We can see the continuous usage of the term “non-personal data” (aka NPD) in the article. Hence, the definition of the term should be known. According to a report submitted by PRS Legislative Research, “non-personal” data can be referred to as “any data which is not personal data (data pertaining to characteristics, traits or attributes of identity, which can be used to identify an individual) is categorised as non-personal data”. Such data does not possess any kind of information that would lead to the identification of a person. NPD can be any sort of data, for example, it might be something that is not all related to an individual, or it can be personal data that had been anonymised later. Discussions regarding the protection of “non-personal data” began very late. This article deals primarily with “non-personal data” and the reasons to protect them. The importance of “non-personal data” had also been mentioned in this article.
IMPORTANCE OF “NON-PERSONAL DATA”
“Non-personal data” has significant importance. These uses can be political, economic, or security-related. The key to expanding India’s economic opportunities is to strike the right balance between effective information privacy, security, and development. Today’s world is very much technology-oriented. Hence, it can be concluded that in near future almost everything will be data-based. In such a situation, “non-personal data” would come to great use.
TYPES OF “NON-PERSONAL DATA”
NPD can be divided into sub categories like “public non-personal data”, “community non-personal data”, “private non-personal data”. “Public non-personal data” is referred to those data which is obtained by a government or governmental agencies during public-funded works. Anonymised data from land records, vehicle license data, and so on are examples. “Private non-personal data” are obtained from private sources (just like the name suggests), and the “community non-personal data” are obtained from community of natural persons. Examples of private NPD include data/insights derived through the use of algorithms, and data sources collected by municipal authorities, other database systems, and so on are examples of community NPD. In the year 2019, an expert committee was constituted in order to address the issues related to “non-personal data”. The abovementioned divisions have been made by the committee itself.
WHY DOES “NON-PERSONAL DATA” NEED PROTECTION
Although technically, no private information can be disclosed under “non-personal data”, there are some matters of concern. Often there is an overlap between personal and “non-personal data”, and this overlap is quite inevitable at times. The importance and vulnerability of data cannot be overstated. The time for data governance has arrived, just as the “Internet and cloud computing” had become accepted parts of doing business in the past. While customers’ personal data is protected by a lot of privacy laws around the world, “non-personal data” (NPD) is totally untapped. “Non-personal data” has financial value, which should be capitalised on by Indian businesses. These data can also be used to improve governance. For example, traffic patterns compiled by commercial vehicles can aid in better traffic control. This proves how important regulation of NPD can be.
INDIA’S LATEST FRAMEWORK ON “NON-PERSONAL DATA”
An expert committee is known as the “Gopalakrishnan committee” was formed by “Ministry of Electronics and Information Technology”, in the year 2020 in July. The main objective of this committee was to study and address the issues regarding “non-personal data”.
The following observations were made by this expert committee: “NPD should be regulated to enable a data-sharing framework to tap the economic, social, and public value of such data, and to address concerns of harm arising from the use of such data.”
The abovementioned expert committee had also suggested that the PDP or the “Personal Data Protection Bill” should be amended. According to the committee, the rules regarding NPD should be scraped off from this bill and should be incorporated under a separate one. This was recommended in order to avoid any kind of overlaps.
As per Amar Patnaik, a member of the “Joint Parliamentary Committee” (JPC) on “Personal Data Protection” (PDP), rules to regulate non-personal data are essential, but at the same time, the Indian market should be given chances to grow. JPC has come up with some recommendations regarding the PDP Bill 2019. These recommendations would be discussed in the Parliament in the approaching winter session. One of the major recommendations had been that the term “personal” should be removed, and both personal data, as well as NPD, should be regulated using the same regulator.
It can be concluded that it is extremely important to safeguard the “non-personal data”. At the very least, the NPD landscape in India is perplexing. There is little clarity about how “non-personal data” regulations and regulators would interact with personal data regulations and regulators. This article has also talked about how important NPD can be. It holds economic, as well as security-related importance. Unlike personal data, NPD hardly had any kind of regulations, hence, a solid set is absolutely necessary. Artificial intelligence has become a major thing these days. Therefore, it can be accomplished that NPD needs to be regulated largely. Proper full-fledged regulation of non-personal data in India has a long way to go.
- “Non-Personal Data Governance Framework”, https://prsindia.org/policy/report-summaries/non-personal-data-governance-framework.
- “India: Revamped framework proposed for non-personal data regulation”, [January 2021], https://www.dataguidance.com/opinion/india-revamped-framework-proposed-non-personal-data
- Piyush Sharma, “Non-personal data: Unlocking value for public good”, [July 27, 2020], https://www.fortuneindia.com/opinion/non-personal-data-unlocking-value-for-public-good/104665.
- Supra note 1.
- Tanmay Mohanty, “India: Non-Personal Data Governance Framework”, [September 16, 2020], https://www.mondaq.com/india/privacy-protection/985574/non-personal-data-governance-framework.
- Vidushi Marda, “Non-personal data: the case of the Indian Data Protection Bill, definitions and assumptions”, [October 15, 220], https://www.adalovelaceinstitute.org/blog/non-personal-data-indian-data-protection-bill/.
- Sreenidhi Srinivasan and Anirudh Rastogi, “Why non-personal, what’s critical … & snooping? JPC report on data protection raises questions for privacy, business & regulation”, [November 26, 2021], https://timesofindia.indiatimes.com/blogs/toi-edit-page/why-non-personal-whats-critical-snooping-jpc-report-on-data-protection-raises-questions-for-privacy-business-regulation/.
This article is written by Aaratrika Bal student at National Law University Odisha