- The Expert Committee (Chairman: Shri Krish Gopalakrishnan) constituted by the Ministry of Electronics and Information Technology submitted its report in July 2020 to study various issues related to non-personal data.
- Any data which is not personal data of a person, such as name, place of birth, gender, email and other data is called non-personal data, such as purchased items. Based on these non- personal data, market trends can be tracked. Which can helpful in manufacturing . The committee was formed under the chairmanship of Infosys co-founder Khris Gopalakrishnan, keeping in mind the various other benefits, including the market trends of Indian companies. This committee gave its report for the use of data.
- The committee found that non-personal data should be regulated. And he gave his views on both aspects of data.
- Enables a data sharing framework to tap the economic, social and public value of such data,
- The use of such data also leads to many types of Problems or concerns.
Important recommendations of the committee: -
- Any data which is not personal data (data related to identity, characteristics, or characteristics that can be used to identify an individual known as personal data ) is classified as non-personal data.
- In terms of origins, non-personal data may be data that is never related to natural persons (such as data on weather or supply chains, or is a data related to individuals that cannot be identified).
Non-personal data can be further classified by committee:
- Public non-personal data: Public data collected or generated by the government during publicly funded operations is called public data. For example, anonymous data of land records or vehicle registrations may be considered public non-personal data.
- Community non-personal data: Factual data (without any processing) that is obtained from the community of natural persons. For example, datasets collected by municipalities or public electric utilities.
- Private non-personal data: data collected or generated by private entities through privately owned processes (derived insights, algorithms or Intellectual property).
Issues related to non-personal data:
The committee found that even after hiding the data principal, access to the data principal is ensured which damages personal data. Therefore, to ensure that there is no loss of any kind due to such processing, it is necessary to address privacy concerns arising from the possible re-identification of the data.
The committee considered some categories of data sensitive on the basis of risk:
- Non-personal data, which is derived from sensitive personal data (such as health, race or tribe), which may lead to identification of the individual
- Data that puts a group at risk of mass loss,
- Data related to national security or strategic interests.
Key words used in non-personal data governance frameworks
- Data Principal: -Data principal is the entity to which non-personal data belongs. This unit can be an individual, a community or a company.
- Data Custodian :- A data custodian collects, stores and processes data in a manner in the best interest of the data principal.
- Data trustees:- Data principals can exercise authority over their data through a representative institution, called a data trustee. For example, the Ministry of Health would be the trustee for citizens' health data. Trustees can recommend transparency and reporting obligations to the regulator for data patrons to follow. The committee recommended setting up of 'data business' as a new category of business in the country.
- Data businesses- Units (including government agencies) that collect, process or store data beyond a range (as a collector) (designated by data) will be classified as data businesses.
Non-personal data Authority:-
- This regulatory authority will be established to create a framework for the governance of non-personal data. It will include experts in areas such as data governance and technology. The authority will be responsible for preparing guidelines regarding data sharing and risks associated with non-personal data.
Non-Personal Data Sharing Conditions:
- Any institution can request to data-sharing for (i) sovereign purpose (eg national security or legal requirements) (ii) public interest objective (policy making or better delivery of services), or (iii) economic purpose (for a playing field or a monetary consideration To provide for).
- In addition, all entities will have open access to meta-data of data collected by data businesses (including the government). Meta-data provides information about other data. The committee said that this would promote innovation in the country. For example, automobile companies may collect data about roads through sensors. Meta-data provided by such companies can be used by startups to identify it with traffic data to identify safe routes for citizens.
Concerns arising out of the report of the committee: -
- The relationship between Data Principal, Data Custodian and Data Trustee has not been clarified.
- The community has been made a data principal on public issues (eg ecological issues), so how will the community exercise its rights as a data principal. And how will the community relate to the data trustees.
- As the internet has global reach, how will the legal responsibility of the data trustees be determined.
- The power, function and structure of the data trustee is unclear
- India is a country having lack of law for personal data, in such a situation, to what extent is the creation of a committee for non-personal data justified?
- The recommendations given by the committee on the use of non-personal data are important but related concerns also need to be kept in mind. It is necessary that the Personal Data Bill be enacted. So that if personal data is lost due to non-personal use, then the person's data and his privacy can be protected.