Introduction

Control over data and digital intelligence – a vital component of power in our emerging digital society – is gradually reshaping the global social, economic, and political paradigm. In this neoliberal economy, it is perceived that for a fair economy to sustain, the widespread access to data should lie with the private corporations. As we citizens acknowledge the ever-increasing importance of the data which we are also party to, asserting collective ownership on these data is evolving into a fundamental policy governance challenge of our times.

The government of India has committed a serious mistake in the introduction of the Personal Data Protection Bill (PDPB), 2019 – neither has it waited for the suggestions of the committee of experts on NPD nor has is it solicited comments from the public at large.

As the majority of the discussions surrounding data get reduced to the aspects of personal data protection, very little consideration is given to the debate on non-personal data (NPD). The role of the public and the government with respect to NPD has to be clarified, lest we intend on perpetuating the NPD monopoly the private sector presently enjoys. The government of India has committed a serious mistake in the introduction of the Personal Data Protection Bill (PDPB), 2019 – neither has it waited for the suggestions of the committee of experts on NPD nor has is it solicited comments from the public at large. As a result, NPD is covered by a single vague section under the PDPB, which states –

Section 91(2). The Central Government may, in consultation with the Authority, direct any data fiduciary or data processor to provide any personal data anonymised or other non-personal data to enable better targeting of delivery of services or formulation of evidence-based policies by the Central Government, in such manner as may be prescribed.

[Explanation: For the purposes of this sub-section, the expression “Non-Personal Data” means the data other than personal data.]

Personal Data Protection Bill, 2019

The foregoing clause makes it clear that the government has not made any attempt to either define the scope of NPD or the purposes for which government may use the same. The PDPB’s failure to demarcate personal data from NPD will eventually give rise to big concern, as mere legal demarcations can’t ensure technical demarcations. Accordingly, for a better understanding of the concept of NPD, first, let us try to define what is NPD.

Non-Personal Data

NPD is essentially anonymised data which can’t be traced back to identify a person. But, in truth, it can be deciphered and traced to an identifiable social group of people.

NPD is essentially anonymised data which can’t be traced back to identify a person. But, in truth, it can be deciphered and traced to an identifiable social group of people. A common example of such a feature would be in identifying a religious group from the food delivery pattern on a food delivery application in a particular neighbourhood.

The European Commission (2019) categorises NPD on the basis of origin in the following two ways –

1. data which originally did not relate to an identified or identifiable natural person, such as data on weather conditions generated by sensors installed on wind turbines; or
2. personal data, which was later anonymised.

GDPR laws have conveyed that if the mixed data set contains any of the personal identification marks, the data will be considered as personal data, no matter what the major chunk of data consist. But in the PDPB, such a mandate is absent.

            From the definition given by the EC, the element that stands out the most is the concept of anonymity. But the anonymisation of a particular data is not a foolproof method anywhere in the world. Further, the EC categorisation indicates that data is not strictly binary as personal data and NPD. Most of the data exist in the form of a mixed data set. GDPR laws have conveyed that if the mixed data set contains any of the personal identification marks, the data will be considered as personal data, no matter what the major chunk of data consist. But in the PDPB, such a mandate is absent.

Ownership claims of Govt & Private firms

Until the debates around the ownership of NPD began, private companies enjoyed monopoly. The argument by the private firms is that as they are collecting the data and have no personal identification in it, so the data effectively belongs to them, as there was no compulsion on any individual to provide their data with them. Further, as the data doesn’t involve any personal identification, their argument also adds that the public has no right of ownership of the data. The dominant narrative of a laissez-faire economy also supports the view of private firms concerning the handling of NPD.

But, over time, seeing the unsubstitutable potential of NPD in providing intel, the government has utilised the narrative of data as a public good to make the most of NPD. Supposedly, the governments’ vision with NPD is that it can ensure unfettered access to data for all and this will help in powering the nation through the 4^th industrial revolution (Sinha and Basu, 2019).

Issues With Sharing Of NPD

An important issue concerning the sharing of NPD is that the mere handling of such data in itself is a difficult task. The meagre number of firms in the data-oriented application market elucidates this point. Be it online trading, carpooling or even food delivery applications, we can only find a handful number of firms in operation. This is because MSMEs cannot handle the vast amount of data such businesses entail. Following the surest way to maintain status quoto, i.e. negating space for prospective competition, they hold on to vast sets of NPD. This important factor discourages private firms to arrive at a deal with the government and public on the sharing of NPD.

Further, to define NPD is to understand not only its various parameters but also the demand for access expressed by the government and private sector.

State access through PDPB

From the narrative of the introduction of the PDPB, 2019 a clear inference is that the government will eventually gain access to NPD . Even if the state has access to NPD, in order to benefit from such access the State must have an adequate degree of data-awareness and data skills that are necessary to make use of the data. So on discussing the challenges associated with the state in the data handling, one of the primary issue is the state’s weak IT infrastructure. Further, for a better flow of data among the private parties and State, the latter must provide the private firms with appropriate incentives to continue to collect and process important data of the society like in terms of allowing exclusivity for specific uses of data for a limited period, etc. (Singh and Gurumurthy, 2020). Further, if the government is not able to make a deal with the private firms, the government has to come up with its own procurement policies concerning data collection. For better execution of the projects utilising the aggregated NPD, the government must first introduce mechanisms to allow who shall have the access to the data, as mere free access distribution has the potential to kill the actual objective for the public access to data. So government along with the primary private firm decide who shall have the access and for what all purposes the data can be used. Strict regulation has to be introduced on the manipulations permissible on the NPD.

Way Forward

For better handling of NPD acknowledging all the above-stated reasons, the government needs to embark upon framing a new data governance framework that specifically deals with NPD. For that, the government of India needs a legislation on NPD along with setting up the offices for a data ombudsman/ steward or commissioner.

From our history, we can observe that post-91 LPG reforms, India became an export-oriented IT market. If the government, in its interest for greater control on all fronts, starts controlling data also then private corporations might move their operations to other IT markets around the world, adversely impacting employment and the economy as a whole.  Consultation with the private sector is therefore key, but it should be ensured that the same doesn’t lead to a capture of the regulatory process. If the government is successful in handling the concerns of the private firms, then more innovative models on data governance such as Facebook’s Data for Good and Uber’s Movement can be aimed.

…there is a distinct kind of evolution of data wherein it is considered as a labour input. Unlike other forms of labour, however, a particular dataset doesn’t have to be sourced anew for every instance of production, implying a declining return for the data contributors.

Concepts such as community data need to be explored regarding NPD. In todays digital economy, there is a distinct kind of evolution of data wherein it is considered as a labour input. Unlike other forms of labour, however, a particular dataset doesn’t have to be sourced anew for every instance of production, implying a declining return for the data contributors. So, this ‘data as labour’ becomes worthless for the ‘labourer’ – individuals who contributing data –  unless there is a mechanism for effecting a right to ownership of NPD (Singh, Economic Rights in a Data-Based Society 2020). To address this, a collective approach is needed to affirm the data rights. Rather than a typical individualistic approach, a collective approach is stressed here as we are particularly dealing with NPD. If the society arises to realise the vision of this community data, then the society can effectively question the monopolistic behaviours of both the state and private corporations. Community data will formulate societies’ data as a common resource pool for everybody’s access.

Lastly, it is clear that the decisions pertaining to NPD have to listen to a wide range of perspectives. Since we know difficulties associated with crony capitalism and state capture, let us hope our democracy democratically handles data. The Committee of Experts on Non-Personal Data Governance Framework (The Kris Gopalakrishnan Committee on NPD) is actively dealing with many of the issues flagged in this article. The Committee has delved into definition of NPD, categories of NPD which includes ‘community’, ‘personal’ and ‘public’ NPD along with localisation requirements contingent on nature of the NPD (critical, sensitive and general), has recommended the setting up of a statutory body called Non-Personal Data Authority (NPDA), created avenues for recognition of ownership rights over NPD, and has developed new stakeholder roles such as ‘data custodian’ and ‘data trustee’- concepts not found in the PDPB and unique to NPD. The Committee’s draft report was released on 12^th July, 2020, i.e. only a few days back, and is open for public comments up to 13^th August, 2020.

(Vignesh is currently pursuing Masters in Public Policy from NLSIU. He holds a bachelor’s degree in Computer Science Engineering. He is particularly interested in ensuring education for minorities and on sectoral reforms in the education sector. He is motivated towards approaching societal issues by ensuring public consciousness around it to make informed choices. He can be reached at vigneshm@nls.ac.in)

References

Commission, European. 2019. Commission publishes guidance on free flow of NPD – Questions and Answers. May 29. Accessed June 10, 2020. https://ec.europa.eu/commission/presscorner/detail/en/MEMO_19_2750.

Singh, Parminder Jeet. 2020. “Economic Rights in a Data-Based Society.” Public Services International.

Singh, Parminder Jeet, and Anita Gurumurthy. 2020. “Data Sharing Requires a Data Commons Framework Law.” January.

Sinha, Amber, and Arindrajit Basu. 2019. “The Politics of India’s Data Protection Ecosystem.” Economic & Political Weekly 54 (49).