India seeks to limit Facebook, Google dominance over online data
India needs a new data regulator to oversee the sharing, monetisation and privacy of information collected online, an expert committee appointed by the government has recommended.
In a 72-page report seen by Bloomberg News, the eight-person panel said that “market forces on their own will not bring about the maximum social and economic benefits from data for the society” and identified key issues that a new regulator would have to tackle. It would have to ensure that all stakeholders follow rules, provide data when legitimate requests are made, evaluate risks of re-identification of anonymised personal data and also help level the playing field for businesses, the report advised.
The document named US giants Facebook Inc, Amazon.com Inc, Uber Technologies Inc and Alphabet Inc’s Google as the beneficiaries of first-mover advantages and network effects that have “left many new entrants and start-ups being squeezed and faced with significant entry barriers”. The regulator’s envisioned role in facilitating data sharing would be to lessen these effects and also spur innovation, economic growth and social well-being.
As countries around the world from the UK to China tighten data protection within their borders, India is moving to draft and reinforce policies governing its burgeoning digital economy. It already has a bill for governing the use of personal data, and this latest report recommends adding the non-personal data regulator via legislation as well.
Non-personal data refers to information that does not include any details such as name, age or address that could be used to identify an individual. It also comprises data that was initially personal but later aggregated and made anonymous.
The rules proposed in the report would govern collection, analysis, sharing, distribution of gains, as well as the destruction of data. This is with the goal of providing certainty for existing businesses and incentives for the creation of new ones, so as to tap the “enormous” social and public value from data, the report said.
The committee recommended creating a new “data business” classification for those firms that collect, process, store, or otherwise manage data. Those may include health, e-commerce, internet and technology services companies, many of whom were consulted by the committee prior to the drafting of the report. Data businesses are envisaged as encompassing various industry sectors. “The compliance process will be lightweight and fully digital,” the report said.
“Just like the economic rights to natural resources arising from a community are considered to primarily belong to it, the value of social resources of Community Non-Personal Data should primarily accrue to it (instead of the default whereby data custodians take up the entire value of such data),” the report said.
The committee’s head Kris Gopalakrishnan, who co-founded information technology (IT) services company Infosys Ltd, as well as Debjani Ghosh, the president of NASSCOM, the IT services industry trade group, declined to comment.