As the pandemic continues to rage globally, its far reaching effects have influenced the contours of almost all sectors. The realms of technology, media and telecom (TMT) are no different. Even before the black swan event of COVID-19 disrupted the world at large, there was an already a brimming pipeline of policies that were set to shape the future of this sector. While the jury is out on the cogency of these measures, we, at Khaitan & Co have attempted to give readers a glimpse into what the next fiscal year in India might herald for the TMT sector. Our views are based on trends and developments and we caveat that our "predictions" may not necessarily come true. But we hope it serves as something to mull over for corporates in this planning their India play in the coming year.
I. PERSONAL DATA PROTECTION BILL
What to look forward to
The Joint Parliamentary Committee is expected to present its report on the Personal Data Protection Bill 2019 ("PDP Bill") before the Indian Parliament. This may kickstart the process of where the Parliament passes the PDP Bill which is largely modelled around the EU General Data Protection Regulation (GDPR). This is expected to be a pathbreaking development for India, which has thus far lacked a dedicated data protection framework. The PDP Bill includes aspects relating to rights of individuals (termed as data principals), aspects of cross border data flow, grievance redressal, setting up of a dedicated data protection authority, etc.
What we expect
There has already been considerable debate on the data localisation obligations under the PDP Bill and debate on the same is only likely to further intensify. More importantly, it will be interesting to see if the PDP Bill is modified to clarify the spheres of individual sectoral regulators relating to data privacy and protection.
II. HEALTH DATA MANAGEMENT POLICY
A draft of the Health Data Management Policy was released for comments from stakeholders in August 2020
What we expect
Provisions of this Policy seem to borrow heavily from the PDP Bill. Such a step leaves room for debate as to whether this policy attempts to implement aspects of the PDP Bill that should have passed the muster of Parliamentary deliberation. Accordingly, it will be interesting to see how the Policy develops, given the amount of overlap in subject matter with the PDP Bill
III. NON-PERSONAL DATA FRAMEWORK
In addition to developments in the domain of personal data, the Government is also mulling over a dedicated regulatory framework for non-personal data ("NPD").
What it includes
According to a report issued by the Government, NPD has been defined to include all data except personal data. It is expected that this regime will exist in parallel with the personal data protection framework. According to the Government, NPD creates significant economic value in addition to public and social value.
The object of this regime is to inter alia enable sharing of such data to drive innovation and create new products and services. NPD may also be requested for national security, legal purposes, etc.
It is envisaged that there will be a dedicated supervisory authority that will oversee implementation of this framework. Other stakeholders in the ecosystem will comprise of 'data businesses' (i.e. businesses that collect, process, store or otherwise manage NPD) and 'communities' (i.e. persons to whom the NPD pertains).
A second round of the report may be released. It will be interesting to see the extent to which this regime overlaps with other data related frameworks being contemplated by the Government and the obligations that it will cast on stakeholders.
The content of this document do not necessarily reflect the views/position of Khaitan & Co but remain solely those of the author(s). For any further queries or follow up please contact Khaitan & Co at firstname.lastname@example.org