s employers is unlikely to contribute to labour market equality. Therefore, the state must play a bigger role towards social security for women gig workers to create a level playing field. Apart from direct contributions towards insurance and skilling, the state should also consider building enabling infrastructure in cities such as crèches and childcare centres, the presence of which expands employment opportunities for women.

Often, a lack of a gender lens in policy design leads to unintended consequences. Gig economy is a sunrise sector presenting new opportunities for women; therefore, their welfare and opportunities should be central to the regulatory objectives in this context.

Soumya Kapoor Mehta is the Head of the Initiative for What Works to Advance Women and Girls in the Economy (IWWAGE), an initiative of LEAD at Krea University; and Aparajita Bharti is Founding Partner at The Quantum Hub (TQH), a policy research and communications firm.

Managing health data: A comparison of policy proposals

Managing health data: A comparison of policy proposals

The Ministry of Health of Family Welfare, Government of India circulated the ‘Health Data Management Policy’ (Policy Proposal hereafter) for feedback and consultation on 26th August 2020. This Policy Proposal will serve as the fulcrum for the National Digital Health Blueprint through which the government aims to build a ‘federated’ digital architecture to further the goals of the National Health Policy. The proposed digital architecture is expected to be available to all healthcare providers and users, as well as entities such as pharmaceutical and insurance companies.

The Policy Proposal is a ‘guidance document’ to regulate the vast amounts of data that will be generated and processed under this architecture. Admittedly, the driving force for the proposal is the necessity of safeguarding privacy of confidential health data. It seeks to build on the Personal Data Protection Bill, 2019 (PDP Bill, 2019), which is currently under consideration in Parliament. The utility of building a digital health ecosystem has long been accepted. Its benefits include improved access to health records across primary, secondary and tertiary healthcare, improved decision making for service delivery and research for innovative solutions. Both the Policy Proposal and the PDP Bill, 2019 aim to set out a legal framework against which entities in the health ecosystem may undertake such exercises.

The consultation process for the Policy Proposal is underway till 21st September, 2020. In this note, we analyse the key points of departure between the Policy Proposal and the Personal Data Protection Bill, 2019, with regard to three aspects:

  • Key Definitions
  • Consent Framework
  • Obligations on Data Fiduciaries

The Policy Proposal clarifies at the outset that no entity shall be entitled to any rights greater than what are already available under other applicable laws, which will presumably include the PDP Bill, 2019 and rules and regulations formed under this legislation once it is passed by Parliament. Readers can find a clause-by-clause comparison of the Policy Proposal and the PDP Bill, 2019 in the annexure to this note.

Access the note here

Designing a new framework for paid period leaves

Designing a new framework for paid period leaves

Authors: Aparajita Bharti and Mitali Nikore
Published: August 26, 2020 in Hindustan Times

The recent announcement of paid period leave for female employees by an Indian unicorn has once again thrust the issue of mandatory menstrual leave into the spotlight. Many activists feel that menstrual leave should be a paid leave granted by law, like maternity leave.

The support for period leave rests on a sound rights-based argument — that workplaces need to accommodate for biological differences between co-workers. Period leave allows women to rightfully rest during their menstrual cycle. It is well-documented that women experience a wide range of health complications during their monthly cycle — cramps, back and muscle pains, bloating, headaches, nausea, among others. These symptoms can assume greater severity for women suffering from chronic conditions like polycystic ovary syndrome (PCOS) and endometriosis.

While the experience of a period is different for different women, and certainly differs month-to-month for the same woman, period leave is thought to be a means to legitimise the physical toll of a painful monthly cycle, to be taken if required, a means to create equity at the workplace. It is also cited as a way of normalising conversations around menstruation.

However, to achieve the stated objectives, we cannot ignore the economics of a period leave. We need to be clear where the funding for menstrual leaves comes from. If menstrual leave is structured like maternity leave, it threatens to increase the cost of hiring women. This has implications in the long-run.

Teamlease Services found that 1.1-1.8 million women lost their jobs in 2018-19 across 10 major sectors owing to the Maternity Benefit (Amendment) Act 2016 which doubled paid maternity leave from three to six months. Similarly, there are other costs associated with hiring women that lead to unsaid but rampant discrimination.

It is well-known that many employers in India are hesitant to hire women for jobs that require frequent travel as they need to make special arrangements for their safety. Essentially, society’s failure to keep women reasonably safe leads to a public cost internalised by employers as a private cost.

Paid period leave can further exacerbate this situation. Even if this by itself does not keep women out of jobs, it can lead to discrimination in hiring and promotion and raise the barriers for women to enter and climb the corporate ladder. It also creates grounds for companies to offer lower in-hand salaries to women, justifying it on the basis that the cost to company for women and men should be equal.

Further, we need to be cognisant of who menstrual leave would benefit and who it could potentially keep out of the workforce. About 55% of urban working women were in regular, salaried employment in 2018-19. Of these, 71% had no written job contract, 51% were not eligible for paid leave, and 53% were not eligible for any social security benefit. Period leave will not touch the lives of millions of casual women workers in the informal economy in both urban and rural areas. By increasing the costs of hiring women, we, in fact, risk keeping them out of the workforce.

Now let’s examine the second assertion, i.e., normalising conversation around menstruation. Gender specialist and menstrual health educator Mayuri Bhattacharjee notes that, “Period leave does nothing to reduce the biases and taboos around menstruation.”

The explicit term “period leave” creates a demarcation, rather than allowing it to be a type of sick leave — thereby allowing a judgment to be passed on the severity of the “sickness” or as many women experience in domestic spaces, legitimate complaints getting passed off as “pre-menstrual syndrome”. Further, like any other health-related information, it should be a person’s right to decide how open they would like to be about their experience.

Given these apprehensions, we need to find a balance between creating space for women to seek period leave when required and ensuring that it doesn’t become another ground for employers to favour men over women.

A good solution might be to increase the number of paid sick leaves by law for both men and women (but keeping it equal). While it increases the overall cost of doing business in India, it treats men and women at par. Changing the goal from menstrual leave to increasing the number of sick leaves will also let women take charge of how much they’d like to disclose about their menstrual health. Paid sick leaves can be viewed as a form of social security.

In the interim, we can also experiment with other middle-path solutions. The pandemic has demonstrated the potential of remote working to many employers. In industries where remote working has proven to be effective, employers can be encouraged to institute work-from-home policies that allow employees to work remotely for a fixed number of days in a month. This flexibility will ensure that women can work from the comfort of their home, in case they find it inconvenient to travel or work from office during their period.

While the intentions of those campaigning for menstrual leave are laudable, we must be cognisant of the unintended consequences that may arise from such a policy. No amount of safeguards in the maternity law have been able to guard against the ex-ante discrimination against women when they are being considered for a job, for a promotion, for a salary raise.

We must learn from this experience and to improve working conditions of the 10% women who are in the formal workforce, we must not forget about the remaining 90% women workers who are in the informal sector for whom such policies threaten to become the gatekeepers.

Mitali Nikore is founder, Nikore Associates, a policy design think tank, and Aparajita Bharti is founding partner, The Quantum Hub, a public policy research and advocacy firm. The views expressed are personal.

EBooks: Building Blocks of India’s Knowledge Economy

EBooks: Building Blocks of India’s Knowledge Economy

Published: May 2018

EBooks have only been around for 47 years or so. ‘Project Gutenburg’ created by Michael Hart in 1971 was the beginning of the process of book digitization. The oldest digital library in the world, Gutenburg, was created with the goal of making literary works available for free in the public domain. Though still at a nascent stage of market development, eBooks have slowly gained a foothold given their many advantages including easy accessibility, lower costs (compared to print books), and portability. The proliferation of the internet and the increasing thrust by governments across the world to move towards a digital economy have also contributed towards expanding the market for eBooks.

Reading habits in the digital age mirror the overall consumer preference for personalized, customized and interactive content, which eBooks are capable of delivering. This trend was first witnessed in developed economies but emerging markets are following suit too. A 2014 survey by the Chinese Academy of Press and Publication revealed that 58.1% of China’s reading population read digitally, which was an 8% increase from 2013, and more importantly, also marked the first time when digital reading surpassed paper reading by the reading population. India’s reading habits are likely to follow the same trajectory as China as more and more people come online. In fact, the 2015 Nielsen India Book Market Report revealed that 56% of the respondents surveyed in urban India bought at least one eBook a year and nearly half of these bought at least 3-4 eBooks a year, indicating a growing demand for digital books in India.

However, despite the positive externalities associated with inexpensive books, in terms of taxation, eBooks are not taxed at par with print books. This White Paper makes a case for leveling the playing field for physical books and eBooks in India as well as for making both eBooks and physical books zero rated – a system wherein the entire value chain of the product is exempt from tax, thereby allowing publishers to avail of the benefits of input tax credit and helping bring down costs.

Access the white paper here

Unpacking Non-Personal Data: Impact on the Indian Innovation Ecosystem

Unpacking Non-Personal Data: Impact on the Indian Innovation Ecosystem

Summary by: Abhinav Saikia, Senior Research Analyst, TQH

In partnership with The Print and Network CapitalTQH organised a series of online discussions on ‘Unpacking Non-Personal Data’, bringing together lawyers, tech policy experts, investors and political voices to deliberate on the proposed framework for non-personal data (NPD) governance. The first discussion focused on defining non-personal data. The second looked at the impact of the proposed provisions on the innovation ecosystem in India and the third deliberated on the question – is data a national resource?

The second discussion took place on 7th August, 2020 and focused on the question “Will access to data level the playing field for Indian start-ups? How do we drive the Indian Innovation Ecosystem?” The panel included prominent stakeholders in the tech policy landscape: Nikhil Narendran (Partner, Trilegal), Aditi Agrawal (Senior Research Associate, Medianama), Ganesh Kollegal (AVP – Government Affairs, Swiggy) and Navjot Kaur (Vice President, Fireside Ventures). The session was moderated by Aparajita Bharti, Founding Partner at TQH.

In this session, we discussed how the proposed data sharing mechanism would affect data-led businesses in India and the Indian innovation ecosystem. One of the key reasons highlighted by the committee for instituting a non-personal data regulatory system is to create a level playing field for Indian startups. In this session, we questioned the key assumption underlying this reasoning i.e. the lack of access to data is the major differentiator between Indian startups and foreign tech companies. We also discussed whether there are other solutions to correct the problems created by the imbalance in access to data among tech companies.

This short note highlights some of the key points made during the discussion. For details on other discussions in the series, please follow the links below:

Defining Non-Personal Data
Is Non-Personal Data a National Resource?


Discussion 2: Impact of the proposed NPD framework on the Indian Innovation Ecosystem

1. Is access to data the key differentiator between Indian start-ups and big tech?

Navjot Kaur from Fireside Ventures acknowledged that data is a differentiator between startups and big tech but was of the opinion that it not a key differentiator. She said data is only one of the tools used by an enterprise. The ability of an enterprise to respond to market demand and to solve problems of the customers are the key aspects that set it apart from other players in the pool.

Aditi from Medianama also concurred with Navjot. She indicated that the key differentiating points that provide a competitive edge to any budding startup over other enterprises include product quality, distribution, marketing infrastructure and lastly, data. She stressed that data sharing is not a one-size-fits-all approach i.e. merely sharing data would not ensure a level playing field. A data produced by one company might not be useful for another company when shared. Sufficient re-working and processing on the received data is required for it to be useful for the recipient entity. Therefore, data cannot be the sole differentiator between two business entities.

Nikhil from Trilegal made a very interesting point where he said that the startup ecosystem in India is marred by a number of issues that hinder the effective growth of small enterprises. Indian startups have to spend considerable amount of time and investment in obtaining clearances, complying with multiple tax laws, setting up telecom connectivity etc. He believes that the Gopalakrishnan Committee Report, instead of acknowledging these deep-rooted problems, looks to shift the blame on to a section of the market, in this case, Big Tech. He acknowledged that there are long-standing problems with Big Tech, however, the report unfortunately does not arm its findings and conclusions with appropriate justifications.

Ganesh from Swiggy responded to this with a very interesting analogy. He agreed that data is not the most important differentiator. He said, “Data is like an engine and when you want to buy a car, you buy the whole car and not just the engine.” He took the example of the state of California in USA, where the GDP is almost equal to the whole of India. California has a bustling start-up culture mainly because the ecosystem is conducive for these enterprises to grow. Therefore, for a thriving market, presence of a healthy ecosystem is equally important than say, sharing of data.

2. What are the legal precedents surrounding the sharing of non-personal data to create a level playing field? Have we seen a proposal like this in any other industry where market power is concentrated?

Nikhil drew a parallel with the telecom industry. He said that in the telecom industry there is some level of voluntary sharing of networks and mandatory interconnections. Mandatory interconnections refer to commercial and technical arrangements under which the telecom service providers (TSP) interconnect their equipment, networks and services so that customers have access to services of other TSPs. He, however, was of the opinion that the comparison between network sharing and data sharing is inaccurate as the sharing of data is much more complex compared to sharing of network or spectrums. Also, data is not a natural or limited resource.

3. If non-personal data is mandated to be shared, what will be the legal constraints on the use of such data? For example: should there be a limitation on the kind of products that can be built with this data to maintain fairplay? What if the entity receiving the data duplicates the product of the entity sharing the data?

Nikhil provides two perspectives here: the IP perspective and the privacy perspective. From an IP perspective, the entity has an IP right over databases or datasets that it creates but not on the raw data, as it can be argued that raw data does not fall within the ambit of IPR. In this respect, the definition of non-personal data is very critical in determining what kind of data can be considered an IP. The definition provided in the Committee report i.e. any data that is not personal is non-personal data, is at best ambiguous. While the Committee has considered this aspect and specified that IP and proprietary information need not be shared, there is already a lack of clarity in the current IPR regime in India on what constitutes as proprietary information. In India, proprietary information is, in any case, not afforded the kind of protection that is provided in more developed economies. These types of information are protected by contractual obligations and confidentiality agreements. In the absence of a robust IP regime in India, the envisioned NPD Authority would have to conduct extensive consultations on a case-by-case basis to determine which non-personal data can be termed as proprietary information. This will lead to inadequate protection of the IP of businesses and create a sense of uncertainty in the regulatory environment.

From the privacy perspective, he said that while non-personal data itself cannot be used to re-identify an individual, in many cases there are layers of non-personal data in a dataset. Such datasets can be processed by AI/ML technologies and can be used to re-identify individuals. Further, if data sharing is mandated, in the absence of a liability framework, the shared data stands a chance of being misused by nefarious actors. This can impact  businesses as well as citizens. Therefore, if a legislation has to come in the future, the government needs to deliberate on what kind of protection and safe harbour it can provide to businesses so that there minimal or no chance of misuse of data.

Navjot was of the opinion that in addition to having a legal framework around data sharing provisions the question of incentives for the entity sharing data should also be looked into. She believes that an absence of an incentive-based data sharing mechanism distorts the free market and defeats the purpose of the report. She also presented a hypothetical scenario from an investor’s perspective. Say, that an investor is funding a business that is collecting car data. If under the proposed legislation, the business is mandated to share its data and the competitor uses this data, what is the benefit of actually putting resources behind collecting this data if the company does not get to use it to build a competitive edge?

4. If this proposal comes through, how will we make sure that data is not shared with shell companies who are later taken over by big companies for securing access to valuable data?

Nikhil stressed on the importance of having recommendations in the report on regulating future acquisitions and a framework to prevent misuse of this law. The report envisages an environment where a data business has to give the data to a startup. However, the report does not delve into what it means by a “startup”. There are many million-dollar valuation startups in the ecosystem. Moreover, if the law requires Big Tech companies to give data to such startups and if they later get acquired by competitor Big Tech companies, how will the law ensure that the data is not misused? How will the law ensure that the competitor does not come out with a product that is based on this data? It seems that the report is not really creating a level-playing field, rather it is distorting competitive mechanisms in the market. Nikhil felt that there should be wider consultations on this aspect of the report, and possibly a whitepaper should come out that takes into consideration all these intricacies associated with sharing of data and how it may impact competition.

Aditi deliberated on the definition of a data business. The definition of a data business is dependent on the volume of data processed; it does not have a monetary basis. The question here is how will that play out if the intended legislation is implemented. She took the example of two large companies, Naukri, an Indian job portal and Netflix, an international OTT platform. Naukri processes a lot of personal data as it goes through people’s resumes which may have phone numbers, addresses and other information related to the job that is being applied for. On the other hand, there is Netflix that hosts a lot of content-related data but when it comes to personal data, its portfolio is fairly limited. The repository of personal data may include the financial data and other basic information that is put in when an account is getting created as well as preferences of consumers. She posed a question on what should be the data sharing criteria for both these types of data enterprises. This is something that needs to be considered in the revised report or the legislation that comes out in the future. Secondly, as per the report, data will be assigned value on the basis of the value-add associated with it and the price of data will be determined by the market economy. This could inflate the value of certain datasets because of greater demand, set a dangerous precedent and harm the privacy of people in the longer run. This is something that the Committee should consider in its future deliberations.

Ganesh had a slightly different take on this. He said that every company collects or processes data based on their requirements, the services they offer, or how they want to enter the market. Just making datasets available is unlikely to yield a competitive edge to a player. The method of utilisation of datasets to roll out offerings in the market, the ability to innovate are much more critical factors than just access to raw/processed data.

5. What will be the impact of mandatory data sharing on foreign investment in the Indian market? Will it be healthy for the growth of domestic startups if foreign VCs reduce investments in the Indian market?

Ganesh said that an incentivised data sharing mechanism will fuel innovation and that can lead to a greater number of startups growing to become unicorns.

Navjot said that regardless of the fact that data sharing is mandatory or incentivised, every entity will have access to same type of customer/ intelligence. When its about raw data, how an entity performs depends on its capability and know-how, but if entities have access to a know-how or a process, it might lead to more competition. So, before answering the question on the impact on foreign investment, these critical aspects need to be addressed.

6. Do you think the competition law should be updated instead and that it is the right legislation to look at some of the market power issues identified in the report rather than having a separate legislation for NPD?

Aditi said that it’s the first time an attempt has been made to lay down a framework for regulating non-personal data, although some efforts resembling this have been made in the past. For instance, EU came out with a notification on data strategy in 2020 that talked about data sharing from government to private entities which is similar to the concept of public non-personal data that is envisaged under the report. However, for private-to-private sharing, the notification acknowledges that this falls under the realm of competition law and does not suggest a separate NPD Authority. The Gopalakrishnan report in comparison takes a huge leap of faith with respect to the fact that access to data gives a competitive edge to a business, the argument for which is not well-founded. She took the example of Alphabet Inc which has acquired around 200 companies since its inception. In most of these cases, the underlying technology and know-how of the companies, rather than data were the main USPs which led to them getting acquired by Alphabet. Hence, in the practical market environment and acquisition considerations, access to technology is the main factor that companies look for.

According to Nikhil, the report actually considers the state of dominance rather than the abuse of dominance as an issue. This sentiment is very anti-market. He concurred with Aditi and said that these issues should be best left to the prudent decision-making of the competition regulator (CCI) rather than having a separate legislation. The proposed framework does not create an incentive mechanism for all the players in the market and the model is mostly socialist in nature, where resources are taken from the haves and transferred to the have-nots.

He said that the government should set an example first and develop a use case by publishing government data. The government is the largest data processor in the country and all its institutions sit on large chunks of data. If this data is put out in the public, it will be greatly beneficial for the society. This exercise should be used as a learning experience to understand the legal, privacy and competition roadblocks before mandating data sharing by private entities.

7. Can the format in which non-personal data is shared also reveal information about the algorithm which is at the core of tech businesses?

Aditi said it would not reveal the algorithm but it might reveal the thinking process of the company. In terms of the legality of sharing of data, there is also an interesting contradiction between the NPD report – it says that source codes and algorithms are proprietary data and should not be shared – and the provisions of the latest version of the National Ecommerce Policy, which says that the government can ask for source codes and algorithms from business entities.

Ganesh said that when data is shared under the proposed law, it would be in an anonymized state and the shared datasets would have several attributes to them. Not all attributes are likely to be beneficial or relevant to all the receiving enterprises. While there might be a possibility of de-anonymization and reverse-engineering of data, this may not be worth the time and effort the company would be required to put in.

8. In the US, where most big tech companies are based, there are still a lot of startups which are founded and those that disrupt industries. How are they able to do it without access to non-personal data from big tech?

Ganesh pointed out that there is a lot of investment, funding and time that is given to research and innovation in the USA compared to a country like India. Going ahead, if there are more incentives that are provided to research and educational institutes, either by way of education policies or otherwise, it would have a significant positive effect on India’s innovation ecosystem.

Nikhil had a completely different view on this. He reiterated his previous point that the reason why startups are not flourishing in India is because of the various in-grained issues such as compliance hurdles, weak IPR regime, exit options and finally, the absence of robust listing mechanisms and criteria. These are some of the issues that need to be fixed first for the overall growth of the startup ecosystem.

Navjot, in addition to agreeing to both the views above, added a very unique and interesting perspective on the conversation. She said that the big question to address is if the enterprises have the technological capabilities to process and optimise data that we already possess. According to her, a lot of companies have huge amounts of data but have not been able to adapt the technology to process it fully.

9. Some startups are saying data is not the differentiator between big companies and them, but the ability to vertically integrate is, what is your view on this?

Aditi said that whenever we talk about digital industries, we have to acknowledge the fact that they have USPs that they can shape shift. For instance, an e-commerce platform can venture into fintech or OTT services etc. In that case, vertical integration can pose a challenge to the competitive market. However, she thinks that this is more of a competition question and should be dealt under the Competition Law.

10. If data is considered as a public good should the principle of rights of eminent domain extend over data, like it does with property?

Nikhil was of the view that data as a property is a very questionable proposition. He referred to Hon’ble Member of Parliament, Shashi Tharoor’s stance in the context of the Personal Data Protection Bill, that data should be treated as an asset and a property and every individual should have a right over that. However, the problem with data being treated as a property is that in India people don’t have a fundamental right to property. This right was taken away by the Kesavananda Bharati vs State of Kerala judgement. As per this, property can be taken away by the government after compensating the land holder. From a civil rights perspective and from a business perspective, it does not make sense to categorise a non-exhaustible resource, such as data, as property.

Nikhil acknowledged that the Committee has taken this into view while drafting the report and has delved into the subject of ownership of data.

11. Wouldn’t this create perverse incentives for orgs to remain small, below the threshold of data sharing? Even Indian startups might feel threatened that they may have to share data if they grow too big.

Navjot took cognizance of this concern and added that the concern is well-placed. She said companies are putting in too much resources, time and funding behind collecting and processing datasets using their sophisticated AI/ML technology but if eventually they will have to share this with other players in the market, they lose the competitive edge. Such mechanisms can disincentivize them from growing.

Aditi tackled the more foundational aspect of this question on how data thresholds will be set. She doubted if such a proposal can be operationalized. The report as it stands does not delve into how to categorize business basis the volume of metadata that is stored, how much data has been processed etc.

12. It seems the report is creating a scheme for statutory licensing of privately held data at graded pricing levels. Can such substantive changes be made by executive action and no legislative amendment?

​Nikhil opined that the statutory licensing of data will need a new law either by way of the PDP Bill or a new legislation. Currently, as the legal landscape stands, there are no enabling provisions for statutory licensing to be notified through executive action.

Unpacking Non-Personal Data – Is Non-Personal Data a National Resource?

Summary by: Deepro Guha, Senior Research Analyst, TQH

In partnership with The Print and Network CapitalTQH organised a series of online discussions on ‘Unpacking Non-Personal Data’, bringing together lawyers, tech policy experts, investors and political voices to deliberate on the proposed framework for non-personal data (NPD) governance. The first discussion focused on defining non-personal data. The second looked at the impact of the proposed provisions on the innovation ecosystem in India and the third deliberated on the question – is data a national resource?

For the  third discussion on 8th August, 2020, Mr. Baijayant ‘Jay’ Panda (National Vice President, BJP) was in conversation with Aparajita Bharti (Founding Partner, TQH). This session focused on data being viewed as a national resource and touched upon the positive and negative implications of getting Big Tech to share non-personal data with startups as envisaged by the Non-Personal Data (NPD) Committee Report.

This piece captures the essential aspects of the above discussion. For details on other discussions in the series, please follow the links below:

Defining Non-Personal Data
Impact on the Indian Innovation Ecosystem


Discussion 3: Is Non-Personal Data a national resource?

Q.1 Who owns non-personal data?

A.1 Mr. Panda acknowledged that this question is one of the biggest questions that confronts modern economies today. The question is relevant because both big companies and governments today collect large amounts of data. Individuals have, for convenience sake, given a large amount of data about themselves to companies and the government, for regulation and governance, has also been collecting data.

Before answering the question, Mr. Panda clarified that he would be speaking only of raw (unprocessed) non-personal data. He differentiates between data which is merely collected as opposed to data which is collected and worked upon (an aspect that would bring in elements of intellectual property rights). With regard to raw data, he said that the question around ownership still remains to be answered; it is not obvious whether the processor should own the data, or the community or the government. He added that India is at the cutting edge of this debate, and such a debate is expected to rage all over the world in the times to come.

Mr. Panda spoke about the example of the data collected by the census. He asked who this data should belong to? Can people say census data should not be shared because they are the owners of the data they have provided? Such questions will need to be answered to opine whether data is a national resource.

Q.2 Will mandatory sharing of data inhibit innovation?

A.2 Mr. Panda spoke of the libertarian world view and the socialist world view and how these are extreme positions vis-à-vis ownership of property. He said we would need to find a middle ground to these viewpoints. He gave the examples of oil monopolies, telecom monopolies etc. which were broken up in the USA in the past to check market imbalance. He also gave the example of net neutrality regulation in India, wherein it was concluded that just setting up infrastructure shouldn’t allow companies the authority to monopolize access to the customer. He added that the NPD Report does not provide for nationalization of data but provides a regulatory structure to create a market for data.

Q.3 Should the Competition Commission of India (CCI) regulate data imbalances in the market, or should there be a separate regulator?

A.3 Mr. Panda again cited the example of the oil/telecom monopolies and the net neutrality issue and brought out the difference between the two, in that, in the case of oil/telecom companies, it was the competition regulator which broke up the monopoly but in the case of net neutrality, it was FCC (USA) or TRAI (India) that examined the issue. He said the reason for this was that specialized regulators are required for new technological sectors because technology is evolving so fast. So even if there are overlaps between different regulators, there need to be specialized regulators when it comes to technology related sectors.

Q.4 Is any data really raw? Given there are so many different types of industries collecting so many different types of data, who decides which data is raw or processed for any industry?

A.4 Mr. Panda stated his preference for free markets but not for absolutely unregulated free markets. He was of the opinion that slicing/dicing of data by companies counts as processed data, but some data like simple locational data would be an example of raw data. He said that the debate on what is raw and what is processed will hopefully get settled going forward through extensive discussions, but the NPD Report has set a good tenor for us to start thinking about these questions.

Q.5 What will be the implications for India’s foreign and trade relations in case India mandates sharing of data?

A.5 Mr. Panda said that this will depend on how the rest of the world decides to go forward. However, India’s move seems rational in the current context. He gave examples of breaking of monopolies in other sectors in the past and how that didn’t prevent companies from coming to India, nor did TRAI’s net neutrality regulations prevent internet companies from operating in India. He also gave the example of Big Tech initially opposing GDPR and data protection regulations around the world but eventually making peace with the regulations.

Q.6 What are the privacy concerns related to anonymized data sets, especially given the concerns around de-anonymization?

A.6 Mr. Panda talked about the leeway we have all agreed to give to privacy concerns to operate in the modern world by giving examples of Google maps, airport scanners etc. He opined that a black and white situation in case of privacy is not possible and 100% privacy can never be ensured. He added that it will have to be an ongoing effort to ensure as much privacy as possible while providing for appropriate regulation. He cited the PGP (pretty good privacy) encryption principle in support of his argument by saying that it wasn’t a cosmic standard of privacy, but a “pretty good” standard. He said that while some anonymity can be ensured, there will always be crooks trying to break it. Therefore, even though perfect anonymity may not be possible right now, we should still attempt to regulate the sector to the best of our ability and continue to increase protections to privacy as per available technology.

Q.7 Should there be legal limitations on usage of shared data by startups?

A.7  Mr. Panda said that the monetization of data should be based on private effort and proprietary knowledge used on such data. He added that monetization would be important for innovation and can actually run both ways (Big Tech to startups and vice versa).

In terms of  legal limitations on usage of shared data, he was of the opinion that we are moving too far ahead of the argument; saying that data will only be shared and given to startups may be a false assumption and data may in fact be shared at all levels. Taking a call on such things at this stage will be difficult because the definitions of raw and processed haven’t even been decided as yet; these issues will need to resolved first before we can discuss advanced issues.

Q.8 Why specifically target the oligopolistic market in tech when other industries also have the same structure?

A.8 Mr. Panda spoke about certain natural oligopolies like oil. He said that the same approach cannot be adopted for every sector/ industry. There has to be a balance between scale and competition, and the means to do that will be industry-dependent. While some concentration of market power may happen, access needs to be given to startups in the tech field to allow them to get a foothold in the rapidly evolving sector.

Q.9 How do you fire up innovation in startups? What about California where there is no mandated data sharing but still lots of innovation?

A.9 Mr. Panda said that, “Nothing succeeds like providing a level playing field.” He also spoke of dangers of overregulation and how regulators should be enablers and not enforcers. He highlighted the need to ensure setting up of infrastructure as the top most priority for tech regulators. He said that California has succeeded in providing infrastructure, knowledge and institutions to fire up innovation. India is trying to do the same; it already has close to 20 unicorns and needs to continue making ease of doing business simpler to further fire up innovation and investment.

Q.10 What is your view on the issue of there being too many proposed data regulators? Would this thwart EODB?

A.10 Mr. Panda  started by saying that there can be a problem of too few or too many regulators. He gave the example of the lack of regulation in broadcasting 30-40 years back – a lot of time was wasted in not regulating a fledgling industry. He said a balance will have to be maintained while looking at the number of regulators. He added that there will mostly be an overlap between regulators’ powers and duties, such as in venn diagrams, but this is not necessarily bad. What we should look to avoid is significant overlap.

Q.11 How do we incentivize data sharing by Big Tech?

A.11 Mr. Panda said incentives would definitely play a part, but cannot be the only solution. He added that a lot of industries ask for self-regulation but this does not always work out, either for consumers or smaller players. To answer this question, we should go to the core issue: who does raw data belong to – the collector of the data, or its source? If it belongs to the collector, then there should be no regulation and only incentives, but if it belongs to the source then only incentives would not serve the purpose.

Q.12 While anti-trust is an issue everywhere, why haven’t other countries gone down the path of sharing data?

A.12 Mr. Panda said that other countries are also looking into this issue and used the example of the EU. He said exploration of this approach started with governments questioning whether they can use data to improve policy making (e.g. preventing crime, improving health etc.). He added that other countries are looking at it, but India is clearly at the forefront on this issue.

Q.13 Do you think India will be seen as overzealous when it comes to regulation of data?

A.13 Mr. Panda opined that India should shed its inhibitions about being a global leader while at the same time not letting hubris get to it. He talked about the scale and technological edge that India has and said that India must utilize this, while at the same time considering all opinions of relevant stakeholders.

Q.14 What is the future path India should take with respect of regulation of data and what would be a legitimate timeline for such a path? Should the PDP Bill be passed first? Should it mention NPD?

A.14 In Mr. Panda’s opinion, we are taking the right path by starting a conversation on the subject. We are hearing all opinions and we don’t want to penalize innovation nor do we want to inhibit new startups. We have to look at what the world is doing and how it is going about regulating data, and take the best models applicable to India. He also spoke about the dangers of trying to get to a perfect system in one go and said that often “perfect is the enemy of the good”. He suggested that we should not hesitate to proceed while continuing to learn and adopt new ways to improve data regulation; we can’t wait forever till every ‘I’ is dotted and ‘T’ is crossed and we must start off with the current knowledge and improve as we go forward.

Unpacking Non-Personal Data – Defining NPD

Unpacking Non-Personal Data – Defining NPD

Summary by Anubhav Khanna, Policy Associate, TQH

In partnership with The Print and Network CapitalTQH organised a series of online discussions on ‘Unpacking Non-Personal Data’, bringing together lawyers, tech policy experts, investors and political voices to deliberate on the proposed framework for non-personal data (NPD) governance. The first discussion focused on defining non-personal data. The second looked at the impact of the proposed provisions on the innovation ecosystem in India and the third deliberated on the question – is data a national resource?

For the first discussion on 6th August 2020 on ‘Defining Non-Personal Data’, we were joined by Nehaa Chaudhuri, Partner at Ikigai Law; Smitha Krishna Prasad, Director at Centre for Communication Governance at NLU Delhi; Ridhi Varma, Research Fellow, National Institute of Public Finance and Policy and Anubhutie Singh, Policy Analyst at Dvara Research. The session was moderated by Deepro Guha, Senior Policy Analyst at the Quantum Hub.

This piece captures the essential aspects of the first discussion. For details on other discussions in the series, please follow the links below:

Impact on the Indian Innovation Ecosystem
Is Non-Personal Data a National Resource?


Discussion 1: Defining Non-Personal Data

A. What are the legal implications of a wide definition of Non-Personal Data?

Smitha Prasad from NLU Delhi was of the opinion that the definitions put forth by the committee are very wide. She also mentioned that without full proof standards for anonymization, concerns around privacy are difficult to mitigate. This can have wide ramifications across the spectrum, from individual privacy to national security. She explained how the committee has also tried to break down non-personal data into two categories – NPD with a human contact element (eg. consumer shopping trends data, payments data etc.) and NPD without human contact (eg. weather reports, rainfall measures etc.). She explained that the committee has looked at various sources of data and has attempted to introduce the concept of community data. Although the report has tried to break NPD into various categories, there is a potential overlap in the way concepts have been defined. The committee has also borrowed from the concepts of the Personal Data Protection (PDP) Bill in terms of assigning various levels of sensitivity to data.  In the PDP, these concepts had taken the shape of general personal data, sensitive personal data and critical personal data. She pointed out that sensitivity can be attributed in two ways. One way sensitivity can be thought of is how much/how critical personal data can be derived from the shared NPD. Sensitivity can also be looked at from the lens of national security and societal welfare. Although the committee has tried to deal with sensitivity, it has left a lot of scope for questions.

B. How much anonymization is required to make Non-Personal Data truly anonymised? How big an issue is de-anonymization?

Anubhutie Singh from Dvara Research talked about how data that is automatically generated from machines, computers, supply chains etc. does not really pose privacy problems. For data involving human interaction, computer science literature proves that dynamic data cannot be completely anonymised and some degree of reversibility always persists. This is especially true for datasets with a high level of dimensionality. She said that under the ideal case data should be completely anonymised, however it is not possible given the current state of technology. In the case of static datasets, if not individuals, groups or communities can be identified. This can potentially accrue harm to a community through the targeted use of data. For dynamic datasets, research shows that it is possible to recreate large portions of datasets which again poses privacy concerns. Complete anonymization, given the current level of technology is difficult to achieve.

C. Given that there are so many actors involved in the data governance space, who is liable in case data is de-anonymised?

Ridhi from NIPFP said that the Data Protection Authority would be liable to frame the standards for de-anonymized data. However, she explained that it would be very difficult to lay down the standards of anonymization and these will need constant revision to keep pace with the fast-moving technology. She highlighted that the NPD report is largely silent on the issue of liability arising in the case of de-anonymization.

D. Given that big tech companies maintain both personal and non-personal datasets of consumers, what are the chances of the provisions of the PDP Bill and the NPD governance framework overlapping each other? How difficult is the segregation of non-personal and personal data?

Nehaa Chaudhary, partner at Ikigai Law highlighted how companies are incentivised to maintain personal data of consumers since each person has a unique consumer pattern and therefore it leaves little incentive for businesses to invest adequately in anonymization (even though in some cases anonymized data may be useful). There can always be a tussle between the individuals, the company and the government regarding the level of anonymization needed.

Therefore, processing data for sharing will also involve some additional value addition from the companies before it can be shared freely with other companies/entities. This forces a ‘value addition function’ on the companies, who may demand to be compensated for the extra investment and effort involved.

E. Wouldn’t difficulty in segregating personal and non-personal data bring in regulatory difficulties?

Smitha talked about past precedents that show ecosystems with multiple regulatory authorities getting encumbered with regulatory conflicts and tension amongst different authorities.

She also spoke about the jurisdiction of the newly proposed NPD Authority overlapping with the domains of intellectual property and competition laws, which already have multiple regulatory bodies overseeing them. Adding another regulatory body may add to confusion and regulatory conflicts, especially when the ambit of issues touched upon by NPD is very wide.

She also spoke about the challenges of building implementation capacity for the new NPD Authority in terms of training of officers, building anonymization infrastructure and the amount of time investment required in getting it up to speed.

F. What are the possible Intellectual Property implications of data sharing?

Nehaa elaborated upon the potential infringement of intellectual property rights which accompany the policy proposals of the NPD report. Datasets come under the ambit of the Indian copyright law and therefore making data sharing mandatory will infringe upon the protection offered to datasets which meet the standard for originality under the Indian copyright law. On trade secrets too, there can be a potential conflict with international agreements such as TRIPS that protect data rights. Nehaa also suggested that companies should not be deprived of their intellectual property since they have invested time, money and effort in building datasets.

G. Given that the committee’s report categorizes data into private non-personal data, community non-personal data and public non-personal data, the definitions may involve some overlaps. How will these definitions play out?

Anubhuti described what the proposed categories of NPD are – public, private and community. She spoke about the difficulties of practical implementation of categorization and the possibility of overlap in the definitions of these types. As these types of data are proposed to be regulated differently, such overlaps would cause great regulatory confusion. Taking the example of toll collection in PPP mode, she spoke about confusion around the ownership of data collected at the tolls – should it be with the public entity or the private? She also highlighted the ambiguity in the definition of the word “community” and the problems created by the fact that sub-groups within a community may not have their incentives aligned with the rest of the community.

H. The committee’s report talks about how a community may be harmed in case of a breach of community privacy. What is the concept of community privacy and how is the report trying to address it?

Ridhi spoke about how contravention of collective privacy may lead to community harm. She said that the NPD Report falls short of providing any concrete details on how collective privacy may be protected or how community data rights may be enforced.

I. Different platforms maintain data in different formats. Is it possible to have a common standard way of sharing data?

Smitha explained that mandatory sharing of data is aimed at fulfilling many purposes ranging from supporting businesses to national security concerns. Different purposes will need data in different formats. The report does not go into details about the contours of how data will be shared.

Audience Questions

Has any other country made a regulation around non-personal data sharing? Is there any precedent to what this committee has proposed?

Nehaa said that the model suggested by the NPD report seems novel and not exactly followed by any country till now. She emphasized on the need to have a voluntary data-sharing arrangement wherein terms of sharing are left up to the parties involved. In this context, she spoke of the importance of data marketplaces and their importance to serve the data sharing purpose.

Anubhutie added to the above by citing the EU NPD Regulations and an OECD Report that speaks of data sharing and the economics of the same. Nehaa added that the OECD Report being spoken about also warns against mandatory data sharing provisions.

What is the distinction between raw and processed data? Since the usage of data depends on the way in which it was collected, can it be argued that all data is processed in some way?

Smitha explained the difference between raw data and processed data based on the level of effort put into the data. She also said that definitions in the NPD Report do not make these distinctions very clear. She likened raw datasets to sets that have been put together with no particular purpose, but she added that practically no dataset would be collected without any particular purpose.

Will the provisions of non-personal data governance apply to data processors? Are they allowed to read the data that they store? How will they differentiate between personal data and non-personal data?

Anubhuti explained that data processors are entities which enter into an agreement with data fiduciaries. Hence, the data processor can be held to the same standard as a data fiduciary [the report is silent on the issue]. She added that a data processor might be characterised as a “data custodian” in the NPD framework.

Nehaa said that data processors do not exercise any control. Data processors offer infrastructure and tools to perform analytical work. Consequently data processors should not have the same obligation as data controllers/ fiduciaries. From a legal standpoint, the difference between processors and controllers is underpinned by law. Any transfer of obligation by contract happens, but it has to be a reasonable transfer such that the data processors are in a position to stand up to the obligations transferred. She said that the report has not made this distinction clear.

In the case of mixed datasets will the companies be required to segregate their data in personal and non-personal data? How execution heavy is this? Can there be cases where datasets cannot be separated?

Ridhi answered this question by bringing to our attention the various subsets of data suggested by the report – sensitive, critical, personal, community NPD etc., and how one dataset may fall under multiple heads. She said  that this is also likely to lead to regulatory confusion with regards to who the data trustee would be in case of a mixed data set.

Smitha added that personal data includes data which is personally identifiable. The PDP Bill also talks about the idea of inferred data. She gave the example of movies or TV shows which may be popular among a certain group of people and how the line between personal and non-personal data becomes blurred for such datasets.

Should the Personal Data Protection (PDP) Bill talk about non-personal data at all?

Nehaa opined that PDP should not be the place where you regulate NPD. There should be a negative definition for defining personal data such that it restricts the scope of the Bill. There is need for a marked distinction since the NPD and PDP are different paradigms. Anubhutie agreed with Neha while adding that there may be a better way to regulate NPD than the way the committee has tried to do.

How do we balance the interests of an individual’s privacy and that of a community? If I share my blood sample data publicly it will expose the genome data of my family. Can we balance it?

Ridhi acknowledged the concern around the overlapping rights and interests of multiple entities who can share the same dataset. She went to explain how data which may be non-personal from one standpoint may not be non-personal from another standpoint. She supported this by giving the example of IP numbers which are akin to non-personal data for individual consumers (who do not have access to the computing power to de-anonymize users), but can be personal data for service providers who have access to the technology to de-anonymize them and identify the users.

There are so many entities that have been proposed by the NPD committee. Do you see any issues with the way they are defined? What are the potential points of confusion?

Anubhutie responded with the example of a data trustee. She highlighted the challenge of identifying the most representative/appropriate data trustee for the community. She also spoke about the challenge of demarcating what a data business constitutes. She highlighted the part of the NPD Report which says that a business that does not deal with data can still volunteer to become a data custodian. She also highlighted potential issues around data trusts which are proposed as new infrastructure for holding shared NPD, but how these trusts will be structured is not clearly laid out.

Nehaa also pointed out the potential conflict of interest with the state acting as a data trustee. She said that the state in India is an amorphous entity ranging from a public sector unit to the central government. Such government entities have an interest in processing data for both commercial as well as delivery purposes. She pointed out that governments have increasingly become creators of competing platforms for various delivery based services such as e-commerce. For a data trustee to have direct interest in processing data poses a conflict of interest.

Menstrual Hygiene Management – Lessons for States

Menstrual Hygiene Management – Lessons for States

Published: September 2019

Of 355 million menstruating women and girls across India, a large number still face significant barriers to experiencing menstruation in a comfortable, dignified and hygienic way. This is where menstrual hygiene management (MHM), which is about creating an ecosystem that allows for women and girls experiencing menstruation, to do so in a safe and dignified way, assumes importance. It includes awareness, easy and affordable access to feminine hygiene products to absorb or collect menstrual blood, privacy to change the materials for protection, and access to facilities to dispose of used menstrual management materials.

To achieve proper menstrual hygiene, there is a need to address all the above four prongs of menstruation, equally. However, social stigma and misconceptions surrounding menstruation have resulted in it receiving limited attention from community elders, policy makers and development actors in India. One of the major drawbacks of such social stigma is the inaccurate and/or incomplete knowledge about menstruation. At an individual level, this lack of information directly impacts how women and girls maintain menstrual hygiene, with poor hygiene increasing their susceptibility to reproductive tract infections. At a broader level, poor knowledge of menstruation translates into absence of appropriate supportive infrastructure, and a lack of access to safe and hygienic menstrual hygiene products, particularly among rural and economically deprived communities. This is amply demonstrated by the 2016-17 National Family Health Survey-4 (NFHS) report which highlighted that overall, only 57.6% of India’s women aged between 15-24 years used hygienic methods of protection during menstruation.

Proper menstruation practices and sanitation, along with infrastructural support for women-sensitive toilets and buildings, can contribute significantly to women’s empowerment as it decreases absenteeism in schools and employment spaces. It can also aid in erasing taboos and misinformation associated with the same, thereby significantly impacting a woman’s feelings of self-worth, and easing the psychological toll of menstruation, in turn making them active participants in the socio-economic space.

Tamil Nadu has long been considered a pioneer in menstrual health management, and is known for being among the first states in India to introduce measures to systematically overcome/combat the lack of awareness about and access to, hygienic menstrual practices. This report seeks to undertake a case study of Tamil Nadu to find the most effective ways to universally promote MHM, with the aim of ensuring access to hygienic menstrual health practices for all women in India. Studying the best practices of Tamil Nadu and how it has achieved its current levels of menstrual hygiene practices, will allow us to make recommendations that can be effectively replicated at a larger scale across other states that fare poorly on MHM currently.

The full report, a policy brief and a MHM plan template for states can be accessed below. For any queries on the subject, please feel free to write to us at [email protected]

Detailed report
Brief for policymakers
MHM Plan – A template for state governments

Framework for Regulating Encryption in India

Framework for Regulating Encryption in India

Published: April 2019

As India forays into a digital revolution that – even in its formative years – has triggered massive transformative changes across the country in areas such as communications, financial inclusion, e-commerce and e-governance, the need for protecting our citizens’ right to privacy and freedom of expression is more pertinent than ever before. Encryption, as a crucial enabler of these rights and liberties, has therefore gained much recognition across public and private domains as the foremost tool for information security. At the same time, the rapid advancement in the use of technology for malicious purposes (such as acts of terror, incitement of crimes, fake news, and sharing of indecent content) has blurred the lines between consumer privacy and national security, and has brought the question of regulating encryption to the forefront of our fast evolving cyber policy.

In this study, we have attempted to envision a framework for the regulation of encryption technologies in India – one that acknowledges the importance of consumer privacy and technological innovation, while not diminishing the role of the government in protecting national security. Through a critical evaluation of the encryption ecosystem, we have presented a rationale for state intervention for the purpose of correcting detrimental market failures. Thereafter, we have undertaken an in-depth analysis of regulatory frameworks across the globe, so as to study best practices in encryption regulation adopted by various countries, and to evaluate their application in the Indian context.

Keeping in mind the unique ‘double-edged’ nature of encryption, we have sought to balance the interests of public as well as private stakeholders. Through an analysis of the non-negotiables that must be borne in mind by any policy that hopes to oversee encryption, we have arrived at a set of recommendations that are bucketed into two categories – (1) the use of encryption for improving data protection, especially sensitive information; and (2) interception of encrypted information for law enforcement.

To strengthen data protection, we recommend bolstering pecuniary damages in case of data breaches and building a publicly available repository of such breaches. We also suggest instituting preventive measures by establishing a voluntary third-party accreditation system of data protection certification/seals.

With respect to interception, and to alleviate the challenges that encryption creates for law enforcement, we recommend that service providers and the government work together to develop mechanisms and modify technology, as required, to allow for lawful interception requests to be serviced. We also recommend improving checks and balances in the use of hacking by law enforcement agencies as well as extending legislative support to ‘ethical’ hacking.

These recommendations would not only assist our policymakers in protecting the rights and freedoms of Indian citizens’, but would also help them build trust among the various encryption intermediaries in order to achieve better public-private cooperation for the country’s national security efforts.

Access the full report here

Advancing gender equality in a post COVID context

Advancing gender equality in a post COVID context

Published: August 2020

The COVID-19 pandemic has affected all Indians, particularly vulnerable groups, including women and girls. If evidence from previous disasters and health crises is any indication, women will be disproportionately affected during this pandemic. Within homes, women and girls who already do more than six times unpaid work than men, now shoulder added responsibilities of feeding and caring for children who are not going to schools as well as care work for the elderly, sick or disabled family members.

Outside their homes, shrinking employment opportunities and the resultant loss in bargaining power has compounded the problems faced by women. The decline in decent work opportunities and loss of income can, among other things, lead to a loss of independence, agency, and undo several years of progress achieved through gender-responsive policies. Such losses may also make it more difficult for women to escape situations of domestic violence.

The dangers faced by frontline workers, a majority of whom are women, is another source of worry created by the pandemic. These problems are expected to put additional pressure on the existing ailing economy. Even before the pandemic began, the Indian economy had been beset by falling investment and low growth. Rural India, in particular, had been suffering from agrarian distress which had affected livelihoods significantly.

The disproportionate impact on women and girls calls for more gender-responsive interventions and relief measures. It is becoming increasingly important to expand opportunities for wage employment and enhance food security and nutrition. Evidence shows a clear correlation between food and nutrition insecurity and gender inequalities, with mothers and daughters usually eating last as well as the least nutritious food in Indian households. Therefore, expanding social security benefits, improving access to and availability of employment and decent work opportunities, particularly for women, can help address nutritional and food security challenges during the pandemic.

This analysis, undertaken in collaboration with IWWAGE – Initiative for What Works to Advance Women and Girls in the Economy – explores possible government interventions to advance gender equitable outcomes in the post COVID context.

Read the analysis here