|
|
|
Non-Personal Data Policy: Citizens cite risks of targeting, surveillance, data misuse
|
|
|
|
Top Stories |
|
|
|
|
Sanjeev Sharma | 24 Sep, 2020
The citizen feedback on the Non-Personal Data draft policy is not
positive as people say there is very little to gain and the risk is of
increased targeting, surveillance and data misuse.
According to
Local Circles, Non-Personal Data draft policy has gotten the dialogue
started amongst citizens and businesses, it needs to be revisited
considering the findings of a survey. "From a citizen standpoint, there
is very little to gain and the risk is of increased targeting,
surveillance and data misuse," it said.
The nine-member committee
set up by the Ministry of Electronics and Information Technology,
released a draft non-personal data policy in mid-July giving the public
two months to provide feedback. Per the policy, any data which does not
contain any personally identifiable information of an individual is
termed as non-personal data.
For example, while order details
collected by an e-commerce platform will have the name, age, address and
other contact information of an individual, it will be considered
non-personal data if specific identifiers like name, address and contact
information are removed.
NPD also classified non-personal data
into three main categories - public non-personal data, community
non-personal data and private non-personal data. Although many experts
say that this policy is a forward looking step and will create a culture
of data sharing of non-personal data which will bring overall benefits
to the country, MSME and startups as well as citizens do not seem to be
in favour of the policy in its current form.
Citizen databases in
India tend to sell for low prices and if one combines 2-3 of the
commonly available databases along with say aggregate data from a large
company, an individual can almost be fully profiled.
On the small
business front, making the data available for a price is a non-starter
and most believe they will be spectators to a data purchase war between
large businesses.
"The Covid-19 pandemic has pushed most
businesses behind by 2 years or more as far as their turnover and
profitability is concerned. Another disruption in form of a mandatory
aggregate data sharing program where hundreds of requests for data are
coming is something that large businesses are bound to shy away from for
the next few years. So let us ask again, who are we trying to really
help and then redraft this policy," Local Circles said.
The best
approach at this point is for the government to embark on a massive data
aggregation and eventually sharing exercise of the various central,
state and local databases which can then be used by startups and MSMEs
to build innovative products and services on.
As far as data
sharing by businesses go, a voluntary to mandatory aggregate data
sharing program say over 3 years for businesses above Rs 500 crore
annual turnover where businesses decide what data they share would be a
good starting point.
LocalCircles decoded the 72-page detailed
document and converted it into a simple survey on the key issues so
common citizens, MSMEs and startups can participate and share their
feedback. The survey received over 17,000 responses from citizens while
over 15,000 responses were received from the startups and MSMEs spread
across the country.
The government, via its Non-Personal Data
Policy draft recommendation is mandating that Indian authorities can
seek anonymised aggregate data of citizens from businesses to better
understand the industry or for any other reason. Such data could include
purchases made, services availed, calls made, health condition, etc.
was the first issue discussed with citizens.
People were asked if
they would be willing to give their consent for this and share their
data in anonymised form. In response, 27 per cent said they would never
want to share their anonymised data while 35 per cent said they will be
willing to do so only in a law-order or an investigation situation. Only
30 per cent citizens said they were willing to share their anonymised
data with the government for general purposes.
The kind of
concerns that were raised by people included misuse of data for
targeting specific communities or people residing in a particular area.
One
of the examples cited was targeting around elections in terms of a
political party or a candidate being able to find out what people of a
particular area were searching on an e-commerce site or on the internet.
According
to many respondents, the purpose or objective data should be very clear
and specific before such information or consent for such information is
sought from them. For instance, if the objective is to improve the
government's school education system, the same should be stated
beforehand and upfront when the data is sought. Not having to know what
the data will be used for in the future creates suspicion according to
many citizens.
The Non-Personal Data Policy also proposes that a
business that collects user data can sell it to other businesses or a
Government body after anonymising it. Citizens were asked if they
support such selling of their anonymised data, to which 81 per cent
responded in a negative, while only 14 per cent responded in a positive.
Local
Circles said this means that only 14 per cent citizens support
businesses selling their anonymised data to other businesses and
government.
The big concern here amongst people is that if any
organisation especially a business is purchasing aggregate data from
another business, there is a high likelihood that it will use it to
target communities or groups of individuals with their products and
services.
This will likely mean unsolicited offers, spam and
targeted advertising. Hence, a high majority of the 81 per cent people
voted against such a possible move. Even if the purchasing organisation
was a government department, people are still concerned that such data
will ultimately be misused and reach businesses.
The draft
Non-Personal Data policy mandates that a business must sell their
customers' anonymised data to other businesses or government if they are
willing to purchase the same. The final question asked how such a
clause will impact businesses. 19 per cent said it will help large and
heavily funded businesses only, 35 per cent said it will help large and
heavily funded businesses and the government, 20 per cent said it will
help businesses of all sizes, while 26 per cent were not sure what would
happen.
This is one of the most important inputs from startups
and MSMEs where they believe that while such a policy may have a stated
objective of helping small businesses, it will likely do the opposite if
the aggregate data of businesses is requested to or sold by the
business as a revenue stream for a price.
Many startups and MSMEs
believe that this will lead to one large company buying aggregate data
of another large company while small businesses struggle to make ends
meet. Most small businesses, be it an Indian startup or an MSME will
find it extremely difficult in majority of the cases to pay high prices
for such data.
Large companies also in some cases are likely to
resist selling their data if its core to their business model, leading
to rejection of the data request or going to court.
In the next
question, businesses were asked that before the Government mandates
businesses to share their aggregate anonymised data, should the
Government mandatorily share its aggregate anonymised data like
municipal, health, traffic, water, environment, court pendencies, etc,
so innovators can build new value added services upon them. 72 per cent
answered in a 'yes', while 16 per cent said the businesses should do it
first. 12 per cent were unsure.
|
|
|
|
|
|
|
|
|
|
|
|
|
Customs Exchange Rates |
Currency |
Import |
Export |
US Dollar
|
66.20
|
64.50 |
UK Pound
|
87.50
|
84.65 |
Euro
|
78.25
|
75.65 |
Japanese
Yen |
58.85 |
56.85 |
As on 13 Aug, 2022 |
|
|
Daily Poll |
|
|
PM Modi's recent US visit to redefine India-US bilateral relations |
|
|
|
|
|
Commented Stories |
|
|
|
|
|
|
|
|