Watch Session 2 on Privacy and Non-Personal Data live: #NonPersonalData
A news report suggested that the Indian government is working on a new draft of the data protection bill. It makes a bit of a mockery of our efforts in the last 4-5 years by engaging in the consultative process. - @SmritiParsheera#NonPersonalData
@SmritiParsheera The government should not focus on NPD governance framework. We have been prompted to think about why the government is seeking to regulate NPD considering the fact that we do not have a personal data protection bill in place. - #DigvijayChaudhary#NonPersonalData
The fact that personal data bill is about personally identifiable information. The group as a unit of a privacy protection, is that something which is being considered in NPD or PDP bill?. @SmritiParsheera#NonPersonalData
There are two kinds of risks with processing of NPD. Reidentification risk. So in our data protection laws, the underlying assumption is that they consider the nature of data as stable. however, inreality the nature of data is more volatile. - #DigvijayChaudhary#NonPersonalData
Therefore, segregating data on the basis of definitions is extremely difficult. specially considering the processing power of big data machine learning, and how big data upsets such regulatory mechanisms... - #DigvijayChaudhary#NonPersonalData
Second risk would be - group privacy risk/collective harm risk. the only bright line in the NPD expert committee report, was its recognisation of group privacy as a concept. #DigvijayChaudhary#NonPersonalData
Primarily anonymisations as a technnical construct as failed. The primary reason is free flow of data everywhere. In dark markets, they take data from three or four different sources. - @iam_anandv#NonPersonalData
For instance, they will get data from clubs, gyms, leaked payment companies -- so what you get is everyone has different anonymisation standards. And everyone has a different way of doing it. You cant go enforce a standard on every piece of data... - @iam_anandv#NonPersonalData
So as a dark trade aggregator, even if they don't have direct access to data , they will get primary and tertiary anonymised data...and then try to link it using identifiers. - @iam_anandv#NonPersonalData
When data was a limited commodity, and not everywhere avaialble anonmisation generally worked. When data is not a limited commodity, free flowing everywhere, it makes it very easy for one to develop deanonymisation solution. - @iam_anandv#NonPersonalData
@iam_anandv In the privacy world, we rely so much on notice and consent, and here the committee is talking about opt out so as to choosing what to do with anonymisation. @SmritiParsheera#NonPersonalData
Privacy harm is not just about correctly deanonymisaiing, it is also about incorrectly deanonymising. - @iam_anandv#NonPersonalData
There are fundamental misconceptions leading to include NPD in PDP bill. The JPC believes there are privacy risks in NPD. NPD does not involve PII. There is a taxonomy of data classification in privacy law which flows from sensitvity of data - @amlanjo#NonPersonalData
There is no sensitivity to NPD. The definition of personal data relates to a natural person and that is why NPD doesn't fit within the realm of PDP bill. It is difficult to imagine how one can perpetuate privacy harm without demographic data. - @amlanjo#NonPersonalData
Work is required at all levels, governemnt industry and consumers soo that any ogvernance framework which ompacts consumers works sufficiently. - @amol_kulkarni1#NonPersonalData
There is a genuine expectation of privacy and no harm will occur to them as part of data collection. There is a very limited set of consumers who understand and read terms and conditions. When we come to NPD, it all goes haywire. - @amol_kulkarni1#NonPersonalData
The point is that consumers will come to know about a breach when there is harm. There is a lot of categories of harms. One of the things we have noticed is exclusion. The awareness of benefits, the lack of which leads to exclusion, is limited @amol_kulkarni1#NonPersonalData
In the existing IT Act, & PDP bill, it coves situation where one can take data, different types of data, indirectly, or directly to identify an individual person. Any privacy risk that arises from such a situation will be addressed by PDP bill...- @amlanjo#NonPersonalData
The big picture of where NPD recommendations are coming from that is not core of their objective. Their objective is about unlocking social and economic value of data. Privacy becomes about protecting collateral damage. - @SmritiParsheera#NonPersonalData
I think the right framework to think about PII is messy. Classification works by doing arbitary assumption of what is a privacy harm and then you address it retrospectively. - @iam_anandv#NonPersonalData
Regulation of NPD will involve human (anonymised data sets) and non-human NPD (pseudonymised data). There are four areas of concerns— competition; trade-related issues; national security; and privacy risks. - #DigvijayChaudhary#NonPersonalData
Can we afford to give discretionary powers to private sector entities when we are talking about using data for greater public good. There is a greater need for govt, private sector and consumers to work on this issue. @amol_kulkarni1#NonPersonalData
There are multiple objectives one of them is breaking data silos and data monopolies and having mor eequitable access to data. There is a chance of state intervention leading to harm which is equivalent to harm being brought my market power. @SmritiParsheera#NonPersonalData
The smartest people in tech policy read MediaNama. Subscribe today to access our reporting, member-only discussions and much more. medianama.com/subscription.
If you would like to support discussions like this one, please reach out at medianama.com/events. #NonPersonalData
LIVE 🔴 | How do we address data monopolies? Should they be mandated to share non-personal data publicly? Our third session is on Competition, Antitrust and Non-Personal Data #NonPersonalData
LIVE 🔴 | Our first panel is on Startups and Non-Personal Data where we’ll aim to understand the experience of sharing NPD, the risks involved in doing so and whether startups can benefit from greater access to NPD.
LIVE 🔴 | An exclusive interview with MP Amar Patnaik, Member of the Joint Parliamentary Committee on the Personal Data Protection Bill, is now being screened at MediaNama’s Regulating Non-Personal Data. #NonPersonalData
The main reason for clubbing non-personal data with PDP Bill is the fact that it is difficult to distinguish between personal and NPD in tight packets all through the process of collection of data. - @amar4odisha#NonPersonalData
Therefore, if there are two different authorities, that is one for the personal data and other for non personal data, then there is every likelihood of confusion, turf wars and ultimately the data principals suffering. - @amar4odisha#NonPersonalData
🚨 MediaNama’s conference on Regulating Non-Personal Data is going live soon #NonPersonalData:
We will begin with an interview with @amar4odisha (Rajya Sabha MP and Member of JPC on PDP Bill), followed by sessions on Obligations of Data Fiduciaries and Cross Border Data Flows. #NonPersonalData
The discussion will be live streamed at . Please feel free to share this link on social media or with friends/colleagues who might be interested. #NonPersonalData
🚨Day 1 of MediaNama’s conference on Decoding India’s Data Protection Bill is going live soon #DataProtectionBill2021
We will begin with an opening keynote by @mpriteshpandey (Lok Sabha MP and Member of JPC on PDP Bill), followed by sessions on Obligations of Data Fiduciaries and Cross Border Data Flows. #DataProtectionBill2021
The discussion will be live streamed at . Please feel free to share this link on social media or with friends/colleagues who might be interested. #DataProtectionBill2021