wordpress blog stats
Connect with us

Hi, what are you looking for?

Event Report: Governance of Non Personal Data

Event Report: Governance Of Non Personal Data

Following our incisive discussion last week on the Governance of Non Personal Data, based on the Revised Draft Report on Non Personal Data from MEITY’s committee of experts, we’ve summarised key challenges and recommendations shared by our speakers and participants.

You may download your copy of the report here. Some excerpts from the report:


Stated objectives and their validity​: If the objective of the proposed framework is to give an advantage or fillip to Indian startups, then the motive should not be shrouded in the cloak of ‘community’ benefit. It’s unclear how an institutional setup will help Indian startups; companies cannot be simply expected to hand over datasets to competitors simply because they have been ordered to do so.

“If the objective is that we are regulating because we want to privilege Indian startups over any other kind of entity, then we need to say that upright, and stop guising it in the word ‘community’, because then that gives a very different kind of perception,” — Beni Chugh, Dvara Research

Dispute resolution mechanisms​: If a data requester finds that the data custodian has not met their demand and approaches the NPDA, then it’s unclear how the regulator would balance competing claims. Because on one hand, the custodian may have defined access as data sharing may not be in the community’s best interest; on the other hand, the requesting entity would be adamant on having access.

Conflicts with other regulatory bodies​: An Non-Personal Data Authority may conflict with other institutions, such as the forthcoming Data Protection Authority of India or the Competition Commission of India (CCI); it will need to be in constant deliberations with such organisations to succeed in its goals. Given the inherent inter-sectoral nature of the datasets and the concerned stakeholders, all decisions would rely on continuous communication and consultation between regulators.

Advertisement. Scroll to continue reading.

Potential conflict in goals​: Further, agencies that regulate non-personal data and personal data could be dealing with a potential conflict of goals, with the former being concerned with “unlocking economic value” and the latter looking to protect privacy.

Anonymisation will carry privacy risks​:​ ​The risk of re-identification always exists with anonymised personal data. Simply applying one level of anonymisation and calling it Non Personal Data (under the current framework) thereafter does not take away the existing privacy risks. The anonymised data may not even be sufficiently ring-fenced from privacy litigation.
Anonymisation option exposes companies to risk​: FinTech companies that use data for analytics don’t necessarily need personally identifiable information (PII), and prefer to anonymise their data to reduce exposure to risk. These companies could also use a third-party to process analytics, and they wouldn’t want to share personal information.

“This puts an additional barrier for me because I now require consent and this actually makes the data which I am storing more secure. And why should there be a barrier for that?” — Prasanto K. Roy, FTI Consulting

More challenges and recommendations in the report.


Also note: we’re hosting a discussion on Data Policies and Artificial Intelligence on Thursday, 28th January, 2021.

  • Agenda and Reading list: here.
  • Application form: here.


  • MediaNama’s discussion on the Governance of Non Personal Data was supported by Microsoft and Facebook.
  • MediaNama is hosting the discussion on Data Policies and Artificial Intelligence with support from Flipkart, Facebook and Microsoft. The Centre for Internet and Society is our community partner for this discussion.

Advertisement. Scroll to continue reading.
Written By

Founder @ MediaNama. TED Fellow. Asia21 Fellow @ Asia Society. Co-founder SaveTheInternet.in and Internet Freedom Foundation. Advisory board @ CyberBRICS

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ