Panel calls for separate legislation to govern, regulate non-personal data

“The regulations proposed for non-personal data can be enforced effectively and at a national scale only if they are incorporated as part of a new national law. The committee strongly recommends that the proposed Non-Personal Data Governance Framework becomes the basis of a new legislation for regulating non-personal data," a draft report on non-personal data governance framework showed said. The committee has sought feedback from relevant stakeholders by 13 August.

Non-personal data refers to information that cannot identify a person, but have details on weather conditions, and data from sensors installed on industrial machines, and public infrastructure. It also includes data which was initially personal, but were later made anonymous, according to the draft definition.

The committee was set up last year, comprising Debjani Ghosh, President Nasscom, Neeta Verma, DG, National Informatics Centre, Ponnurangam Kumaraguru, IIIT Delhi Member, among others, to study the issues to non-personal data and make suggestions for consideration of regulation of such data.

The draft has defined non-personal data, concept of community data and rights and privileges over suchdata and has recommended mechanisms for data sharing while defining its purpose--sovereign, core public interest, and economic purposes.

“Data which are aggregated and to which certain data transformation techniques are applied, to the extent that individual specific events are no longer identifiable, can be qualified as anonymous data," it said.

The draft defines a data business and articulates requirements for its registration and data disclosure and recommends a non-personal data authority and articulates its two roles--enabling and enforcing.

An enabling role will ensure that data is shared for sovereign, social welfare, economic welfare and regulatory and competition purposes, leading to innovation, economic growth and social well-being. An enforcing role will ensure all stakeholders follow the rules and regulations laid, provide data appropriately when legitimate data requests are made, it said.

The draft also provided technology-related guidelines for digitally implementing the recommended rules and regulations around data sharing.

The development comes months after the ministry of electronics and information technology (MeitY) framed a draft personal data protection bill, which is currently being discussed by a joint select committee of both houses--Lok Sabha and Rajya Sabha-- after which it shall be debated in Parliament. The bill aims to build a framework to preserve the sanctity of consent in data sharing, and penalize those breaching privacy norms.

The draft bill also introduced a provision empowering the government to ask a company to provide anonymized personal data, as well as other non-personal data, for formulation of policies.