Given that the draft bill on personal data protection kept non-personal data out of its purview, the government is looking at ways to regulate such category of data that includes community data and anonymised data. To this effect, the Ministry of Electronics and Information Technology (MeitY) has set up a committee — headed by Infosys co-founder Kris Gopalakrishnan — to work on a data governance framework and suggest ways to regulate non-personal data.
Recommendations of a committee under Justice BN Srikrishna, which had submitted its report and a draft Personal Data Protection Bill in July 2018, pertained to a personal data protection law, whereas the latest exercise by MeitY aims to look at non-personal data.
Such data is usually held by large commercial entities like cab-aggregators, e-commerce companies, etc that use the community data generated on their platforms to improve their services. This is in addition to anonymised datasets also being provided to government bodies and departments by large internet companies to assist in policymaking.
Through this exercise, MeitY plans to understand whether access to community and anonymised data should be unfettered and the implications it could have on personal data protection.
Other members on the proposed Committee include NASSCOM President Debjani Ghosh, National Informatics Centre DG Neeta Verma, Avanti Finance CTO Lalitesh Katragadda, and two senior government officials among others. The panel may co-opt other members for their specific inputs, the Centre said. Among the terms of reference (ToR) of the Committee is to “make specific suggestions for consideration of the Central Government on regulation of Non-Personal Data.”
Notably, even as the recommendations of the Srikrishna committee took cognisance of non-personal data, the draft Personal Data Protection Bill submitted by the panel excluded anonymised data from purview of the draft law.
In light of this, the newly-formed committee under Gopalakrishnan is also expected to look at the role of the proposed Data Protection Authority, and whether non-personal data will also be regulated by it.
“The (Justice Srikrishna) Committee also took cognisance of community data as relating to a group dimension of privacy and an extension of data protection framework. Such data that has been sourced from multiple individuals is akin to a common natural resource where ownership is difficult to ascertain due to its diffused nature across several individual entities,” the Centre said Friday.
Elaborating further on community data, the committee argued that “degree of involvement of larger community in building the body of data” challenges the notion of “individual control over personal data”, the Ministry said in its order.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines