Right To Privacy

What is Non-Personal Data?

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Non-personal data

Mains level : Data privacy issues

A government committee headed by Infosys co-founder has suggested that non-personal data generated in the country be allowed to be harnessed by various domestic companies and entities.

Practice question for mains:

Q.What is Non-Personal Data? Discuss its utility and various privacy concerns associated with it.

What is non-personal data?

  • In its most basic form, non-personal data is any set of data which does not contain personally identifiable information.
  • This, in essence, means that no individual or living person can be identified by looking at such data.
  • For example, while order details collected by a food delivery service will become non-personal data if the identifiers such as name and contact information are taken out.
  • The government committee, which submitted its report, has classified non-personal data into three main categories, namely public non-personal data, community non-personal data and private non-personal data.

Types of non-personal data

Depending on the source of the data and whether it is anonymised in a way that no individual can be re-identified from the data set, the three categories have been divided:

1) Public

All the data collected by government and its agencies such as census, data collected by municipal corporations on the total tax receipts in a particular period or any information collected during execution of all publicly funded works have been kept under the umbrella of public non-personal data.

2) Community

Any data identifiers about a set of people who have the same geographic location, religion, job, or other common social interests will form the community non-personal data. For example, the metadata collected by ride-hailing apps, telecom companies, electricity distribution companies among others have been put under the community non-personal data category by the committee.

3) Private

Private non-personal data can be defined as those which are produced by individuals which can be derived from the application of proprietary software or knowledge.

How sensitive can non-personal data be?

  • Unlike personal data, which contains explicit information about a person’s name, age, gender, sexual orientation, biometrics and other genetic details, non-personal data is more likely to be in an anonymised form.
  • However, in certain categories such as data related to national security or strategic interests such as locations of government laboratories or research facilities, even if provided in anonymised form can be dangerous.
  • Similarly, even if the data is about the health of a community or a group of communities, though it may be in anonymised form, it can still be dangerous, the committee opined.
  • Possibilities of such harm are obviously much higher if the original personal data is of a sensitive nature.
  • Therefore, the non-personal data arising from such sensitive personal data may be considered as sensitive non-personal data.

What are the global standards on non-personal data?

  • In May 2019, the EU came out with a regulatory framework for the free flow of non-personal data.
  • It suggested that member states of the union would cooperate with each other when it came to data sharing.
  • Such data, the EU had then ruled would be shared by member states without any hindrances.
  • The authorities must inform the commission of any draft act which introduces a new data localisation requirement or makes changes to an existing data localisation requirement.
  • The regulation, however, had not defined what non-personal data constituted of and had simply said all data which is not personal would be under its category.

What areas does India’s non-personal data draft miss?

  • Though the non-personal data draft is a pioneer in identifying the power, role, and usage of anonymised data, there are certain aspects such as community non-personal data, where the draft could have been clearer.
  • Non-personal data often constitute protected trade secrets and often raises significant privacy concerns.
  • The paper proposes the nebulous concept of community data while failing to adequately provide for community rights.
  • Other experts also believe that the final draft of the non-personal data governance framework must clearly define the roles for all participants, such as the data principal, the data custodian, and data trustees.

Conclusion

  • Regulation must be clear, and concise to provide certainty to its market participants, and must demarcate the roles and responsibilities of participants in the regulatory framework.
  • The report is unclear on these counts and requires public consultation and more deliberation.
Subscribe
Notify of
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Yogeshwar Misal
Yogeshwar Misal
1 year ago

?