India is increasingly rushing into a licence-permit raj for the data economy. Even as the Personal Data Protection Bill, 2019, is being considered by Parliament, the government’s (Committee of Experts on Non-Personal Data Governance Framework) has sought comments on a draft report for regulating non-personal data. If accepted in its current form, the report is likely to seriously erode, if not end, India’s competitive advantage in information technology.
Unlike personal data, there is no clear rationale for why the use of non-personal data needs regulation. Most governments regulate personal data for the possibility of misuse against individuals. Non-personal data is by definition data unrelated to individuals, and no country has so far announced any concrete plans to regulate it. Since India is likely to be an exception, one would have expected a strong, evidence-based case for regulating non-personal data. Worryingly, the draft report adduces hardly any evidence.
The draft report argues first, that companies that have a first-mover advantage in data-related businesses have an enormous competitive advantage. It states that since this advantage is hard to overcome through market forces, there is a need for regulating their use of data. It does not answer why competition law and India’s Competition Commission are inadequate, or how non-personal data regulation would be a better method for promoting competitiveness. Second, it provides only hypothetical examples of how anonymised personal data could be de-anonymised to target individuals or groups. However, since such de-anonymised data would become personal data, the use of such data should be governed by personal data regulation under the Personal Data Protection Bill. Third, the report argues, again without evidence, that the mandated sharing of non-personal data will lead to higher innovation. This, despite overwhelming evidence highlighting how the expropriation of private property discourages innovation and growth.
On these shaky foundations, the draft report proposes an expansive regulatory regime that would mandate data-sharing by anyone collecting data above a certain threshold, and require registration with another new data regulatory body for anyone collecting or deriving benefits from non-personal data. Also, it proposes state “beneficial ownership” of certain categories of non-personal data. For this, the report makes a specious argument — that useful data created by a business should no longer be considered property owned by it: “The term ‘ownership’ holds full meaning only in terms of physical assets.” It says that the government should be the beneficial owner of what it calls “community non-personal data”, which is still data collected and generated by the private sector. Not only does this upend India’s existing regime for intellectual property, it also goes contrary to global property rights protections India has signed up to.
If implemented, this is likely to have deleterious effects on innovation not just in the IT sector, but in any industry that uses data. The volume-based threshold for compliance is likely to have the same results that such frameworks have had in India’s manufacturing sector, where firms stay small to avoid compliance.
Over decades, India has learnt hard lessons regarding the interaction between state regulation and private enterprise. The rollback of the state has led to an astonishing proportion of India’s population escaping poverty in the last three decades. State regulation must identify concrete problems, not create interventionist bureaucracies based on potential ones. These lessons have made India one of the world’s largest economies and enabled the present government to seek “atmanirbharta”.
By ignoring these lessons, the report proposes to replicate the failures of regulation in the industrial sector in the digital economy.