MeitY seeks feedback on data bill from select few

The government has sought inputs from select stakeholders on its draft data protection Bill. The Ministry of Electronics and Information Technology (MeitY), in a letter sent last Friday, has sought clarifications on issues such as data localisation and ways to govern non-personal data, including anonymised, community and ecommerce data.

MeitY has sought inputs on the scope of the data authority and obligations for the data fiduciary. It also asked stakeholders for feedback on the “contours of a policy that should govern non-personal data” and whether there was a case to mandate free access to such data.

ET has reviewed a copy of the letter. The letter, seeking additional inputs, was sent to 10-15 stakeholders out of the 600 who had shared inputs earlier, a top MeitY official confirmed to ET.

The official, however, said the Bill would focus only on personal data of citizens and that MeitY was not looking to expand that to include non-personal data. MeitY is not holding “any fresh consultations” on the Data Protection Bill, the official pointed out. “The government had received a lot of feedback from various people and we have just reached out to 10-15 individuals from whom we wanted clarifications on their inputs,” the person said. No industry association or company has been contacted and only individual opinions have been sought, the official clarified. They have been given a week’s time to respond.

Some in the technology sector welcomed the fresh round of consultations, while others raised concerns about the process not being open to all. In an interministerial meeting called at the behest of the Prime Minister’s Office in July, the issue of why the Bill did not contain provisions for handling public data was raised.

The move comes at a time when the Department for Promotion of Industry and Internal Trade (DPIIT) is working on the ecommerce policy, which specifies restrictions on crossborder data flow and community data of ecommerce companies.

ET reported in June that the government was planning to finalise the ecommerce policy within one year. Sources close to the government said deliberations between MeitY and DPIIT were ongoing and no final decision has been taken on whether to hand over to MeitY the mandate of creating rules for data collected by ecommerce companies. There have been several calls to split the ecommerce policy into two — one business data policy and another ecommerce policy — with the latter looking specifically into issues such as counterfeiting and consumer protection when goods are sold online.

“LocalCircles had raised the need for a separate ecommerce and business data policy in February with DPIIT,” said Sachin Taparia, its founder. “It makes sense for MeitY to modify the Bill and include business data aspects there, however, it needs to apply to all sectors not just ecommerce.”

The latest letter from MeitY also seeks to know the “scope, powers and authority” of the proposed data regulator — Data Protection Authority (DPA) — and whether it should be expanded to include non-personal data.

An official from one of the associations that received the letter welcomed the government move to seek updates from stakeholders on holding of public data, although a considerable amount of time had elapsed since the last discussion.

“Even though our view on issues such as data localisation has not changed, the understanding about what the government wants and why they are insisting on it has changed, so this fresh round of discussions may help the government in forming a better point of view,” the person said.