What is Non-Personal Data and what are the recommendations made by Kris Gopalakrishnan Committee?
Co-founder of Infosys, Kris Gopalakrishnan has suggested that the Non-Personal Data of an individual generated in the country should be allowed to be used by various companies. Kris Gopalakrishnan heads a nine-member government committee set up in September last year by Ministry of Electronics and Information Technology (MeitY). The committee has invited public suggestions till August 13, 2020, on the same. The committee has also suggested to set up a new committee to monitor and utilize the Non-Personal Data of the individuals.
Highlights of the Report
The report sheds light on the lightweight regulation and remains conscious of compliance costs of regulations. The committee also recommends securing the consent of data principals for processing Non-Personal Data, along with personal data. However, the report doesn't discuss the rights of data principles and actions to be taken in case of a breach.
Like the points mentioned in the Personal Data Protection Bill 2019 (PDPB), the report calls for local storage of critical Non-Personal Data, while allowing data mirroring for sensitive Non-Personal Data.
The report also empowers the Government of India to request access to Non-Personal Data for security, legal, law enforcement and regulatory purposes but misses out principles of necessity, legality and proportionality while enabling such access.
What is Non-Personal Data?
Non-Personal Data is a kind of data that doesn't contain any personally identifiable information of a user. This simply means that no individual can be identified with the help of this data. Non-Personal Data include anonymised data like name, age and other contact information for food delivery apps, cab services, climate trends by weather apps, etc.
Categories of Non-Personal Data
Non-Personal Data has been classified into three categories by the government committee-- public Non-Personal Data, community Non-Personal Data and private Non-Personal Data. These categories are strictly divided keeping in mind whether the data is anonymised or not.
Public Non-Personal Data: This includes all the data collected by the government agencies-- census, tax receipts, the information sought during the execution of public-funded works, etc.
Community Non-Personal Data: This includes all data identifiers about a set of people who have either the same geographic location, religion, job, or other common social interests.
Private Non-Personal Data: This data includes the data which is produced by the individuals themselves and can be derived from the application.
Is Non-Personal Data sensitive?
Yes, like personal data, Non-Personal Data can be sometimes sensitive. Data related to national interests-- the location of government labs, research institutions, etc.; health of communities and other related data are sensitive, even in anonymised form.
Developments on Non-Personal Data by GOI
1- In August 2017, the telecom regulator of India sought to unlock the economic value of data through a consultation paper on privacy and ownership, collected by all the telecom companies.
2- NITI Aayog, a government think tank, in its discussion on 'National Strategy for Artificial Intelligence' suggested marketplaces that the data must be shared instead of concentrating it in a hands of few people, to avoid any hindrance for the startups to grow. The data must also be shared for good governance and planning apart from economic factors.
3- A committee led by justice BN Srikrishna, suggested tha the data collected from individuals and aggregated by an entity, took on a different character and may be worthy of protection, apart from personal data.
Many times, researchers have re-identified the individuals from the anonymised data either with the help of new techniques or by using combining datasets. The anonymised data released for the research purposes by the government have been used to identify the individuals. Thus, it can be said that all the anonymised data need not be secure.
How to submit feedback?
1- Visit https://www.mygov.in/task/share-your-inputs-draft-non-personal-data-governance-framework/
2- Look for a banner which reads 'Share Your Inputs on Draft Non-Personal Data Governance Framework'. Click on 'Login to Participate'.
3- Enter Credentials as required.
4- At the bottom of the page, look for 'Do the Task Now' button. Click on it and submit your feedback either in the form of text message, Image or PDF file and don't forget to click on 'Save button'.