The Gopalakrishnan Committee, setup by the Indian government on non-Personal Data Governance Framework, submitted its draft report in July 2020.
The draft report of the committee that’s headed by chairman Kris Gopalakrishnan, co-founder of Infosys proposed setting up a dedicated authority that would ensure non-personal data would be used for sovereign and commercial purposes.
It further emphasized the need to write out broad parameters regarding data sharing and how the non-personal data could be prevented from being de-anonymised.
Why the committee?
Here are the five principal reasons why the committee on non-personal data was formed:
- It is important to ensure that big companies don’t create data monopolies.
- In the data economy, governments and businesses need to treat data as an asset that can be traded and monetized
- India has the second largest number of smartphone users, which means it’s also a huge data market. It’s in everyone’s interest to regulate and formalize such a large market.
- It’s important to provide a framework on which to build a data sharing economy. This, in turn, would encourage startups and help improve the delivery of public services.
- Finally, and perhaps most importantly, it was important to formalize everything without making it cumbersome.
Video on Gopalakrishnan Committee recommendations
In case you’d like to straight jump to the video on the recommendations made by the Gopalakrishnan Committee, here you go.
For a detailed analysis, read below.
What are the major recommendations of the Gopalakrishnan Committee?
Following are the seven recommendations of the Gopalakrishnan Committee in their draft report:
Recommendation 1: Define Non-personal Data
The report defines Non-Personal Data and classifies it into three categories:
- Public Non-Personal Data
- Community Non-Personal Data
- Private Non-Personal Data
Recommendation 2: Define Non-Personal Data Roles
The draft report suggests four Non-Personal Data roles:
- Principals Data: The natural person to whom the data relates
- Custodians Data: The entity that undertakes collection, storage and protection of data
- Trustees Data: The entity through which the data principal can exercise their data rights
- Data Trusts: The institution that abides by rules, protocols and guidelines to contain and share data
Recommendation 3: Articulate legal basis for rights over Non-Personal Data
Data is an intangible asset and its ownership may have multiple claimants. Their rights and obligations may have some common area.
That’s why it’s important to articulate the legal basis of rights over this data.
- In case of Non-Personal Data derived from individuals, the individual themselves will be the data principals.
- In case of Non-Personal Data derived from the community, the community shall have the rights to that data.
Recommendation 4: Define business data
The Committee suggests creating a new category of business: Data Business.
However, the Committee points out, this category is not an independent sector. That’s because nearly all businesses that use data (banks, hospitals, hotels, educational institutes, NGOs etc) are Data Businesses.
Further, the Committee recommends registering Data Businesses based on whether the business had crossed a certain t0-be defined threshold of data.
The registration system for a Data Business will be an open API.
Recommendation 5: Specify Data Sharing Purpose
The Committee envisages three principal purposes for which data may be shared
- Sovereign or national security purposes
- Core or public service and research interest purposes
- Economic purpose
Recommendation 6: Define data sharing mechanisms and checks and balances
The Gopalakrishnan Committee draft report suggests that first, only factual, raw data needs to be shared.
It adds that if the shared data is at value-added processing level, the system could permit some financial compensation.
Finally, there would be adequate checks and balances that outline what kind of data can be shared outside India and the liabilities involved.
Also, it would involve peer review and would remain open to suggestions for changes from competent bodies.
Recommendation 7: Establish a Non-Personal Data Authority
The Committee recommends founding of a Non-Personal Data Authority.
This authority would help unlock the value of Non-Personal Data in India.
It would principally have two roles:
- Enabling role: It would ensure data is shared for reasons agreed upon.
- Enforcing role: It would ensure all stakeholders comply with rules and also assist in preventing de-anonymisation of data.