Recently, a government committee chaired by Kris Gopalakrishnan, Infosys co-founder, proposed that non-personal data generated in India should be made accessible to domestic companies and entities. The committee further suggested creating a separate national legislation and authority to monitor non-personal data and a compulsory sharing of such data. This initiative is believed to help Indian entrepreneurs devise novel services or products benefiting citizens.
Non-personal data refers to any data that doesn’t include personally identifiable information. For instance, the order details collected by a food delivery service become non-personal data if identifying details like name and contact information are removed.
The committee has classified non-personal data into three categories – public, community, and private non-personal data, each of which holds significance for different aspects of society and the economy.
Classification of Non-Personal Data
Public non-personal data involves all data collected by government agencies during the implementation of publicly funded projects. Examples include census data and total tax receipts gathered by municipal corporations.
Community non-personal data encompasses data about a group of individuals sharing common social interests or residing in the same geographic location. Examples include metadata gathered by ride-hailing apps or telecom companies.
Private non-personal data can be categorized as data produced by individuals that can be derived from proprietary software or knowledge, like information generated by tech giants like Google and Amazon.
The Value and Sensitivity of Non-Personal Data
Non-personal data can help map customer biases and ensure targeted delivery of services, providing economic value and fostering innovation. However, unlike personal data, non-personal data usually exists in an anonymized form. Still, certain categories of data related to national security or strategic interests can pose dangers even in anonymized form. Data stemming from sensitive personal data might be considered as sensitive non-personal data.
Issues and Challenges
The proposal to utilize non-personal data largely favors big tech companies that have the necessary capital and infrastructure to generate such massive volumes of data, leaving smaller entities at a disadvantage.
India is also a signatory to Trade-Related Aspects of Intellectual Property Rights (TRIPS), having extended copyright protection to computer databases in 1999. This has led to a challenge differentiating between non-personal data that cannot be shared and non-copyright non-personal data that can be used as a public resource.
Furthermore, the committee’s report lacks clarity concerning grievance redressal mechanisms.
Way Forward: Learning from Other Countries
Like many countries, India needs to define non-personal data in a way that protects intellectual property rights, serves the public interest, and promotes innovation. It may draw lessons from France’s National Strategy on Artificial Intelligence policy, which encourages economic players to share and pool data with the state acting as a trusted third party. India can also look at the European Union’s Regulation on the Free Flow of Non-Personal Data, which stresses the necessity of free flow of non-personal data for a competitive economy.