We are please to bring you a guest post by Sahaja Burde, on the ongoing regulatory efforts surrounding ‘non-personal data’. Sahaja is a third-year student of ILS College, Pune. In this post, Sahaja examines the Personal Data Protection Bill’s provisions dealing with Non-Personal Data and their interplay with copyright and trade secret law in India.
India lacks a mechanism to govern this asset, and the Personal Data Protection Bill, 2019 (“the Bill”) is the country’s first attempt in filling the lacuna. Although the Bill has been appreciated for the recognition of rights of ‘data principals’, provisions for data localization, and strong obligations on ‘data fiduciaries’, it has received great criticism for the large carve-outs made for the government. Section 91 of the Bill is one such provision. It deals with government’s access to anonymized personal data and non-personal data in the hands of ‘data fiduciaries’.
This article approaches Section 91 of the Bill from an Intellectual Property Law perspective. It aims to determine the impact of the provision on trade secrets of data fiduciaries and in turn, on innovation.
In 1977, the then industry minister, George Fernandes, demanded the transfer of 60% of shares of the Coco-Cola Company to its Indian counterpart owing to the provisions of what was then the Foreign Exchange Regulation Act. Additionally, the minister also wanted the company to share its formula. Although the company agreed to the former condition, it denied to give away the formula which it claimed to be a trade secret. This led to the Coco-Cola Company’s exit from the Indian market and the introduction of a drink called ‘Super 77’. The Coca-Cola Company only returned to the market in late 1993. This is a classic example of a dispute over trade secrets between the government and a corporate entity.
- Non-personal Data
The setting up of the Kris Gopalakrishnan Committee (“Gopalakrishnan Committee”) is a result of the recognition of the economic value of non-personal data. While the Gopalakrishnan Committee deliberates on the issues pertaining to non-personal data, aiming to attain a balance between the intellectual property of the companies and better governance, the inclusion of Section 91 in the Bill may be regarded to be out of scope.
- Data as ‘Trade Secrets’
The absence of a trade secret law in India has led the judiciary to provide protection to trade secrets under the Copyright Act, 1957 (“Copyright Act”), on the principle of equity, and according to common law action of breach of confidence which in turn amounts to contractual breach. In the case of Zee Telefilms Ltd & Anr. v. Sundial Communications Pvt. Ltd., The court noted that the law of breach of confidence is a broader right than proprietary right of copyright. In the case of breach of confidence, the court views a matter on the lines of fairness. Unauthorized use of confidential information, providing a ‘springboard’ to the infringer, constitutes such breach.
- Statutory Protection
Companies and enterprises or data fiduciaries collect data and process them systematically to analyze consumer trends, profitability, and/or for other similar purposes. Such structured data sets or ‘databases’ are included in the definition of literary works and may be protected under the Copyright Act. In the case of Burlington Home Shopping Pvt. Ltd. v. Rajnish Chibber, the Delhi High Court observed that, in theory, copyright and trade secret law protect different elements of data compilation. While copyright protection extends to the particular expressive arrangement of data, trade secret protection extends to the underlying data. However, in fact, the protection under both laws often converge. The copyright protection to business data compilations, hence, extends to the underlying data most times. It is pertinent to note a subsequent judicial advancement in the copyright protection to databases. In the case of Eastern Book Company & Ors. v. D. B. Modak & Anr., the Supreme Court iterated that mere application of labor in compilation of pre-existing data will not regard it copyrightable. The existence of some ‘creativity’ in the compilation is an essential to seek protection of databases under the Copyright Act. Businesses add value to raw data by cleaning, transforming and organizing data into data sets, from which they derive insights. The processing of raw data is by way of technological inputs and technical skills. Anonymization, by its own definition under the Bill, is a process. Hence, even in the case of anonymized data, which is a subset of non-personal data for the purpose of this provision, requires input of proprietary algorithms. These inputs may sufficiently fulfill the requirement of ‘creativity’ in compilation of data. Section 91 of the Bill infringes this protection extended to trade secrets by the provisions of the Copyright Act.
Additionally, India is a signatory of the Agreement on Trade-Related Aspects of Intellectual Property Rights (“TRIPS Agreement”) and Article 39 of the TRIPS Agreement provides natural and legal persons with the right to non-disclosure of information that qualifies as a trade secret. Section 91 of the Bill is in contrast with Article 39 prima facie and violates the right guaranteed by it to companies i.e., legal persons.
The data that companies collect, analyze, and process rewards them with a competitive advantage over the others. Irrespective of the amount of originality in such compilation, it is protected from appropriation by others. Data forms a part of the entities’ trade secrets and the insights derived from it are protected under the intellectual property law. Compelling companies to provide such data to the government places future investment in developing such databases at risk. The National Association of Software and Service Companies, widely known as NASSCOM, while expressing concern over Section 91 of the Bill, states that possible apprehension regarding compulsory licensing or acquisition of data could restrain innovation. It recommends the removal of the provision or the addition of appropriate safeguards.
The collection and processing of data by companies facilitate better targeting of services and in turn, potentially increases profits. Companies already take the risk of divulging trade secrets when employees are hired by competitors. However, to mitigate such risk, the signing of non-disclosure agreements are recommended. Section 91, by putting trade secrets of companies in an ambiguous state of usefulness, leaves companies with less motivation to innovate when only to part with it. The Bill is currently deliberated on by the Joint Parliamentary Committee and in the case of it being passed as an Act, Section 91 may be reasonably anticipated to curb innovation. The provision oversteps the objectives of the Bill and, while doing so, also raises legal risks and stifles the companies’ incentive to innovate.