Govt invites suggestions on non-personal data framework by July 19

It has further outlined the need for defining a new category or taxonomy of business called data business
The government has invited inputs on the "Draft Non-Personal Data Governance Framework" by July 19. The committee to study issues under non personal data was set up last year in September under the chairmanship of Infosys co-founder Kris Gopalakrishnan.

The committee has made a case for regulating non-personal data, defining it under three main categories- public non-personal data, community non-personal data and private non-personal data.

It has further outlined the need for defining a new category or taxonomy of business called data business.

"Data Business is a horizontal classification and not an independent industry sector," the report says. "Many existing businesses in various sectors, collecting data beyond a threshold level, will get categorized as a data business. It is important for such Data Business to register once they reach a certain data related threshold. This will be applicable to not only commercial organizations, but also Governments and other non-government organizations that collect, process or otherwise manage data," it added.

Below the threshold, a Data Business registration may be voluntary, and this would be a one-time activity without the necessity to obtain a license to be a Data Business.

Supporting the need to have regulations for non-personal data, the committee has said, among other things, in the draft report that India can create a modern framework for creation of economic value from use of data, generate economic benefits for citizens and communities in India and unlock the immense potential for social / public / economic value data.

The committee has also defined a new concept of "sensitivity of non-personal data", as even non-personal data could be sensitive from point of view of national security or strategic interests, being  business sensitive or confidential information, and anonymised data bearing the risk of re-identification.

"The Committee recommends that Non-Personal Data inherits the sensitivity characteristic of the underlying Personal Data from which the Non-Personal Data is derived. The Committee recommends that the data principal should also provide consent for anonymisation and usage of this anonymized data while providing consent for collection and usage of his/her personal data," it says.

It has further called for having a legal basis for "articulating rights over non-personal data".

The Committee has further recommended a separate regulator called "non-personal data authority" to oversee issues related to non personal data.

The introduction of non-personal and anonymised data as part of the Personal Data Protection Bill, which has been in the works for over two years now, has been a thorny issue.

Last year, a draft of India's proposed e-commerce policy also had provisions related to non-personal data which were flagged by the industry.

Submissions to the current draft can be made through the government's crowdsourcing portal MyGov.

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel