n a debate with far-reaching repercussions on who can create value from and monetise the data of Indian citizens, a committee formed under the IT Ministry has called for data regulation that would require sharing of data that is anonymised, or “non-personal”, to help Indian companies and governments.
Regulation of Non Personal Data
The committee is chaired by Infosys co-founder Kris Gopalakrishnan and includes industry, government and academic experts. The committee recommended that the proposed Non-Personal Data Governance Framework becomes the basis of a new legislation for regulating non-personal data, since the regulations proposed for non-personal data can be enforced effectively and at a national scale only if they are incorporated as part of a new national law.
Non-personal data refers to information that cannot identify a person, but have details on weather conditions, and data from sensors installed on industrial machines, and public infrastructure. It also includes data which was initially personal, but were later made anonymous, according to the draft definition.
The draft has defined non-personal data, concept of community data and rights and privileges over such data and has recommended mechanisms for data sharing while defining its purpose-sovereign, core public interest, and economic purposes. Data which are aggregated and to which certain data transformation techniques are applied, to the extent that individual specific events are no longer identifiable, can be qualified as anonymous data.
The draft defines a data business and articulates requirements for its registration and data disclosure and recommends a non-personal data authority and articulates its two roles–enabling and enforcing. An enabling role will ensure that data is shared for sovereign, social welfare, economic welfare and regulatory and competition purposes, leading to innovation, economic growth and social well-being. An enforcing role will ensure all stakeholders follow the rules and regulations laid, provide data appropriately when legitimate data requests are made.The draft also provided technology related guidelines for digitally implementing the recommended rules and regulations around data sharing. The development comes after the ministry of electronics and information technology (MeitY) framed a draft personal data protection bill. The draft bill had introduced a provision empowering the government to ask a company to provide anonymized personal data, as well as other non-personal data, for formulation of policies.