iSPIRT’s Official Response to Non-Personal Data Governance Framework

A Committee of Experts under the Chairmanship of Shri. Kris Gopalakrishnan has been constituted vide OM No. 24(4)2019- CLES on 13.09.2019 to deliberate on Non-Personal Data Governance Framework. Based on the public feedback/suggestions, the Expert Committee has revised its earlier report and a revised draft report (V2) has been prepared for the second round of public feedback/suggestions. iSPIRT had provided a past response to the previous report and in this blog post contains a response to the revised report

At the iSPIRT Foundation, our view on data laws stems from the following fundamental beliefs: 

  1. Merits of a data democracy (that is, the user must be in charge)
  2. Competitive effects must be well understood, for creation of a level playing field amongst all Indian companies, and some ring-fencing must exist to protect against global data monopolies
  3. Careful design enables both high compliance and high convenience

It is with these perspectives that we have analyzed the revised Non-Personal Data report in our response.

Key Sources of Ambiguity in the NPD Report 

The key sources of ambiguity in the report are: 

  1. Purpose of techo-legal framework for Non Personal Data: The non personal data framework is meant to provide the right legal and technology foundations for world class artificial intelligence to be created out of India for the betterment of financial, health, and other socio-economically important services. The current version of the report sidesteps this completely by constraining the applicability to only “public good” purposes rather than taking a holistic approach to “business & public good purposes” 
  2. Data Business entities need a harmonised definition (given the interplay with data fiduciaries as proposed in the MeitY Personal Data Protection Bill) and clear incentives for participation. The current report relies excessively on regulation & processes for data businesses to achieve the outcome. 
  3. Institutional structure for Data Trustees: The report restricts Data Trustees to government agencies and non-profit organisations; however, in a domain consisting of fast evolving technology by excluding the private sector in offering the base infrastructure creates a severe limitation on the ecosystem of modellers that can be created. 
  4. Technology Architecture: The illustrated technology architecture is unclear around the public infrastructure (through the form of open standards, public platforms, and others) that need to be created & adopted to bring to life the non-personal data ecosystem in an accelerated manner. 

Conclusion

While we’re aligned with the vision of the committee, it’s critical that the above ambiguities are resolved in order to create a strong non-personal data ecosystem created in India. Till these ambiguities are resolved, the recommendations of the Report should not be operationalized.


For any press or further queries, please drop us an email at [email protected]