In news
Electronics and Information Technology to study various issues relating to non-personal data had published a draft report for public consultation. This government committee is headed by Infosys co-founder Kris Gopalakrishnan.
What is non-personal data?
- Any set of data that does not contain personally identifiable information. This means that no individual or living person can be identified by looking at such data.
- For example, while order details collected by a food delivery service will have the name, age, gender, and other contact information of an individual, it will become non-personal data if the identifiers such as name and contact information are taken out.
Classification of Non-Personal Data
The government committee has classified non-personal data into three main categories
- Private non-personal data: Those which are produced by individuals which can be derived from application of proprietary software or knowledge.
- Public non-personal data: All the data collected by government and its agencies such as census, data collected by municipal corporations on the total tax receipts in a particular period or any information collected during execution of all publicly funded works.
- Community non-personal data: Any data identifiers about a set of people who have either the same geographic location, religion, job, or other common social interests will form the community non-personal data.
Key recommendations under the revised draft are:
- Definition of non-personal data: Under the first draft, non-personal data was defined as any data which is not personal data as defined under the Personal Data Protection Bill, 2019 (PDP Bill) or data without any personally identifiable information. The PDP Bill defines personal data to include data pertaining to characteristics, traits, or attributes of identity, which can be used to identify an individual. The revised draft retains this definition.
- The Committee recommended that the PDP Bill should be amended to remove provisions related to non-personal data so that there is no overlap between the two regulatory frameworks.
- The first draft had categorised non-personal data among:
(i) public: data collected or generated by government,
(ii) community: raw or factual data which is sourced from a community of natural persons,
(iii) private: data which is collected or generated by private entities through privately owned processes (derived insights or proprietary knowledge). In the revised draft, the Committee has removed this classification.
- High-value datasets: The first draft provided that the government may specify certain datasets as high-value datasets at a national level.
- The revised draft defines a high-value dataset as a dataset beneficial to the community at large and is shared as a public good, subject to certain guidelines. It will include datasets useful for:
- creation of new and high-quality jobs,
- creation of new businesses,
- socio-economic objectives such as financial inclusion,healthcare, and urban planning.
- A representative entity called data trustee may be appointed for creation, maintenance, and sharing of high-value datasets. The data trustee will request the data custodian (entity collecting, processing, and storing data) to provide the required data.
- The revised draft defines a high-value dataset as a dataset beneficial to the community at large and is shared as a public good, subject to certain guidelines. It will include datasets useful for:
- Sharing of non-personal data: As per the first draft, sharing of non-personal data could be mandated for defined purposes including:
- sovereign: national security, law enforcement, or regulatory purposes,
- public interest: community benefits, research and innovation, policy making for better delivery of public services,
- economic: to encourage competition or provide a level-playing field among for-profit entities.
- The revised draft only requires data sharing for public good purposes. It only mandates sharing of high-value datasets managed by data trustees. The Committee observed that data sharing for sovereign purposes, and for business purposes between for-profit entities, already exists and hence, has not made any recommendations on it.
Global standards on non-personal data
- In May 2019, the European Union came out with a regulation framework for the free flow of non-personal data in the European Union, in which it suggested that member states of the union would cooperate with each other when it came to data sharing.
- In several other countries across the world, there are no nationwide data protection laws, whether for personal or non-personal data.
Source: PRS & The Hindu
