Non-personal data panel, chaired by Infosys’ cofounder Kris Gopalakrishnan, has suggested that the government should set up a regulator and direct them to store data devoid of personal details.
The 30-page undated document, accessed by Reuters, elaborates that such a regulator would be armed with legal powers to request data, supervise sharing requests and settle disputes. Besides this, it highlights that any company that holds data beyond a certain limit, which is yet to be decided, should be called a “data business”. Such businesses will have to inform the government on how they collect, store or plan to use the data.
“There is a need to create a regulator or authority for data business, which provides centralised regulation for all non-personal data exchanges,” the document read.
A person familiar with the matter told the publication that the panel is in the final stages of deliberation on the report and will be submitting it to the ministry of electronics and information technology (MeitY) once complete. Kris Gopalakrishnan did not comment on the report.
Gopalakrishnan was appointed as the head of a committee formed by the MeitY, last September, to study issues related to non-personal data. As the committee head, he is also supposed to suggest ways to regulate such data. For this, the panel has been consulting several companies across segments — ecommerce, cab hailing, healthtech and others — to seek their opinion on how the regulations should be implemented.
Moreover, the committee wants to understand how the companies utilise the non-personal data to provide its service. It is also focusing on knowing about the issues with possible portability and what compels them to share data.
Alongside this, the government is also working on the Draft Personal Data Protection Bill 2019 to ensure that the user data remains secure and protected. Last month, the joint parliamentary committee (JPC), which is managing the bill, sought Facebook, Microsoft and industry body ASSOCHAM and NASSCOM’s views on the proposed legislation that will impact internet and technology companies in India.
The government has defined personal data as data that allows direct or indirect identifiability of the user, whereas non-personal data is anonymised. The data protection bill is also focusing on sensitive personal data, which includes financial data, biometric data, positive additions such as religious and political beliefs, caste, intersex/transgender status, and official government identifiers like PAN. The government is managing personal and non-personal data separately due to different purposes, use cases and threats.
In August 2019, IT minister Ravi Shankar Prasad, emphasised on drawing a distinction between personal and non-personal data. The union minister believed that non-personal data can be put to good use. This is why the government set up a non-personal data committee in September 2019.