on the ‘Non-Personal Data Governance Framework’ talks about how digital transformations all over the world have meant that data is treated as an asset, which is monetised, either directly by trading it, or indirectly by developing a service on top of that data. It says that the non-personal data authority, “must seek to work within the frameworks of the expected privacy legislation and in consultation with the Data Protection Authority, and mitigate such risks with an ex-ante evaluation of the risk of re-identification of anonymised data, prior to approving requests for data-sharing.”, has previously flagged the carve-out (exemption). The birth of the concept of community data was equally vague when it was introduced in the e-Commerce draft policy of 2019. b) Finding a community association is problematic in itself. “Europe is thinking on the same lines like us and if 10 other countries follow that, it will have impact,” the official added. Simultaneously, in 2019, the Ministry of Information and Technology (MeitY), constituted a committee to create a set of rules that will govern non-personal data. The report, released last week, has made a case for regulating NPD, defining it under three main categories- public non-personal data, community non-personal data and private non-personal data. The specific problem here is personal data being anonymised, i.e. India, one of the world’s largest data markets, has the opportunity to play the leading role in its upcoming G20 presidency (2022) where it can develop a data-sharing regime focused on interoperability and trust amongst nations. when personally identifiable information from a data-set is removed. d) The critical aspect of data privacy has not been considered. Senior Researcher, International Law Studies Programme. It also includes data, which was initially personal but was later made anonymous, according to the definition in the draft document. Submissions will be accepted until August 13. Fourth, data business. Financial Express is now on Telegram. On 12 July, 2020, a committee created by the Ministry of Electronics and Information Technology and led by Kris Gopalakrishnan[1] released a report (Report) on non-personal data, a first of its kind. Amid Growing Adoption And Funding, Indian Edtech Startups Face Profitability Bat... Impact Incubator Villgro On Two Decades Of Backing India’s Agritech Ecosystem, The Future Of Education: Indian Startups Chase $10 Bn Edtech Opportunity. For this purpose, the report seeks to delineate the terms ‘personal’ and ‘non-personal data’. Second, on community non-personal data. However, it also concedes that the sharing of such non-personal data, in the form of anonymised personal data, could provide collective insights that could open the way for collective harms (exploitative or discriminatory harms) against communities. c) The Report misses to consider individual privacy in the context of community privacy. Third on multiple stakeholders. This data class brings to fore the following issues: a) Community non-personal data is defined as including anonymised personal data, and non-personal data about inanimate and animate things or phenomena – whether natural, social or artefactual, whose source or subject pertains to a community of natural persons. An analysis of the Report, however, reveals some lacunae and questions on the early nature of the assessment since India has yet not yet established rules on the governance of personal data. A government-appointed committee of experts, headed by former Infosys vice-chairman Kris Gopalakrishnan, has submitted a draft report which talks about the … The Internet Freedom Foundation (IFF), an Indian digital liberties organisation. An example of the same, cited in the report explains a scenario where anonymised data about people of a certain sexual orientation frequenting certain pubs or restaurants could lead to vigilante mobs taking the law into their hands and cracking down on these pubs and restaurants. anonymised or non-personal data to frame policies in the interest of its digital economy. To lead this, India must first domestically establish robust ground rules on data flows. c) The creation of a separate taxonomy of data businesses, defined broadly and bound by several legal obligations and liabilities, shall be a matter of concern for industry and investor groups. [3] The Report also discourages cross-border flow of data; this impacts trusted foreign partners who are critical for the growth of India as a strong regional technology leader in Asia. The eight-member committee is expected to submit its report as expeditiously as possible. The draft report recognises the risks associated with anonymised personal data passing off as non-personal data and subsequently leading to the identification of certain persons. First, on personal and non-personal data, the fundamental question is whether non-personal data can be segregated from personal data. This is a serious lacuna as businesses from automobiles and retail to entertainment and creative sectors, often base their business models on IP-protected data, which needs to be fully protected. The Report envisages the creation of an ecosystem with multiple players including a data trustee, data custodian and a data regulator. The Ministry of Electronics and Information Technology (MeitY) has invited suggestions on the draft report. Exclusive: CredAble Raises INR 18.14 Cr From V’Ocean Investment & Others. b) The concept of sharing of data by a ‘data business’ [2] does not distinguish between IP-protected data and unprotected data. However, some privacy advocates are not enthused about the government’s move. Even as the personal data protection Bill is yet to be finalised and passed by the Parliament, the government has opened another front regarding non-personal or community data… You can read exclusive content here. A company collects data over the years, spending money and resources. Legal experts have raised objections to the government committee report on Non-Personal Data (NPD) due to the excessive focus on economic interest rather than public good.Last month, the government-ap “The formation of the committee comes at a time of grave concern on the final text, form and actual legislative introduction of the data protection law, which India today lacks. Regulations must encourage innovation while also creating a level playing field for both, domestic and foreign businesses.