In the digital age, data governance has emerged as a critical issue for nations worldwide. India, with its burgeoning startup ecosystem and rapid technological advancements, is no exception. The government’s focus on national security and development has led to the formulation of a draft framework for governing non-personal data. Their recent efforts are crucial for safeguarding national interests and fostering trust in the digital landscape, a task that often requires the expertise of a business lawyer to navigate the complex legalities involved.

However, as the business lawyers and legal experts at Thinking Legal point out, this framework raises significant concerns that must be addressed to ensure it serves the nation’s interests without compromising individual rights. And that’s where, as addressed by many business lawyers, the ongoing debate surrounding the draft framework for governing non-personal data in India takes centre stage.

National Security and Development: The Government’s Stance

As some of the top business lawyers in India note, the Indian government’s efforts to establish a robust data governance framework underscore its commitment to national security and economic development. Initiatives like the Personal Data Protection Bill and the draft Non-Personal Data Governance Framework reflect a concerted effort to harness data for national growth while safeguarding against threats. These measures aim to create a secure environment for startups to scale up safely and contribute to the nation’s progress.

Concerns and Considerations

One of the articles of Thinking Legal, led by business lawyer Vaneesa Agrawal, delves into potential concerns with the draft NPD framework. The article raises valid points that warrant careful consideration before finalizing the framework.

One of the key concerns, as stated by Thinking Legal, a business law firm, revolves around the proposed level of government control over data collection, storage, and usage. While national security considerations are undeniably important, overly stringent regulations could stifle innovation and hinder the growth of data-driven businesses. The article by Thinking Legal emphasises the need for a framework that fosters responsible data governance while allowing businesses the flexibility to leverage non-personal data for legitimate purposes, such as market research, product development, and economic growth; exactly something the government is working towards.

Recommendations for India’s Data Governance Framework

Several developed nations offer valuable insights on ways to navigate the complexities of data governance. The European Union’s General Data Protection Regulation (GDPR) is widely considered a benchmark, as agreed by most business lawyers, for data privacy protection. However, the business lawyers also note that the GDPR primarily focuses on personal data, while India’s NPD framework ventures into the realm of anonymised and aggregated data.

Here are some of the potential best practices that can be considered.

• The framework should clearly define what constitutes NPD and distinguish it from personal data. This will provide businesses with a clear understanding of their obligations.
• Instead of a one-size-fits-all approach, the framework could adopt a risk-based approach, maybe even backed by AI, tailoring regulations based on the sensitivity of the data and the potential risks associated with its collection and usage
• To minimise the risk of re-identification of individuals from non-personal data sets, the framework should encourage businesses to adopt robust anonymisation and de-identification techniques.
• Businesses should be obligated to be transparent about their data collection practices and accountable for the responsible use of NPD. This fosters trust within the ecosystem and empowers individuals to make informed choices.

The recent Understanding of India’s New Data Protection Law by the Carnegie Endowment for International Peace provides an in-depth analysis of the DPDP Act, 2023, which can serve as a guide for all practices.

Business lawyers, like Vaneesa Agrawal, founder of Thinking Legal, state that Companies must carefully interpret these definitions, ensuring that they align with the legal standards, to ensure legal effectiveness of these techniques, and that they meet regulatory requirements, and craft transparent policies that uphold accountability.

As India navigates the complex terrain of data governance, the insights from Thinking Legal, other business lawyers around the nation, and the examination of international models offer valuable guidance. A thoughtful, inclusive approach to data governance can bolster national security and development while protecting the fundamental rights of its citizens.