INTA News
INTA Comments on India’s Data Accessibility and Use Policy
Published: April 20, 2022
Purnima Thacker Mulla & Mulla & Craigie Blunt & Caroe Mumbai, India Data Protection Committee
INTA has weighed in on personal data policy in India for the first time, submitted through comments to the Ministry of Electronics and Information Technology, on March 16, 2022.
The Government of India continues to take significant steps to formulating a data governance framework. Several pieces of legislation and policies are underway in India, including the Personal Data Protection Bill 2019 (PDP Bill). In December 2021, a joint parliamentary committee that reviewed the PDP Bill presented, but tabled its report before both Houses of the Indian Parliament. As a result, debate continues on the PDP Bill.
At the time of writing this article in early April, media reports suggested that the government is considering a new data governance policy framework following critical comments from stakeholders on its Draft India Data Accessibility & Use Policy 2022. Released in February by the Ministry of Electronics and Information Technology, the policy primarily concerned the management of non-personal data and proposed a data sharing mechanism that would permit the government to license and sell public data to the private sector.
According to INTA, a balanced data access policy is pertinent to brand owners both in India and globally to create a business-friendly environment, without compromising sound consumer data privacy principles. To this end, the Association submitted comments on the policy, highlighting aspects of concern and requesting the inclusion of specific actions to bolster protection of intellectual property (IP).
Key comments include:
Personally identifiable data. Access to accurate data is essential for timely enforcement actions. Oftentimes, critical data includes the personal data of both natural and juristic persons. Data not belonging to a natural person as well as data that identifies juristic persons, like entities conducting online businesses through registered domain names included in databases domain name database or other databases, is not personally identifiable data. This data must therefore be freely processed and published to protect consumers and assist rights holders and law enforcement agencies in legitimate commercial investigations. Expeditious access to such data should be granted when reasonably demonstrated that it is intended for enforcement actions.
Patently false or fictitious data is also not personally identifiable data. This data being freely processed and published will protect consumers and assist rights holders in legitimate investigatory and enforcement actions. A mechanism to instill verification and validation principles is important so data is both subjectively accurate to the data subject and objectively accurate to the rest of the world.
Licensing and sharing. The policy is intended to “harness public sector data for catalyzing large scale social transformation” and would make all non-personal data in possession of the government available for licensing and sharing unless it is categorized as non-shareable. INTA’s standpoint is that the power to prepare and implement such a policy should flow from legislation that governs data protection prior to passing a policy governing its licensing. Currently, no legislation sets any limitations on the kind of data that may be collected or which kinds of data cannot be converted into non-personal datasets. The introduction of the policy, in the absence of a legislation governing data protection, results in individuals/citizens being left without remedy in case of data misuse and thereby, violates privacy rights.
Personal data. The policy is not only applicable to all non-personal data,” but also “information created/generated/collected/archived by the Government of India directly or through authorized agencies by various Ministries/Departments/Organizations/Agencies and Autonomous bodies.” Potentially, this brings even personal data within its ambit, while the rest of the policy refers only to non-personal data. Effectively, the sharing of data, such as health data and data collected for issuance of Aadhar, the national identification numbers, and PAN, the tax account numbers, could be in the purview of the policy. INTA has highlighted the potential unintended consequences for the licensing and the processing of such data for business.
State government discretion. The policy gives state governments the discretion to adopt provisions “as applicable.” INTA noted that the potential for states to respond in varied manners leaves room for discrepancy as to the limitation of the power vested, while the restrictions in terms of sharing or acquiring non-personal data are not specifically identified.
Access to non-personal data. The policy allows “stakeholders including researchers, start-ups, enterprises, individuals and government departments” to access non-personal data available with the government. While such data may be used to promote innovation, it is imperative to have clear guidelines as to what is acceptable and unacceptable including ethical guidelines for such uses, according to INTA.
Close consideration to the aspects raised when drafting new data governance and privacy framework could facilitate trademark enforcement and brand owner compliance while achieving the balance for a robust consumer protection milieu.
Although every effort has been made to verify the accuracy of this article, readers are urged to check independently on matters of specific concern or interest.
© 2022 International Trademark Association
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
To find out more please see our Cookies Policy and Privacy Policy.
These cookies are used to identify a user’s browser as the visitor goes from page to page on the Site. These are session cookies, which means that the cookie is deleted when you leave the Site. It is an integral piece of the Site software and used to let the server know which users are on the Site at any given time and make certain parts of the Site easier to use.
|
|
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
These cookies are used to collect information about how visitors use our Site. The cookies collect information in anonymous form, including the numbers of visitors to the Site, where visitors have come to the Site from, the pages they visited and how they have interacted with tools on the Site like search and embedded media players. We use the information to compile statistical reports of our users’ browsing patterns so that we can improve the Site.
|
|
Please enable Functionality Cookies first so that we can save your preferences!
These cookies are used to deliver advertising relevant to the interests of visitors to our Site. They are persistent, which means they will remain on your device after you leave the Site.
- Facebook (Ad Pixel)
- Google (Ad Pixel)
- LinkedIn (Ad Pixel)
- Quattro Anonymous
Please enable Functionality Cookies first so that we can save your preferences!