Naavi.org today maintains the website of www.naavi.org in which current news and events related to the field of Cyber Law is regularly discussed. Naavi.org also provides a platform for publishing video content for FDPPI and also has recently opened the You Tube channel.
The recently notified Digital Media Ethics code defines a digital publisher and suggests certain compliance measures related to digital publishing activities which are relevant to Naavi.org
For the purpose of the rules
‘publisher’ means a publisher of news and current affairs content or a publisher of online curated content;
‘news and current affairs content’ includes newly received or noteworthy content, including analysis, especially about recent events primarily of socio-political, economic or cultural nature, made available over the internet or computer networks, and any digital media shall be news and current affairs content where the context, substance, purpose, import and meaning of such information is in the nature of news and current affairs content
‘digital media’ means digitized content that can be transmitted over the internet or computer networks and includes content received, stored, transmitted, edited or processed by… a publisher of news and current affairs content or a publisher of online curated content;
‘online curated content’ means any curated catalogue of audio-visual content, other than news and current affairs content, which is owned by, licensed to or contracted to be transmitted by a publisher of online curated content, and made available on demand, including but not limited through subscription, over the internet or computer networks, and includes films, audio visual programmes, documentaries, television programmes, serials, podcasts and other such content;
Part III of the guidelines published on February 25, 2021 is applicable for publishers of news and current affairs content; and publishers of online curated content.
The compliance requirements include the following
(a) establish a grievance redressal mechanism and shall appoint a Grievance Officer based in India, who shall be responsible for the redressal of grievances received by him;
(b) display the contact details related to its grievance redressal mechanism and the name and contact details of its Grievance Officer at an appropriate place on its website or interface, as the case may be;
(c) ensure that the Grievance Officer takes a decision on every grievance received by it within fifteen days, and communicate the same to the complainant within the specified time:
(d) be a member of a self-regulating body as referred to in rule 12 and abide by its terms and conditions
There is a possibility that unless exempted, we do fall within the definition of the Digital publisher in the rules.
Yesterday, there was an interaction with the Joint Secretary of MIB, Mr Vikram Sahay and discussed the need for supporting Micro digital publishers and small enterprises and the possibility of organizing a Self regulatory body of publishers (SRB) at Level II of which the digital publishers are to be members.
Naavi.org is taking further steps to remain in compliance of this requirement by registering as a Digital media publisher and thereafter catalyzing the setting up of a SRB-Level II to cater to the requirements of Micro and Small digital publishers.
The Karnataka High Court yesterday issued an order restraining the UP Police from taking any coercive action against Mr Manish Maheshwari, Managing Director of Twitter Communications India Private Limited (TCIPL). (The order copy has still not been posted on the Court website. A report is available here)
The order is issued against the notice issued by the UP Police under Section 41A of the CrPC.
The section 41A states as follows:
41A. Notice of appearance before police officer.– (1)The police officer shall, in all cases where the arrest of a person is not required under the provisions of sub-section (1) of section 41, issue a notice directing the person against whom a reasonable complaint has been made, or credible information has been received, or a reasonable suspicion exists that he has committed a cognizable offence, to appear before him or at such other place as may be specified in the notice. (2) Where such a notice is issued to any person, it shall be the duty of that person to comply with the terms of the notice. (3) Where such person complies and continues to comply with the notice, he shall not be arrested in respect of the offence referred to in the notice unless, for reasons to be recorded, the police officer is of the opinion that he ought to be arrested. (4) Where such person, at any time, fails to comply with the terms of the notice or is unwilling to identify himself, the police officer may, subject to such orders as may have been passed by a competent Court in this behalf, arrest him for the offence mentioned in the notice.
Mr Manish Maheshwari had been issued a summons to appear before the UP police regarding investigations of the Gaziabad fake video case. He had requested for Virtual attendance which was not agreed to by the Police.
The “Coercive” action which is speculated here indicates that Mr Manish has the intention of not appearing for filing his statement in the manner in which the Police is authorized to take and therefore he is challenging them to arrest him.
Manish is contending that he is called a Managing Director but is only a revenue head and not responsible for uploading of content. Hence he is expected to deny any statement of value being given to the Police.
He is being represented by Advocate C V Nagesh and the case has been posted for further hearing on June 29.
It appears that a small incident of whether Manish has to give his statement in person in a Police Station in UP or through the video conferencing has been escalated to a petition in a High Court. It could have been solved by the UP police agreeing to either take the statement on the video and there after issuing an arrest warrant if required. Alternatively they could have also travelled to Bangalore and taken a statement in Bangalore with the assistance of the local police.
Court could have also ordered that the statement could be taken at the Police Station but a video recording of the statement be submitted to the Court later so that there would not be an interference in the duties of the Police.
The notice under Section 41A of CrPC is not an imminent arrest warrant and there was an option for Mr Manish Maheshwari to apply for an “Anticipatory Bail”. However, one additional step in litigation involving the time of the High Court has been introduced by first taking this restraining order and then if UP police issues an arrest warrant, hide and apply for a bail.
This is a game played by most resourceful criminals to use the judicial system to drag the trial. If Mr Manish wants, he may even abscond and leave the country like Nirav Modi et.al.
In the pleadings, the petitioner has indicated that Supreme Court had earlier agreed for recording of the Virtual statement and is now claiming it as a matter of “Right”. If the Karnataka High Court agrees to this contention, then every witness will be able to claim as a matter of right that the statement with the Police under Section 160 of CrPC has to be taken virtually.
It would be interesting to see if this incident is taken to the extent of creating such a precedent.
As far as Twitter is concerned, it is at war with India and all these cases are only instruments of war. Hence they will use all tricks to bleed India by thousand cuts by exploiting every small loophole in the procedures which are meant for a different context other than a war situation.
It is necessary for the UP Police to impress upon the Court that they had invited Mr Manish Maheshwari as a witness in a cognizable offence. He is holding the designation of a “Managing Director” and under the Indian Companies Act, there are duties and responsibilities cast on a Managing Director. By definition of the “Managing Director” he is a person entrusted with substantial powers and is capable of representing the company in all business and legal requirements.
Hence invoking Section 41A appears to be misplaced.
Even if Twitter Communications India Private Limited (TCIPL) is responsible for revenue and Twitter Inc, USA is managing the uploading, TCIPL earning revenue in India with the uploading of the postings in the micro blogging website will be the “Principal” appointing Twitter Inc as its “Agent” for technical services of uploading.
Hence the Managing Director of such a company should be liable for the actions arising out of the content. Under Section 85 of ITA 2000, if the offence is attributable to a Company, the person in charge of the business including the Managing Director “Shall be guilty”.
Twitter has assumed the role of a “Publisher” and is a “Publisher” because it is a “Blogging Site”. It also executes editorial content of approving membership of account holders, verifying their identity, deciding whether a content is “manipulated” or not and even takes its own coercive action to block a user from expressing himself on the platform even if he is the sitting president of the United States of America.
If tomorrow the Karnataka High Court passes an order against Twitter, there will be a series of criticisms on Twitter from “Verified Accounts” and this same Court will have to worry about “Contempt of Court”. (Eg: Kolkata High Court Judge hearing the Mamata Banerjee election case facing a social media trial).
A Company which has held the sitting, elected US President in contempt because it wanted to politically support his opponents and is taking a similar stand in India to oppose the elected Government and supporting the political opponents, is not an “Independent Media” requiring protection of the Indian democratic principles. They have to be treated as a political entity trying to bring about a regime change in the country.
I wish the Courts will shed their attitude to cater to the sentiments of populism and take a stand within the legal confines to protect the integrity of the sovereign nation. If the Managing Director of a subsidiary of a US Commercial entity can refuse to abide by the rules framed under an Act passed 21 years back and say its company rules are binding on it and they consider it above the Indian legal requirements, then it is mocking at the Indian sovereign powers.
In case Twitter tomorrow refuses to accept the order of the Karnataka High Court that its corporate policies donot recognize the laws of India, the Judges who support Twitter today under the false contention of “Freedom of Speech” will have to eat their own words.
No doubt there is a large section of press who would hail such judgements as “Upholding the democratic principles” etc and the Judges will get their photographs on all news papers. But the responsibility of a judge is towards protecting the Country and if in the process unpopular decisions have to be taken, they need to have the conviction for National good to take such decisions.
Advocates who play around technicalities to save murders and terrorists escape punishments should not be allowed to dictate the Judgements that will in the long run erode the authority of the Indian Government.
Let us therefore wait and watch whether Karnataka High Court will pursue the headline “Court protects Twitter” or “Court protects Indian sovereignty”.
In the current case, it is a speculation that Mr Manish will be arrested and based on the speculation and not a fact. If the Court agrees to the petitioner’s contention that UP Police should be restrained then they will be acting on speculation. In many anticipatory bail cases, Courts refuse to grant anticipatory bail if there is no reasonable apprehension of arrest such as a FIR. Similar restraint is warranted in this case also.
We all know that the Courts themselves are struggling to conduct virtual hearings which are fair and legal. It is therefore difficult to presume that the UP Police will be able to have a fair virtual interaction with a potential witness without ensuring that his battery of lawyers will be hiding behind him when he is recording his statements.
If the Karnataka High Court wants to provide the privilege to Mr Manish to claim Virtual Statement as a matter of right, they will have to provide the guarantee that the statement will be provided without coercion and lawyer’s guidance. Perhaps they will have to consider that the statement will be recorded in the presence of the High Court judge in his chambers without the presence of the lawyers.
Any other order will be creating an unwanted precedence which the Court will regret.
It is necessary for the High Court to also consider live web broadcast of the continuation of hearing on June 29. Will they consider?
On different occasions we have discussed the implication of “Data” as a property class. The early discussions on “Data” as a property in legal circles was around the property of “Domain Name”. It was one of the first “Pure Virtual Property” which had no physical equivalent. It had a visual presence in the form of a “Website” but was created as an identity for reaching a particular digital destination. In technical terms, a domain name was a “Pointer”, a set of instructions associated with a standard protocol which a computer application like a “Browser” was programmed to recognize as an “Instruction to search and connect to a remote server and fetch the default page to the user’s browser”.
The property of a domain name being a standard reference to a set of electronic documents stored on a web server with a gateway page and further hyper links created a value perception on the key characters which we called as “Domain Name”. In view of the similarity with the previously known property of “Trade Mark” which was a “Symbol” which was associated with a product of service, domain names were often compared with trademarks.
However there was a significant difference between domain names and trademarks in the sense that the “Trademarks” were created entirely by the owner while “Domain Names” are “Proposed by a owner and registered through a domain name registrar licensed by ICANN which itself is a self regulatory body constituted by a set of stake holders”. The creator of a domain name could create a trade mark or copyright on the unique mark but using it as a domain name required the setting up of domain name servers in a given form which was at the sole control of a registrar. The Registrar could reject the request for creating a domain name or allow creation of multiple domain names in different TLDs or create confusingly similar domain names which diluted the “Value”.
Courts across the globe have often been confronted with the dilemma of considering the nature of domain name as a property.
Obviously, Domain name is not a tangible property. It is “Intangible” but it is a “Special Intangible” property. It is created like an “Actionable Claim” against the domain name registrar. It can be transferred. But going by the dispute resolution mechanism, (UDRP) the “Saleability” of the domain name restricted with the need to “Act in Good faith”. Otherwise the registration can be classified as “Cyber Squatting” and could be cancelled. It is therefore necessary for the owner of a domain name to first of all have some kind of an interest in the domain name and then use it in good faith.
For example, “Naavi” is a set of ascii characters (actually an arrangement of binaries in a particular order as the computer sees it) and Na.Vijayashankar claims a good faith right to use it as his identity on the web space. Partly this is further corroborated because in the native language of Kannada, the abbreviation of the initials Na.Vi. reads as Naavi. Hence there is a “prima facie right for Na.Vijayashankar” to use the domain name “Naavi” as a brand name with any extension “Org” or others. In a way the IPR is a justification for the right to a domain name. However there are many other instances where there may be no such genuine reason for some body to appropriate a domain name and a person can register any name as long as he can build a brand personality around this. The various domain name dispute cases (Refer www.lookalikes.in for some examples)
The net impact of these established principles is that “Domain Name is a property which can be owned by a person and transferred for consideration with some restrictions”. It can have a “Cost of acquisition” which is different from “Perceived Market Value”.
This concept would be relevant when we discuss “Data Valuation” as well as “Data Inheritance” which are two concepts which we are discussing in depth as part of the introduction of the Personal Data Protection Act (PDPB 2019) in India and preparing for the “Non Personal Data Governance Act” (NPDGA) which is in the pipe line and provides for monetization of Non Personal Data through a “Data Exchange”.
“Data” is defined as a “an arrangement of binary values which when interpreted through appropriate devices and applications create a human experience of a text, sound, image etc. In the coming days we will have devices that can convert the binary values into smell and touch also so that all five sensory perceptions of humans namely sight, hearing, taste, smell and touch can be created in the minds through transmission of appropriate signals to the human brain.
In law, Information Technology Act 2000 defines “Data” and this is further divided into “Personal Data” and “Non Personal Data” by virtue of other laws like the PDPB 2019 or NPDGA (proposed). At each of these stages, Data carries a perception in the minds of the human beholder and hence Naavi’s Theory of Data created a hypothesis that “Data is created by technology but perceived by human beings”. (Refer to various articles here)
In practice however, legal uncertainties remain and we are confronted with a challenge when we raise the questions
a) Can we bring the value of data in to the financial statements of a corporate entity?
b) Can a legal heir inherit the “Data Property” on the death of the data principal (data subject)
Naavi has initiated a academic debate on both these topics and different expert committees of FDPPI are exploring the issues to arrive at a professional view.
The end result of these academic exploration would be a suggestion to the Government of India to consider a suitable supplementary legislation which should extend the meaning of data both in ITA 2000 and in PDPA of India and lead to the development of an acceptable “global accounting standards for Data value” and an acceptable “Data Inheritance law” in India as part of the Digital Assets Succession Act.
Hopefully by that time we would have forgotten the political distinctions of Hindu Succession Act, Muslim Succession Act, Christian Succession Act, Parsi Succession Act , Jain Succession Act, Buddhist Succession Act etc and converge on a single Digital Asset succession Act.
This “Digital Valuation and Succession Act” will include
1) Defining Data as a new class of asset and not necessarily to be compared with the known asset classes such as movable, immovable, actionable claims etc.
2) Defining a method of valuation of Data
3) Defining the a means of disclosure of data value in an organization to the public
4) Defining the ownership rights and means of transfer
5) Possibility of “Nomination” of Data
6) Possibility of “Joint ownership of data” (eg: Either or survivor or Former or Survivor of data held with data processors like Twitter or Facebook)
7) An established methodology for recognizing handling of data of deceased data principals, without automatic deletion or automatic appropriation by the data fiduciary
8) An established methodology for the legal heirs of a deceased to “Claim” data assets in the hands of intermediaries.
9) An established methodology for the Government to appropriate “Unclaimed Data Assets” after classifying them as “Unclaimed” through a process similar to branding a data asset as “Dormant” and “Inoperative”.
10) Establishment of a “Uniform Data Disputes Resolution Policy” (UDDRP) to be adopted voluntarily by Data Fiduciaries on the lines of UDRP/INDRP to facilitate data disputes resolution through an ADR process.
and Any other aspect relevant to data valuation, data value disclosure.
Such a law should be compatible with the current data related laws such as Information Technology Act 2000, Personal Data Protection Act (as proposed), Non Personal Data Governance Act (As envisaged) and any other laws likely to be considered in the meantime.
FDPPI has been described as the “Dada of Data Protection Agencies in India” and therefore has the responsibility to take constructive steps in finding a solution to these problems of the industry.
In this direction FDPPI is constituting a special committee to draft a bill on “Data Valuation and Succession Act”, deliberate on the issue in consultation with other academic institutions such as law colleges and professional bodies who may be interested.
A proposal is also being sent to the Government of India if it would be interested in setting up such a committee in which case FDPPI may withdraw its committee.
A data breach of mega proportions involving 700 GB of corporate data has been reported in respect of a Computer storage Chip maker ADATA, a Taiwanese company. The company was subject to a ransomware attack and probably because the company refused to pay the ransom, the hackers have released the data in the darkweb. It is claimed that the hacker has stolen 1.5 TB of data which could be business sensitive information. A small part of the information could be personal information.
We reiterate that the society should do everything to discourage such criminal activities including dis engaging the monetary activities of the Dark Web by a global ban on Crypto Currencies like Bitcoin.
Additionally we must recognize that when authorities impose fines for data breach, they should consider that if an organization is a victim of an attack by criminals, the penalties should be moderated unless there has been a gross negligence in implementing basic security. We need to encourage companies to stand up to the black mail of these criminals and not put additional pressures on the companies by imposing a debilitating fines. Ideally in such cases the penalties may cover the compensation of the losses suffered by the individuals in terms of privacy and cost of security insurance that they may have to take up on account of data leak if any and the administrative penalty for failure of security should be kept minimal.
For example in the ADATA case the company by taking an ethical stand not to pay ransom has already suffered substantial damage to its finances and there is no point in beating it down further by administrative fines.
A third factor we would like to highlight is that any competitor who takes advantage of this data theft by downloading the data from the dark web must be punished as being involved in “Enrichment through a Crime”.
By the measures of banning the Crypto Currency and punishing those who would like to use stolen data for their business advantage, the society would grossly reduce the adverse impact of a data leak of this nature.
On June 21, 2021, EDPB adopted the final version of the recommendations on supplementary measures following the earlier recommendations of November 2020 after the Schrems II ruling of the EUCJ.
The final version of the Recommendations includes several changes to address comments and feedback received during the public consultation and places a special focus on the practices of a third country’s public authorities.
One of the modification suggested is
-the emphasis on the importance of examining the practices of third country public authorities in the exporters’ legal assessment
-to determine whether the legislation and/or practices of the third country impinge – in practice – on the effectiveness of the Art. 46 GDPR transfer tool;
-the possibility that the exporter considers in its assessment the practical experience of the importer, among other elements and with certain caveats; and the clarification that the legislation of the third country of destination allowing its authorities to access the data transferred, even without the importer’s intervention, may also impinge on the effectiveness of the transfer tool.
This means that the Data Exporter has the responsibility to appraise himself about the laws of the destination country and not depend entirely on the existence of a written contract. Some due diligence is required to be exercised.
It was in this context that FDPPI came out with a note on the “Surveillance laws” in India to assist the Data Importers in India who had to keep their vendors informed about the laws in India.
India is a sovereign country and therefore does not submit to arbitrary contractual obligations that prevent a Data Importer to challenge the local Government when a need for surveillance arises under due process of law.
Controllers should verify the transfer tool relied upon
Assess if there is anything in the law of the destination country that impinges on the effectiveness of the safeguards
Identify and adopt supplementary measures that are necessary
Take such formal procedural steps as may be required under Article 46
Re-evaluate at appropriate intervals the level of protection afforded to the transfer
It may be recalled that Article 46 of GDPR provides that the appropriate safeguards in the absence of “Adequacy” the following measures are available for transfer
(a) a legally binding and enforceable instrument between public authorities or bodies;
(b) binding corporate rules in accordance with Article 47;
(c) standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93(2);
(d) standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2);
(e) an approved code of conduct pursuant to Article 40 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights; or
(f) an approved certification mechanism pursuant to Article 42 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights.
We must also remember that apart from Adequacy under Article 45(3) and safeguards under Article 46, there are derogations available for specific situations under Article 49 which include the following measures which allows transfers to third countries.
(a) the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
(b) the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request;
(c) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;
(d) the transfer is necessary for important reasons of public interest;
(e) the transfer is necessary for the establishment, exercise or defence of legal claims;
(f) the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent;
(g) the transfer is made from a register which according to Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case
In addition to the above measures, the Controller has the right to mitigate the risk by using pseudonymization at his end which is a fundamental suggestion under Article 32.
In view of the above it is suggested that all Data Importers suggest that the Data Exporters adopt the suggested alternate measures and not insist on the signing of contracts which are un enforceable at the end of the Data Importer.
We will be happy to provide any further clarification required under this provision as required.
Data was called “Oil” because it was recognized as having immense value to the business. There are organizations where data is a by product and there are also organizations where data is the finished product.
Whenever a ransomware attacker demands a ransom of Rs 10 lakhs or Rs 100 crores, he has a perception of a value for the data. Most often the companies agree to pay the extortion amount which vindicates the value placed on the data by the attackers. Some companies may look at the “Opportunity Cost” of not agreeing to pay the extortion after which the attackers may release the data in the dark web. Some attackers actually auction the data in the dark web or sell it at a fixed price and there are people who are willing to buy.
According to international studies value of data in the dark web may vary if it is a simple name and e-mail data vs sensitive data like finance data or health data. If a data set is current with verified information and contains data such as credit card information with CVV, the value of each set of data could be substantial .
In the recent case of NCLT declaring Net4India as “Insolvent”, it was obvious that the judges had not recognized the value of data in the possession of the company before declaring it “Insolvent”.
Even companies who ought to know the value of data because they earn their income by processing data, often find that they are unable to take adequate security measures because the CISO or DPO is unable to convince the CFO that a certain investment is required to build compliance competency.
One of the solutions that Naavi has been demanding for a long time is that Accountants should find a way of bringing the value of data in to the balance sheet of the Company. In case the judges at NCLT had seen a Net4India balance sheet with a Data asset value of say Rs 100 crores, they would have perhaps not issued an insolvency order at all.
The accounting community today has a method for valuing Trademark, Copyright or Patent normally on the bases of “Net Present Value” of the benefits that an asset may provide over a period of next 5-10 years. Accountants value Fixed Assets with a “Depreciation” which is a reflection of the period for which an asset remains productive.
Some times, assets are valued on the basis of cost of acquisition, cost of production, market value and such other means.
Most of such valuations are not accurate. They are based on assumptions and often understate the asset value as in the case of Public Sector enterprises sitting on large tracts of land or over state the value as in the case of high tech product companies whose products have a short life time but costs may get spread out over a longer period. We see an investment company faces a sharp fall in their assets when the monsoon is delayed or a favourite political party loses an election and none of the accountants can explain why the P/E ratio of one company is only 4 or 5 where as another company have 10 times the P/E ratio.
Despite these uncertainties in valuation, accountants still have agreed upon a valuation system, tax authorities accept certain valuation principles, Merger and Acquisition specialists strike billion dollar deals based on their valuation of tangible and intangible assets and the show goes on.
Many times the value of assets as we find in a balance sheet is on a “Going Concern” basis and the moment the organization is recognized as “Sick” the value of assets plummet.
It is therefore strange that when we speak of “Value of Data” being shown in the books of account, some accountants think it is a bizarre thought and refuse to be drawn even into a discussion.
FDPPI (Foundation of Data Protection Professionals in India) has taken the first significant step in trying to convince accountants and corporate managers by including a standard and supporting implementation specifications in the “PDPSI” framework (Personal Data Protection Standard of India framework for assessment of compliance of data protection regulations in an enterprise).
The implementation specification no 6 of the PDPSI framework states
6. Data Valuation and Accounting
The organization shall adopt a policy of assigning a financial value to the inventory of data and provide visibility to the data asset in the books of account.
The implementation specification further suggests
The value of data may be brought into the books based on a scientific valuation method or on a provisional basis and reported as a special reserve or as a Contra entry (both an asset and liability separately)
The Visibility of the valuation of data as an asset shall be extended to both personal and non-personal data.
Many managements may wonder why a PDPSI audit has to comment on the data valuation policy of the Company.
But the most important reason why the “Bringing the Data Value” into the books of account is to provide “Visibility” to the asset which needs to be protected and harnessed. If Data at some value is visible in the Manager’s dash board on a continuous basis, then it is more likely that the decision makers in the company will realize that they need to do some thing about it. What is not visible is likely to be de-prioritized. When the Company knows that it had a data of Rs 100 cores last quarter and it has jumped to Rs 200 crores this quarter, they will certainly ask a question to the DPO about the implications of the change in the data value.
Some accountants quickly jump and say this will enable fraudulent overvaluation of assets and therefore risky.
But what we are suggesting to start with, is that while all of us try to find an acceptable method of valuation, let the data value be represented as a “Contra Value” where it does not increase either the assets or liabilities nor even create a “Special Reserve” as we do in the case of valuation of intangible assets such as “Goodwill” or “Trade Mark”. There is no case for accountants to refuse this suggestion so that all advantages of “Visibility” is realized without the risk of inappropriate reporting of profits.
After agreeing to bring a notional value of the data into the books of accounts, we can continue to fine tune the valuation by adopting a combination of
a) Cost based valuation
b) Market value based valuation
c) Computation of Net present value of future revenue generation
d) Accounting appreciation and depreciation based on logical factors
etc.
FDPPI has started a dialogue with the industry and has also set up an internal working group to take this concept to other industry associations.
We welcome Chartered Accountants, Chartered Valuers, Cost Accountants and other professionals to join hands with FDPPI to develop an acceptable system of valuation so that India can lead the world in this respect.
It is however realized that the solution to this problem does not lie in extending the valuation methods presently used by the industry because Data is an Asset Class which is unlike the movable or immovable assets or the actionable claims. It can neither be classified clearly with other known types of asset classifications like “Tangible” and “Intangible assets” .
I draw the attention of some of the thoughts the undersigned has already expressed through these columns such as the “Theory of Data” where we discussed the “Additive Value Hypothesis” of data.
We also enclose a distinct note on the topic which is available here. I request professionals to go through these papers and start contributing their thoughts. We would like students to debate this in their respective institutions and come up with innovative thoughts.
But it is essential to realize that the valuation methodology of data has to be led by “Data Professionals” and FDPPI therefore takes the lead to develop a proper guidance in this regard which we can take to other forums.
FDPPI has created an internal working group in this regard and would soon be working on an industry level working group across the industry to ensure that there will be a larger participation of professionals.
