Current Affairs Brain Booster for UPSC & State PCS Examination
Topic: Non-Personal Data Governance Framework
Why in News?
- The government has invited feedback from the public on a draft report prepared by an expert panel set up under Infosys co-founder and angel investor Kris Gopalakrishnan to deliberate on framing rules for nonpersonal data governance. The panel has submitted the draft report to the government now.
Background
- The Ministry of Electronics & Information Technology (MeitY) constituted an eight member Committee of Experts to deliberate on a Data Governance Framework.
- While the Personal Data Protection Bill is still in process, the Gopalakrishnan-led panel in its report has defined non-personal data
- The government has fixed August 13 as the last date for submission of the feedback.
Define Non-Personal Data
- The Committee has defined three categories of Non-Personal Data –
- Public Non-Personal Data;
- Community Non-Personal Data; and
- Private Non-Personal Data.
- The Committee has also defined a new concept of ‘sensitivity of Non-Personal Data’, as even non-personal data could be sensitive from the following perspectives –
- It relates to national security or strategic interests;
- It is business sensitive or confidential information; and
- It is anonymised data that bears a risk of re-identification.
- The Committee recommends that the data principal should also provide consent for anonymisation and usage of this anonymized data while providing consent for collection and usage of his/her personal data.
- Public non-personal data means non-personal data collected or generated by the governments, or by any agency of the governments, and includes data collected or generated in the course of execution of all publicly funded works.
- Community non-personal data means non-personal data, including anonymised personal data, and non-personal data about inanimate and animate things or phenomena – whether natural, social or artefactual, whose source or subject pertains to a community of natural persons. Provided that such data shall not include private non-personal data.
- Private non-personal data, means non-personal data collected or produced by persons or entities other than the governments.
Sensitivity of Non-personal Data
- Unlike personal data, non-personal data is more likely to be in an anonymised form. However, in certain categories such as data related to national security or strategic interests such as locations of government laboratories or research facilities, even if provided in anonymised form can be dangerous.
- Similarly, even if the data is about the health of a community or a group of communities, though it may be in anonymised form, it can still be dangerous.
Criticism
- Non-personal data often constitutes protected trade secrets and often raises significant privacy concerns. The paper proposes the nebulous concept of community data while failing to adequately provide for community rights.
- Other experts also believe that the final draft of the non-personal data governance framework must clearly define the roles for all participants, such as the data principal, the data custodian, and data trustees.
- Regulation must be clear, and concise to provide certainty to its market participants, and must demarcate roles and responsibilities of participants in the regulatory framework. The report is unclear on these counts, and requires public consultation and more deliberation.