The Non-Personal Data Governance Framework suggested by the Ministry of Electronics and Information Technology (MeitY) set up a committee of experts that should be backed by ramping up research and development activity, as per experts.
In late 2020 and early 2021, the National Law School, Bangalore, the Indian Institute of Science, Bangalore, and the Indian Institute of Technology, Bombay, jointly hosted panel discussions on Non-Personal Data.
Based on those panels, a short report has been drafted authored by Srijoni Sen, National Law School of India University, Bangalore, Inder Gopal, Indian Institute of Science (IISc) and Manjunath D, Indian Institute of Technology (IIT), Bombay.
The first version of the framework for non-personal data (NPD) by the government-appointed Committee of experts, headed by Infosys co-founder Kris Gopalakrishnan was submitted in July 2020. A revised version was published in January 2021.
The paper examined the claimed connections between the proposed framework and its potential to accelerate innovation for the public good.
As per the report, the framework opens the door for significant economic activity and public good in the NPD space.
“It is essential, nay critical, that this be backed up by ramping up the research and development activity,” the report said.
The research suggested a three-pronged approach to navigate the same. According to the paper, MeitY and other funding agencies should initiate scholarly work on the technology, science, legal, and policy aspects and address the many concerns that are still open.
Entities should also focus on funding the technology and marketplace development to exchange raw and processed data. The paper suggested that technologies developed for IUDX can be leveraged as a template for the same.
One of the key themes that developed during the discussions was a critical requirement for India of “furthering trust in these governance bodies and structures, an essential element of forming data trusts.” However, there is an issue of suitable technology for the data trusts that need to be addressed.
Lastly, data should be made available to researchers and for-profit organisations, subsidised or at cost, to develop the ecosystem.
“Many believe that startups and ideas have money but no data. A simpler way is to also ask the data analytics curricula that have sprung up to work on projects based on these data sets and make their outcome publicly available,” the paper said.
The report further argued against the “dichotomy” that mandatory data sharing, as suggested, will reduce innovation.
“Our experience has shown that sharing high-quality data is the precursor to the creation of a data economy. Far from stifling innovation, it is the progenitor of new services and benefits for citizens and will empower an array of application developers and start-ups,” it said.
Concerns related to framework
However, the authors further added that “valid concerns have been expressed in reactions to the NGF on the possibility of heavy-handed regulation and conflicting regulatory structures.”
These concerns should be taken into account while designing governance mechanisms. Concerns of privacy and the right of the individual should also be taken into consideration.
“However, opposition to a particular regulatory structure should not be conflated with opposition to the core concepts of NPD exchange,” the report said.
Other concerns highlighted by experts include the ambiguity of concepts used in NGF, including the category of non-personal data itself, the meaning of the term ‘community’, or ‘community trustees’.
Furthermore, the framework also needs to outline individual and community rights more precisely, as per experts.
The paper also highlighted concerns related to the specific types of NPD.
“Another set of concerns that the industry lawyers have raised is on the difficulty of governing only ‘raw’ data where, in practice, it is not often possible to distinguish between raw and processed data,” the report further added.
Furthermore, it will also be crucial to discuss the similarities and differences between NPD and Personal Data.
“A key concern is that Data Trustees will be authorizing the use of personal data to create NPD, often without a clear understanding of risks. The risk of individual privacy exposure is real and the use of techniques such as differential privacy and other forms of data anonymization are to be explored,” as per the report.
The report also highlighted multiple use cases of NPD for the public good, including smart cities and sectors such as agriculture and healthcare.
The paper further noted that “The industry representatives all acknowledged the value for the public good that NPD could unlock, and has been unlocking. The Covid-19 pandemic, in particular, has made such instances particularly clear. However, clearly, as more data sharing takes place to respond to such crises, the more there is the need for secure and trusted institutions to facilitate the exchange.”