There is a distinction between rival and non-rival goods. Material goods cannot be used by multiple people at the same time, making them rival goods. On the other hand, information, ideas and data are non-rival which means they can be used by multiple people at the same time without reduction in their value or utility. Exclusive property rights which apply to material rival goods are inherently unsuitable to the non-rival domain. Reuse of the same set of data and information for multiple purposes is also not an issue. If one has it, do not exclude others from having it too. This reduced excludability has created the root cause for property rights problems in digital information technology such as: (a) piracy of copyright protected digital products, (b) privacy issues in personal data, and (c) private ownership of data.
The case of non-personal data coming out of sensor readings, or aggregated data which has been anonymised, is different, as it is not produced with a creative human effort. Hence the intellectual property associated with such data is not at par with a design or a formulation or a trade secret.
The Government of India recently received a report from the ‘committee of experts’ working under the chairmanship of Kris Gopalakrishnan. This expert committee was set up to deliberate a ‘Non-Personal Data Governance Framework’ with the following terms of reference:
1. To study various issues relating to Non-Personal Data.
2. To make specific suggestions for consideration of the Central Government on the regulation of Non-Personal Data.
While aspects of personal data protection, individual privacy and liabilities of various stakeholders are well covered under the (proposed Personal Data Protection Bill, 2019, the current report opens a Pandora’s box in terms of ownership, economic utility, ethics and governance framework for non-personal and aggregated data.
Today’s economy is fast turning into a data economy, and market forces have created giant monopolies which hoard personal and non-personal data from various interactions and sensor readings. These data points streaming out of personal devices, cameras, measuring meters, QR code scans, administrative data from smart cities can lead to enormous gains in understanding about public health, security, economy and governance measures.
Adam Thierer in his book, Permission less Innovation: The Continuing Case for Comprehensive Technological Freedom, asks a fundamental question: “Should the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations?”
The answer to this question is polemical. The rise of tech giants which thrive on user generated data has created data monopolies and data barons. These behemoths not only create ‘big data’ every moment, but they have deployed huge compute and complex architectures which are beyond the reach of any innovator or new entrant to collect, access or process, let alone derive value from it. They also shape the environment in which businesses operate to create huge entry barriers utilizing a first mover advantage. It is time that public data is considered as a species of commons and not the sole property of the business or organisation which generates it during the course of its transactions or commerce. While data as a commodity is being monetised through data brokers, it is not available to researchers, governments, startups and the public at large.
Unlocking of big data from the confinements of proprietary ownership will need to have standards, interoperability and norms of sharing in place before we reap its benefits. Apart from the commercial value of the data, there is a great potential to improve dimensions of human life like: (a) public health; (b) personal safety and (c) violence against the person. And with benefits comes the potential for misuse as the dramatic reduction in the cost of conversion, copying and transmission of digital content between carriers significantly reduces the natural excludability barriers conferred on information by its material carrier and technology becomes more ubiquitous.
Data has a net asset value, and despite the rapidly growing volume and economic importance of data in the digital economy, legal aspects surrounding data are somewhat ambiguous because there is no well-established property right regime for data. Ambiguity on aspects of data ownership, access and trade, and De facto data ownership dominates and often leads to fragmentation or anti-commons problems in data. Similarly, there are multiple areas of law or different legislative regimes that surround or cover data but none of them covers the whole field of data related issues. For actors within the data economy, this scattered legislation presents significant challenges. This is especially true regarding non-personal data, since the rules under the Information Technology Act and pending Personal Data Protection Bill provide lex generalis for personal data while the free flow of non-personal data regulation only regulates specific issues. Some issues are regulated whilst some are not.
Data trustees and stewardship
In order to ensure that data sharing processes are transparent, privacy is safeguarded and individual control over data is enabled, the data stewardship models will play an important role. This can be implemented effectively if principles of independent governance, transparency and purpose limitation are adhered to.
The defining qualities of stewards: (a) to be able to exercise independent governance and (b) act as impartial and neutral actors with no conflicting interests or desire to commodify data, can be put in action by instating a trustee board that provides oversight and checks for compliance of the steward.
In order to increase transparency, information about key decisions or actions taken by the steward that may have implications for the sharing of stakeholder data must be made available to concerned parties. Purpose limitation requires that the steward restrict data processing for anything outside the scope of consent that was negotiated with beneficiaries. The possible routes to achieve this are via consultations to secure consent and build data use policies and form data sharing agreements.
The world will generate about 90 zettabytes (approximately a billion terabytes) of data in 2020. By 2025, worldwide data is expected to grow to 175 zettabytes. Digital Information has replaced oil as the world’s most valuable commodity. In order to become a digital economy, India needs to develop a new architecture for systematic data collection and grading, data access and sharing, and data analytics among a wide variety of organisations.
Data value chains that cut across organisations currently do not exist. The risks and uncertainties associated with data sharing between organisations, even between divisions or branches in the same organisation, are inhibiting data sharing and therefore the need for foundational standards to bring clarity to intended users across new data value chains, establish common parameters, allow for interoperability, and set verifiable data governance rules to establish and maintain trust between participants and with regulators.
India’s effort to regulate the non-personal data space stirs up various questions, whose answers will determine the course of business, economy, citizen rights and national sovereignty. A fresh approach to non-personal data should lead to greater digital transparency, removal of entry barriers for smaller players, improve choice and efficiency, improve competition and create a level playing field for all.
Brijesh Singh is Inspector General of Police, Maharashtra, and Khushbu Jain is a practising advocate in the Supreme Court. Views expressed are personal.