Editorial

The draft report on regulating non-personal data does not allay misgivings over data use

| Updated on July 16, 2020 Published on July 16, 2020

The data transformation techniques that can be used to “anonymise” personal data are not clearly defined. Vested interests can exploit the situation.

It is indeed welcome that the Report by the Committee of Experts on Non-Personal Data Governance Framework, released a few days ago, has sought to bring some clarity to a pack of contentious issues in India’s data privacy space. The panel has tried, but with limited success, to define non-personal data. It has delved into crucial subjects such as ownership of data, undertaking a data business and data sharing. It puts forward useful suggestions on the need to set up a ‘non-personal data regulatory authority’ to manage India’s vast and emerging data space, while nurturing a creative and egalitarian technology architecture. However, the report is not free of the ambiguities embedded in earlier policy papers on the subject, including the overarching Personal Data Protection (PDP) Bill 2019. The latter, which awaits Parliament approval, gives rise to long-term concerns.

A major concern arising out of the new report is the lack of clarity on how it defines non-personal data. It considers this to be data that is not related to an identified or identifiable natural person. According to the report, this would include data on weather conditions, from sensors installed on industrial machines, from public infrastructure, and so on. Another category of non-personal data could pertain to information that initially was personal data but were later made anonymous. For instance, the report says that data that are aggregated and to which “certain data transformation techniques” are applied to the extent that the individual or specific events related them are no longer identifiable can qualify as anonymous data. The data transformation techniques that can be used to “anonymise” personal data are not clearly defined. Vested interests can exploit the situation.

The panel’s suggestions also end up giving the State immense powers to define and determine non-personal data and use that for its interests. This doesn’t augur well for a democracy, besides hurting business interests. A new form of digital control raj should be avoided. Another potentially controversial idea is the suggestion to create a Non-Personal Data Authority. The panel suggests that data can be classified into three categories — public, community and private non-personal data, based on their ownership and origin of creation. There is littleclarity on who owns what kind of data as reflected in the way the report defines and identifies stakeholders such as data principal, data custodian, data trustee and data trust. The roles of these parties are still not delineated. These issues need to be addressed to avoid unethical practices, especially in a country like India which is witnessing a data economy explosion. Going forward, this could lead to a chain of exploitative practices, legal wrangles and policy deadlocks, only benefiting vested interests — if the legal framework is not revisited. Bringing transparency into the data debate is the need of the hour.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on July 16, 2020
This article is closed for comments.
Please Email the Editor