 Hello all, welcome to today's discussion on non-personal data and community, mostly questions around public data and community data and also questions around privacy and all encompassing non-personal data, non-personal data framework. So, my name is Shweta and I work at the Center for Internet and Society. Just a few things before, so we are ending the session around 6.55, so we'll try to keep it to the point and the discussions to the point. Also for questions for the participants, you can use the question and answer tab and put the question there, maybe at the end of the session we might take like 10 minutes to just see what the questions are and ask the panelists to answer them. And just at the request of the panelists that you all can self-introduce yourself because just to keep the time really shut, so you can start. Thank you so much, Shweta, can you hear me? Yes, I can. Thank you so much and hello everyone. I think we all are seeing each other. My name is Shruti Jain. I'm a researcher at the Internet Democracy Project and I've looked at a couple of these frameworks in the last one year since they have been incepted. And today I'll be mostly talking about community data and mostly from the embodied perspectives. Hi everyone, I'm Shrikant. I run a collective called Cashless Consumer which looks at digital payments. So today I'll be focusing on the community related aspects more from a consumption as well as a production standpoint on producing and consuming non-personal data. We have fun, right? I'm anywhere other than a public interest technologist, also part of a community called Fadundramari Alan Computing which is working in the last 20 years on language computing domain. We do quite a lot of work with the area of data sets related to language, which may be relevant to the community data framework we are discussing. Anyway, we will come into that question when the time is right. And we have Prasanna. Hello all, this is Prasanna. I'm a litigating lawyer based out of Delhi. I'm an advocate on record of the Supreme Court. And I also am founder of the trustee Article 21 trust which works, looks at the issues at the intersection of digital rights and welfare. Thank you everyone. And I think it's also this whole discussion around community data is very pertinent, because Hasgeek is also a community and it's also very important to know what the government or what the legislators think about community data or data from community. I think the first question I have is around, so I think the term community data I think started when the PDP built the Personal Data Protection Bill 2018 version came out and talk about community data but didn't specify what. And there's also a discussion about what can be included in the community data. Is it about certify the group of people or is it just a larger group of people. So does the NPD framework, does it give a clarity on what the community data is of what community rights are. I just, I'm asking Prasanna. Yeah, if the question is whether the NPD report makes it clear as to what community data is the answer has to be in the negative, but, but I am not so sure that if the framework itself was to make it clear what community data is. In fact, the framework, I would still take the first report framework as as if the starting point. I'd say in fact at the first report, at least made, I thought an honest attempt to say that he merely because somebody collects the data, they don't get to be the owners of the data, I think that was an important step forward. Right, so since I mean since I mean it's been taken as a default that nearly because a company or an entity collects the data they get almost all the rights like owners like like a copyright in that particular data that they've collected or collated or combined. So that that to take I mean to depart from that default proposition to say that no merely because that's not the case it is still all regulatable field it's the wilderness that I mean it's it's just that you all enjoyed so much, because it's been the wilderness over but the state has to come in has to regulate it and look at other interests as well in that data including community. So that I think was an important breakthrough in the in in the report number one. In fact that I didn't share the pessimism that a lot of us did share about the report one as to whether it was. I mean it was trying to aspire for too much too soon and all of that, but, but the second report is significantly gone back on that. Right, it has the in terms of the framework it has gone back it has in fact cited copyright act to or I mean that that particular provision was made in 92 when data as a business was not even in contemplation. At that time, yes, I mean if you had compiled the data. So you, you pretty much got the copyright over that and there is no reason absolutely for the NPD framework to retain that. In fact to retain that and hard wire it in the law to say that merely because you collect or you collate or you compile that you get ownership rights over the data that certainly hurts community interests it certainly hurts sort of state interest national interest at whatever level that we want to define. So that's where I come from in this case, yes, if the question is if the NPD makes it clear as to what community data is what individual data is and what private data is it certainly does not but I don't, I'm not sure if that is what they set out to answer. So, I think, I think I miss, I also wanted to ask about community rights so that I think you can help with that in terms of does it make it clear what the rights, the community has not only what what happens to the data, but also what rights they have in terms of the course. I think like how Prasanna said, and lasted very well for us that the report fails to like clarify what does community data even mean to begin with to have a framework in place that which we can criticize or even think about further. Like the earlier draft, we did we can earnest attempt or I mean mean to say that you know where they set things like just relaying through what Prasanna just said because that's the reality of the story that there was an attempt where they said that you know people who actually the data, the bodies from home the data emulates they also have certain rights over that data and they need to be enabled to have a control over that data and they need to be. They should have autonomy over that data it wasn't said in these terms but this is, this is what the intent seemed to be, however, it did not translate into even the framework that was proposed then. Because even then, what was and even now what what we see is that there's a lack of attention to power relations and it is very evident in the way the committee or the report proposes to ensure participation of communities. For example, they say that you know the data that is related to people they should be enable the data trustees will exercise data rights on behalf of the community. So, but are these trustees how will they be put into place there is hardly any discussion on that the committee fails to discuss that in detail. How would those people be purpose how will those people be put into place, if really the idea is to enable people to have an autonomy over the rights of their data, over their data and over the community data. These things need to be clearly defined and even thought about it, do we even is the answer lie in having a community data to what extent can we build data on the, can we build communities on the basis of data because the way these things can discuss currently, it's very big to people who have similar sort of data would be put together in a community but do they even belong to the same community for what purpose is this community being created for. Even if we were to delineate all of those things, have you really thought about when we create a community and we create trustees or say custodians of that community. Again, creating relationships of subordination and and relationships of power. So how would that power really trickle down and how to not enable that how to actually facilitate people to exercise their rights. So those are the few things which I, I fear to see in either of the two drafts and that's very concerned, like that's very disconcerting in fact. I think we'll go back, we'll come into the question around data trustees and we have a longer discussion on that. What is someone who works at the community, like, how much is he must be looking at it more like, okay, what can I learn from here what what what do I need to do towards the community with regard to the framework so what do you think. The first thing I wanted to say is the problem with the framing and the definition itself. The, if you look at the even the way communities defined in various laws and policies in India, there are at least two examples here. There are the Raj extension to scheduled ideas, which have a clear sense of community and the governance over the resources, which includes livelihood and socioeconomic and everything. Similarly, the Forest Rights Act also have a sense of community and governance and go over livelihood and the resources. And while we stable coming coming directly to data, this is all defined totally in an economic context alone, just like the PDP bill. So, the problem here is coming is it economic context or alone or how is the governance is governance of this is addressed is a critical question. And in the similar the definition of community in the even the even on the V2 draft, it's a very problematic definition if you and the third sense of community is basically it's not a legal definition but how internet functions is primarily communities, which are connected together on similar interest basis. So, the other two may be the local basis but, but the, the age, how the one of the things I can clearly see on the draft at this point is that user agency as well as the trust of the trust of each other is totally changed into something like this community is something like the CSR approach to community. The CSR companies can create their CSR foundation in the same way they can create their own definition of community by pulling the pulling some people together. Locally relevant participatory decision making community which is relevant to the context. So, this is where I think we need to actually look at the definition of community itself and coming back to the second part, which is basically the community data part. So, the right to organize is not limited to the, we are talking about this is in a context of very legal framework in India. In India, you know that it's very difficult to do a legal organization always, if you look at internet, if you look at online communities, most of them are not legal trust or formation for anything. If you look at free and open source project, they are not legal project office. Even if you look at the KV COVID-19 data sets and the collaborations building on top of it, maybe COVID-19, COVID-19, the mobility, COVID-19 related radius data sets. It's basically communities coming together, maybe during a disaster or maybe during an important need using technology. And they may be addressing that, but the automatically what happens is when we moving into very legal framework of trust society and maybe section eight companies, it's basically taking away the rights of people from the process and making it as a corporate instrument. Thank you. I think I just move along the same conversation around community and public good comes to the idea of public good. So I think something that I'm the AI reports also and I think economic, economic survey chapter spoke about data as a public good data for the people by the people and off the people. So I think I'll ask, I'll start with anyone first and then continue with the idea of a public good and community data and then we'll also ask you can't instruct me. I think we already have a public good approach to data in existing for at least for last 10, 15 years, which is basically if you look at wiki data or open street map or Wikipedia, it's basically people creating data sets, it's maybe content data sets or the or a map data set or a similar kind of and various open licensing like even open data license is there, which by okay from which actively used in open street map and various other projects. If you, for example, we are maintaining dictionaries as open data, we have a project called random which have almost all the published books in Indian language Malayalam from the first print history to tonight at least 1995 onwards on which library which book have so that so this is basically by people licensing that assets under a free license. So that's basically that's where user agency is an important component. And basically the licenses protected from ensuring it as a public good. But while we are changing that. This is this is one of the problem with the V1 report primarily because copyright versus this conflict was there. But right now they even though they are trying to address it, the agency part is still not at us and the communities are formed by trust. But that trust is not a legal instrument alone. It's for example, 10 years a community like Sondra Malayalam computing or maybe similar communities in various Indian languages existed as just online colleagues. So here we are doing an organizing based upon a value, it can be high value data set or an economic value, which is not the way community functions. Public good is they mostly many of the ways communities organize and the governance structure also which may be local level in some cases which may be which may not be nationally relevant. If one project to one in a developer, even we can see one developer initiated projects, which may be handling a lot of data but organized as free software or and even data sets are released under open data licenses. And I can tell you an example of maybe additional dictionary created by a Karnataka scholar right now available as a free data set, I think I forgot its name. Yeah, so it's developed over the years, and people contribute to the same data sets. There are various examples of this, and how it is happening but at the same time, all this recognize existing practices are totally failed to recognize in the framework. And also we can also see too much centralization interest around this, which is also happening in many along with the pandemic and the way we are becoming digital. So, there is the distributed nature of data as well as organizing is totally need to be studied by the committee and I think the personal and non personal data categorization does not apply as many of the times because that there is always a extension of community to data in many cases, which may not be, which is sometimes personal, which is sometimes community identity wise for identities part of the status. So, even if you look at the forest data, the forest dollars data, you can see those rights are recognized in Forest Rights Act. But while moving to data, this is mostly just like we see on PDP bill it's a dehumanized approach to data and data set as mostly as a technology terminology. So, I think you will have some mercy around and also I think it adds again to the question of hierarchy and data so about and also question around data as a public good so what do you explain about what you feel about the whole entity and how the whole public data for public good non personal data for public. So, as I never very well put the approach from where it starts that you know what, when we start looking at data as public good and non personal data specifically as public good the way the committee perceives it, it perceives data in the first place as binaries like personal and non personal data has been perceived as binary, and that is the first assumption where we start seeing the problem. And the way I look at data the way we at Internet democracy project look at data that is embodied and that data that is emulated out of individuals is an extension of our bodies. And there may be some data that that is that is aggregated or is appropriated and which is not related to individuals, but that needs that line needs to be defined differently but the way this report does it is a problem in itself and that that and second so that is the first point. The second point of it is that the way the report looks at it is that once individuals that produce data or that data is anonymized that data becomes automatically anonymized. And that means, like, you know, we sort of our interest like, you know, they're you like, you know, we can so we can draw parallels to human like you know how humans in economic processes are looked at as human resources. And like, you know, when you look at humans as human resources you reduce their value to mere economic value, or like you know an economic number, and they brought an instrumental worth which is social good or public interest is actually looked over, because all that is left is that infrastructure that economic value. And it also, again, like how you said that it also again leads to establishment of a structure of subordination because those who will accumulate this data again the way you know the high value data that creators like Prasanna in beginning said that you know those people who will be because there is no value like the way they see data that data on its own has no value. Individuals who are contributing to that data have no value so people who will actually be accumulating data processing data, only they are like able to accrue value out of that data, and then they would again be like you know by, by the way this committee has drafted the report, those people again would be in power to delineate terms on how this data should be disbursed shared or valued and people who actually are contributing or bodies that actually have autonomy of that data will fail to have any voice. So this entire, this entire way of processing things and you know under these categories is a problem because the assumptions with which we start with which the committee has started drafting is other key issues here. And she can just add just also along with a public good questions also around do you have any experiences from working with the community and the difficulty that you find with the non personal data. And also because of the cashless community and so one question definitely is the public good but also second is with regard to the community. Okay, so first let me get to the community and data generation so as a community we generate data, both organically and organically so through RTIs. Now RTI is a crucial instrument of data that's already available with the regulator, which is getting shared because of the transparency law. Now what we see with the technology regulation, the regulation of digital economy is the government clearly wanting to step aside from even having the statutory regulator. So, at least when you have a statutory regulator you want that regulator is bound by transparency laws to actually expose data and what we are also not seeing in this report on NPD conversation itself is the previous reference to the NDCAP policy. Now what happened to the whole open data where the data is actually out there publicly for everyone, including individuals so you don't need to necessarily belong to a community that's registered under section eight and so on. So what we see here is a since the regulation around technology and digital economy is moving into some kind of a self regulation mode, where these data trustees would act as a pseudo regulators for the benefit of the industry. And since they are not bound by transparency laws, you need some way out to get some data just probably why you need this NPD recently because you no longer have the transparency law between private entities which are organized based on the industry. That's because you fail to regulate the industry in the first place. So that's the self regulation model seems to be kind of prioritized and NPD is seen as some kind of saving grace for the state itself because now the state has lesser and lesser control because the state does not even have the statutory regulator. Around these industries and this is not just technology this could probably be tomorrow mining it would be shipping whatever industry because as we move towards an economy which has minimum government and the definition of minimum government seems to be getting smaller and smaller. We have gone to a point where regulators are saying that we are having too much work. Why don't you regulate yourself to self regulatory operations. So this will kind of weaken the state in the long run itself or not just communities the state as such an NPD will leave the state. I mean, it's obvious that we leave the communities at the mercy of these industries will also leave the state kind of lot weaker. So now that's on the NPD framing on to the public good concept. The notion of public good beats really harder look people have kind of repeatedly pointed out something that generates value economic value as public good. Whereas what they've also done is also a privacy harming data centralization platforms as a public good and they justify that by saying by using the economist definition of public good which is like non excludable non rival. But that kind of discounts the negative externalities of the entire infrastructure. Say for example, the costs of these infrastructure. They say include digital exclusion loss of privacy cybersecurity risks are all placed not on by the people who generate this data but what by on a different set of people. And these are some of the examples of social harms of digital public goods and social harms with public goods can perfectly coexist and in fact digital public goods will be blind to social harms. So it's why the word public good might seem like a very nice, nice something nice with the years, but we need to actually consider what it is more holistically and then say, like if public good can coexist with social harm so peacefully, is it really good for us. You mutate better. So the question I think going back to the question on privacy, sorry some privacy transparency, I want to talk to us personally about how the end non personal data framework speaks about IP rights, and does it give companies away to hide their data or not share the data, but through IP protection. Certainly, yes, certainly in the V2 of the report. I did see I mean V1 and V2 I don't see it as a seamless transition at all. As I said V1 specifically took a view that it is by not it is either public or community data doesn't belong to you. It is an exception that if it belongs to the individual or the company or the entity that is collecting, collating or compiling the data. V2 has gone back to the position of the copyright act, where it has effectively said once you collected, collated or compiled the data, you have you pretty much on the rights, because they've decided the provision of the copy copyright act to say that. And to say there are exceptions that we create. Those will be limited exceptions. I mean, in fact, the tone of the V2 report for me reminded that it was a significant backtracking. Perhaps at the instance of a lot of the criticism that was received by the V1 report to say that we are only now trying to tinker in the markets. That's it. There's a different question whether they are really only tinkering in the markets, or whether the, or whether this tinkering in the margins is going to be enough, right, because there is, because there was also a body of opinion that I mean that that somebody came about saying that NPD looking at data as a business and how do we regulate that, including, you know, having provisions for specific delineation of individual rights community rights as well as national rights. So, so, I mean that's that's an important step forward. How do you marry the NPD framework with the IP framework I think NPD framework will kind of, it will need to be one of the basket of measures right much like you do have several regulators. The multiplicity of regulators I think even in Haskeek survey has come out as one of the top concerns, but multiplicity of regulators are something that we are going to wish away anytime soon and that's that's true of any sector. And there's no reason why data as a business source businesses that specifically look at data as business have to be excluded from this compliance but Yes, so I think that's another question about does does the does the framework give prominence to businesses over communities in terms of IP at least. Yes, it appears from the certainly the second question of the report my reading of that is that yes. So that there is there's certainly there's a significant in sort of, I mean, so bend over backwards to try and accommodate market interests, and perhaps even sort of make the community interest second, which was not the case with the first question, but at least to my reading. Thank you. I just go back to anyone at the same question I asked she can't about what is like as a member of a community or someone who runs a community do you think what are the measures or what do you think NPD data changes in terms of how the community is. And you have to take any steps, because of this framework. I just want to add just one point to what I said, before answering this question so one is this the copyright issue is still very active, even after the NPD to report, because one of the things NPD that committee of expert failed to understand on the first report is old. There is, there is both structured and unstructured data, and even even on structured data content is there is no specific difference between content and the so called data engineer handling data sets. Even if you look at schema.org or any any kind of well defined structures around even various types of content or various type of data sets, all of them are data. So, and what the committee fails to understand that the other thing at this point is the standards of organizing that this is work. This is work. What is mentioned about the open national open standards. National policy on open standards is coming. So 2012 policy, which is basically an effort of force movements as well as various people working on the public good part of technology maybe public good part of technology as well as data, put up in last decade. Let's look at this stand look from 2010 2010 we had all another movement called open government. Open government data is basically government opening up its data to people. But while we are talking about NPD in 2020 or 2021. We are talking about people and business opening data to government, as well as for sharing. So this is totally opposite of what we, the kind of openness we had in 2010. And the, the, the XVD definition does not actually bring anything new it's basically makes it arbitrary to define for a authority or someone or, and possibly it will end up it as a business investor data sets. So actually there is no community in this process and this is why I am calling this as CSR approach to community. So we have and while we are mentioning about CSR up your community we also see how the CSR spendings are happening in this country, which may not be always beneficial to community we have seen even CSR amount pooled together to build new projects by the same set of companies you through company pooling the efforts we have seen it on Act Grants, specifically Act Grants during the COVID times to collect money from industry together to build another rails or industry to pool more I think another question my next question is around privacy and non personal personal data. I think why I look at the work of a like what the ultimate goal of having all these data sets of data market to data collated is to maybe to run do analysis around AI systems on it. So, I think the harm also comes when not just the non personal data but also personal data and sense to personal data is mixed with non personal data and then the results are great. So I'll start with tripti first do you think these concerns are there are the So is the concern also around the adding of data and data sets. So, before I jump into this question I just want to say something in like what the sun now said in earlier remark. It's not I just don't feel that it is just this report which aims to realize the economic interest of non personal data but I think this has been the concern. I mean I in my submission from internet democracy project did highlight extensively that why across the report, the last one and this one that they has like they, the committee experts do members do highlight that you know there's a social and economic value to data but at the same time, at every instance what they aim to do and translate into action is only enabling economic interest, and only realizing the economic value of data, and from whose perspective, like if you look at like we need to ask economic interest is being solved. And what are these policies being made for if it is really to enable public good at large, then like you know who are involved in this process to begin with I think the conversation starts back there. And that is why across the report it is just, you know, these are two various symbols and two various categorizations it becomes more apparent. Moving on to the, the binary discussion that this committee sort of resorts to which is how to distinguish between personal and non personal data and this and you know the the safeguards that are again provided in the, in the report in the version one and two. Firstly, the line of separation between personal and non personal data is often blurred, which this committee feels to see like it says that you know once there is, they are no identifiable factors related to the human or the data becomes automatically non personal. And again, even I consider even that as a high bar but what they actually do in the report is, once the data is anonymized it automatically becomes bereft of an individual's ability to harm an individual just suddenly automatically vanishes or gets invisibilized which the committee aims like you know looks at it in that manner, which is a very big problem. There are scholars like Rives David and Jackson Steven and you know who have written extensively in raw data as an oxymoron that data that is generated by human activities can truly be never non personal because it is always contextualized for example just like images that are captured by a photographer, which are always framed, they are selected out of an experience in which this photographer stands points and shoots. Similarly to needs to be understood as framed and framing of the data to needs to be understood. And according to that the uses to which it is put and can be put needs to be put into place. And even if you were to believe that you know their categories in personal and non personal data in which it can be segregated is very difficult to a certain in which category the data for example, like currently it is framed as the way it is looked at in data protection systems is between data controllers and data subjects and the there's a legal vacuum that already exists there because how a person who aims to control their data or control other people's data, the way they would look at that would be very different from how we would look at the data and if you if we go back to scholars like Shoshana Zuboff's interpretation of surveillance capitalism the reason why it exists in the first places because I give my data to say a Facebook or a user gives their data to to any entity in order to enable a service and that's how they see they are giving their data but the way that data is appropriated and then assessed and then contextualize it, the meaning changes altogether. So there is no discussion about all of that and there is no discussion about collective harms and they are no clear trans like you know clear transparency about what would automated decisions take place how they would take place the right to have a meaningful economic input. There's no discussion about how sanctions would be enforced, like you know, how audits would take place there is no discussion about all of these things in the report and that that is the major problem. Yes, looking at data separately like they have the personal data protection bill is coming and then this whole new framework is coming plus we have different sectoral data regulations like the healthcare data, financial data so it's very difficult to have all these different categories of data which confuses people even more and then this is also in the community so again as we can't again about how is it easy to segregate non-person data in a community for example like in a big like while having a community definitely there would be at least names of people or email or there's something that does define people so how would you as a community think about what would be exactly the non-person data and how we'll keep it completely separate from the personal data. Okay so just before I answer that just some privacy on personal non-personal data I just had a point to add the annexure in the V2 report actually mentions eminent domain passed by reference and it says that it's probably not correct or fair to consider it as eminent domain but then it goes on to quote genetic data and stuff as something that states should kind of have some sort of say as state kind of ensuring that community rights which kind of places individual rights slightly below the community rights so I mean it's okay to it kind of gives it to a point where it's okay to kind of give away on the individual right to privacy if there is a community rights perspective that is problematic and if we kind of put in place the DNA regulation bill that's out there for decades now in place together that's quite scary on privacy part because then the state could actually use community rights and including itself to extract more data which kind of harms privacy. So that's one and the other the other thing is basically even though the de-anonymization again we'll leave this to the technical discussion on how perfect it is possible to de-anonymize that's a technical debate but then even if hypothetically assuming that de-anonymization is perfectly foolproof it still has a large chilling effect on communities as a whole so why when this community, when this de-anonymized data sets get shared and published and then that kind of generates let's say viewpoints, insights, decisions in various algorithmic systems that is still going to impact people of that in subset of community as a whole so that's so the privacy harm may not be an individual to the individual but to the entire community as a whole or a smaller section of the community as a whole and this is where like separating out the personal data from this entire personal identifier and here again we are still going back to the definition older, old school definition of say communities which supposedly necessarily say has a bunch of people having names and real people whereas we've kind of gone to the era where we are having virtual communities, we are having virtual communities of pseudonymous people and these are all real for like years now and these people also do have let's say community rights but then that doesn't mean that like any sort of personal data is embedded on them. Shweta you are muted again. And about the privacy as also about community data and personal and non-personal data. Sorry. Sorry, Anivar can you also again the same question I asked you can answer about privacy and also about community personal and non-personal data. One of the interesting examples coming to my mind is we were developing a morphological analyzer and one of the major points in which it lacked the accuracy was identifying the name right entities. The name and identity recognition it need quite a lot of names, place names, maybe family names. So, will it be personal data and the NLP product we are developing whatever data basically we are releasing this as open like open license data sets actually. So, so the categorization of non personal data basically what it does is it prevents the development itself. For example, the maybe the accuracy of systems which may do the NLP systems, maybe affected when the name and identity or other parts are basically removed from it. But at the same time it is public good, improving the accuracy is public good. So, this conflict already exists. And second, one of the points Sregan mentioned is the online virtual community part. And there is another interesting part is, we also have the democratic communities including the grams of us. One of the projects we did was mapping a village, mapping a whole village for the purpose of the disaster rehabilitation exercise. So, here, a gram of us writes to do something with strong data may need a society formation or a trust formation or a sectionate company formation. In this case, even if they are doing the work right so you are they are handling their own. So this is an online communities and online communities, organize based upon their self interest, which is a norm. These are existing practices and good practices, including the global communities building its own code of conduct and building their own social contracts and operating based upon that. So, but at the same time, the when we play some more for send IT in a country like India which is very communalize which is very maybe racial and all those kind of thing. So, strengthens existing inequalities in one way. If it is not strengthening the democratic institutions as well as the virtual organizing possibilities. So, the problem is here the centralized authority and centralized mode of managing data need to be more thought out before defining the community as some CSR trust kind of. There are language community. There are similar community initiatives building the in various segments. So, those needs. At least I study what are the community practices on data existing at this moment and try to build it to the framework instead of building it from the bureaucratic organizational legal instrument building kind of view. We're almost towards the end service quickly rushing so I had any audience questions I can't. I just have us our common short common short response to both to be an uneven. So what is first thing. So what I never mentioned something in this in the previous round I want to emphasize that in fact that is also something that we think is an opportunity lost in the personal data protection. Discourse that we've had that is to make sure the state becomes an exemplar right so where the state is the model data controller. And similarly when we want to look at, I mean the entities being regulated by this under the NPT regime. We also want the state to put itself to that standard because particularly when we're looking at public good. The data with the state is overwhelmingly I mean more valuable in terms of public good value than a lot of the data that is with the private entities. So it's certainly true that I mean the state the state must put itself to be the model entity. If there are data sharing practices etc the state must be subject to it and it must be a model. And number two the second point was the one that we made about this binary of personal data versus not personal data is. I mean that binary itself is, I mean it's fuzzy and it's the report fails to note that, and that is true. And particularly we'll see once we have the final version of the data, the personal data protection will perhaps it will, I mean those concerns will probably be heightened by that because we know that the 2019 version of it certainly is trying to define personal data in its own sort of big terms and we also see all of the rights under the personal data framework are going to be litigated upon. I'm not so sure that for us to be able to advocate, you know, not to have that distinction clear enough, whether it will, it will help us assert our rights under the personal data framework, better or not because as it is it's it's already there a lot of the rights, data protection rights need to be litigated, and whether it's going to complicate things if that definition is not clear enough, even if they don't get it correct. So it's clear and consistent that's something that we must be looking for. Just thank you so much I was just going through the questions we don't have any questions I haven't received questions on YouTube and we have around four minutes, so I can give each one of you are admitted to say what are the. So what do you think is the next step or next hurdle that the NPD framework will have to go through in terms of implementation. Let's start with you just continue from there. So, yes, so what's the next implementation issue that might come up come through the NPD framework. Well, I don't know if they have enough buying as yet. Certainly not among the civil society certainly not among the industry bodies from as far as I can say so I don't know how far the implementation will go. But, but it, there is absolutely no question that the time for such an NPD regulation has come. It came yesterday, right. status score we be I mean whenever we are evaluating an NPD framework we have to also evaluate it against whether the continuance of the status score whether it is sustainable. I have my doubts over it. I respect you how the framework is certainly I mean we would certainly be want to see sort of it kind of moving forward. In terms of, I don't know how implement, like, I don't even know where, how can they even start implementing this framework, the way they envision they have envisioned it so far, because I see a lot of gaps. Even in terms of structure. So I think the first in terms of hurdles, the first hurdle would be actually really needing this structure properly because they have left a lot of loose definitions so to tie all of them up in order to actually implement this framework as is that needs to be done first, but I think there are more questions which are fundamental which need to be resolved first before we even we begin to imagine the implementation of this framework. And I think all of us should make that noise and even write enough or whatever do advocacy enough around that that you know that we are heard that some of these fundamental focal points are even brought to notice and brought to attention and even like you know the state begins begins to ponder over them before implementing them. So that that would be my. So I would refer to the, the illustrative implementation that's mentioned in the report which seems to be like a very tech heavy implementation. In fact, they suggest something like a policy markup language where the rules will be kind of baked into code, and they want to gain have a digital kind of system which basically enables all these data transfers between the cities and the data and then MPD gets shared and then separately I value data since it's kind of this entire technology architecture or tech heavy architecture of this in itself is something to look out for what this also makes us is I was mentioning that this seems like a CSR kind of standardized nonprofit friendly. What this tech heavy makes it, it's even more complex is that your non tech CSR still be disadvantaged so it's going to be again, really high tech enabled. I mean, if that illustrative implementation design is to anything to go by that kind of poses an implementation challenge of its own. And I mean as Prasanna said that in itself could actually act as a model in PD so will the MPD implementation kind of follow the guidelines proposed by itself put up data, put up generate put up its own data as in PD and so on. And will it stand the test of privacy and can we kind of see who is accessing what and what frequency and so on that the kind of this is a meta implementation issue as well. I think there is not much happening on MPD actually so what it actually do is maybe allow people to do some tests around what is maybe building rails around it, which anyway industry or venture funds may explore at a But at the same time as a concept framework I think it is not going to fly at this time for a wider adoption.