[Ed Note: The following post is part of the TLF Editorial Board Test 2020-21. It has been authored by Saumya Khandelwal, a second year student of NALSAR University of Law.]
Recently, a report on the ‘Non-Personal Data Governance Framework’ was released by an expert committee established by Ministry of Electronics and Information Technology (MeitY) for recommending a framework to regulate Non-Personal Data (‘NPD’). NPD is electronic information that cannot be traced back to an identifiable natural person (learn more about what is data governance here). The committee, believing in the huge potential of data, strove to create a framework to unlock the economic, social and public value of data. One of the objectives of the report is to wipe out the possibility of data monopolies. It aims to create certainty and incentives for innovation to encourage domestic start-ups, spurring digital economy growth. The recommended framework: enabling start-ups/businesses to access meta-data of data-driven businesses and building data marketplaces for easy exchange of data seeks to provide a level-playing field for all Indian actors. The goal of this article would be to show how the draft framework in its present form cannot achieve the aforementioned objective.
Access to Data Alone Does Not Ensure Competitive Success
Unlike the premise on which the draft framework is based, raw data alone cannot be valuable to an enterprise. It’s the development of algorithms – using AI and Machine Learning – that adds market value to the products sold, as well as innovation, attention to consumer needs, quality of service, etc., which distinguishes an enterprise. Data is non-rivalrous, ephemeral, inexhaustible and so, its accumulation alone cannot create a barrier to entry. For entrants in the market, possession of large amounts of data does not necessarily provide an unfair competitive advantage. Tinder as a start-up did not have access to any data during its inception yet it succeeded because of its underlying solutions. Now, if data sharing was mandated, Tinder, having tons of raw and processed data on human dating behaviour might lose its competitive advantage and end up only benefitting an enterprise with optimal resources to replicate the idea, hampering experimentation and innovation.
Further, only providing raw data won’t provide a level playing field to startups if resources facilitating their utilization (AI, ML) are not made available in the same way. The report talks about making available processed data at prices fixed by the market which again benefits enterprises having considerable influence on the market, leaving start-ups at a disadvantage. Moreover, if derived data was provided, no company would strive to be creative while implying data analytics to make useful inferences and provide actionable information to decision-makers.
A Case for Stunting Growth
The recommendations of the report will significantly impact start-ups as with the limited funding they have, they will have to cut short investments to create usable data bases and obtain user-consent. Collection, classification and anonymization of data is also a kind of value-addition for which time and effort is required which the committee fails to incentivise for. Consequently, a business might choose to remain small so that it does not cross the determined ‘data volume’ threshold or claim that their datasets don’t have necessary consents.
Overregulation and Increased Compliance Burdens
The report has failed to account the possibility of overlaps with competition and intellectual property sectoral regulations. Compiled databases as well as databases to which minimum level of creativity can be attached are already copyrighted in USA. Processed data in India because of its originality can attract IP protection. Additionally, the Competition Law Review Committee has established the jurisdiction of Competition Act, 2002 broad enough to include ‘data businesses’. The Committee falls short in explaining why data monopolies can’t be dealt in the present competition law regime and implies dominance itself as anti-competitive. Creating an entirely new authority will result in overregulation given the presence of Data Protection Authority and Competition Commission of India, stunting innovation and growth in several sectors due to limited investment by foreign and domestic actors given the compliance burdens.
Concerns in Sharing NPD
Though the committee has provided for “beneficial ownership/interest” for solving ownership concerns given data’s mobility, its constant value addition and simultaneous rights over data, the issue of who will be entitled to renumeration still remains into the grey. Until this issue is not settled, no business would want to enter the data marketplace. A pressing difficulty with data sharing is that once it is revealed in a marketplace for sale, potential buyer might no longer want to pay for the data because he already knows their information content giving rise to Arrow Information Paradox.
Moreover, since we are looking at private entities, there has to be a market principle on which they are asked to share their data for free. They cannot be asked to do so for furtherance of social benefits. Mandatory data sharing by businesses can lead them to eviscerate incentives to invest and experiment, defeating the very objective of competition law. Additionally, sharing of raw compiled NPD for free can disincentivise companies to collect and store this data in the first place resulting in the free-rider problem and consequently defeating the purpose of this draft framework. The committee has failed to considered the abovementioned issues in the report. Further, by giving the NPD Authority the power to mandate sharing if it considers the request to be genuine and for larger economic benefit ultimately takes away the right of companies to accept or reject a data sharing request recognized by the draft framework.
Suggestions
- EU’s Directive on free-flow of NPD brought for effective functioning of data processing has regarded free flow of data the backbone of a competitive economy, not made data sharing compulsory and removed data localization requirements. The present framework can strive to inculcate these features as India’s competitive law regime is heavily influenced by EU competition law practices.
- Creating a new regulator will require heavy investment from the government which can be avoided if the issues could be addressed incrementally in the present frameworks.
- Challenges and nuances of each sector should be analysed individually and all stakeholders be consulted because one size cannot fit all.
- Start-ups cannot be defined monolithically because all start-ups are not same considering their age, investment capacity, turnover etc., and hence, they should be considered separately.
- The adoption of an incentive-based approach like that adopted in Europe for standard essential patents can be useful in the Indian context.
- We could look at the proposed Data Act 2021 which will be designed to foster business-to-Government and business-to-business data sharing.
Conclusion
The report looks like a solution looking for problems and would generate less benefits than it suggests. No country yet has made data sharing mandatory except for security purposes because it would be against fair-market principles. If the data-sharing provisions are made purely voluntary and data exchange is incentivised, it might help fulfil the provision of its laudable premise. Practically speaking, India is not in a position to manage the NPD framework given that it has not yet enacted a Personal-Data Protection legislation, not been able to generate awareness for personal data and has a failing economy.
The report has been highly criticized and opposed by tech giants from United States who are calling it an anathema to the promotion of competition. Data-rich companies are not a threat to competition, but rather an important source of innovation, which policymakers should encourage, not limit. India, being one of the most over-regulated countries, needs to focus on encouraging start-ups by providing cost-benefit analyses of any new compliance burden. India has taken a step in the right direction but to be in the forefront of the data economy movement, a successful mechanism will need to be carefully worked out with the aim of harmonising social welfare and economic rights.