Author: Sri Lekha
The Kris Gopalkrishnan Committee, in July 2020, suggested a framework for regulation of Non-Personal Data (‘NPD’) vide its Report on Non-Personal Data Governance Framework (‘the Report’). The Report, inter alia, emphasized the belief that “shared Non-Personal Data may be useful for Indian entrepreneurs to develop new and innovative services and products”, thus, highlighting the need for regulating the same.
The Report outlined a definition for NPD as “Firstly, data that never related to an identified or identifiable natural…Secondly, data which were initially personal data, but were later made anonymous.”. It classified NPD into ‘Public’, ‘Private’ and ‘Community’ categories based on the sources of data. It proposed borrowing concepts like ‘data sensitivity’ and ‘consent’ from Personal Data Protection Bill, 2019. It suggested that individuals should provide consent for anonymisation and use of personal data and recommended that a sensitivity characteristic ranging from general to sensitive and critical from the perspective of de-anonymization of personal data, national security, etc., be attributed to NPD.
The Report laid down key roles in the NPD Ecosystem viz. Data Principal (subject of the data), Data Custodian (who undertakes to collect/store/process/use data), Data Trustee (through whom data rights can be exercised) and Data Trusts (which oversee storing/sharing data). Articulating a legal basis for ownership over NPD, the Report recommended adopting the notion of ‘beneficial ownership’. It suggested that while Public NPD be treated as national resource, rights over Community NPD should vest with the relevant community and rights over Private NPD, excluding data pertaining to a community, should vest with the relevant private entity.
The Report proposed creation of ‘Data Businesses’ comprising of organizations that meet a certain threshold of data collection/processal. These organizations are required to enable open access to meta-data about data being collected/stored/processed for listed purposes viz. sovereign, economic and core public interest. By looking at this meta-data, requests may be made by other individuals/organizations for detailed underlying data. The Report highlighted the need to establish appropriate data sharing mechanisms. It, inter alia, discussed a mechanism for tackling cases pertaining to refusal of data requests by Data Businesses wherein it suggested that a further request be made to NPD Authority, an authority proposed to be created with an enabling and enforcing role in the realm of NPD, which will evaluate the case from social/public/economic benefit perspective.
The NPD invited stakeholders views/comments/suggestions on the framework. The report can be access at https://ourgovdotin.files.wordpress.com/2020/07/kris-gopalakrishnan-committee-report-on-non-personal-data-governance-framework.pdf
Disclaimer: Views, opinions, interpretations are solely those of the author, not of the firm (ALG India Law Offices LLP) nor reflective thereof. Author submissions are not checked for plagiarism or any other aspect before being posted.
Copyright: ALG India Law Offices LLP.