The government is looking to chart out a policy on the regulation of non-personal data, reports the Economic Times. For the same, the Ministry of Electronics and Information Technology (MEITY) might come up with a report on non-personal data – community data, anonymised data and e-commerce data –  held by different companies, per the report. The government might also ask concerned ministries and regulators to decide which kind of data would fall under such a policy’s ambit, the report continues.

This report comes after MEITY had privately sought responses to fresh questions on the data protection bill from select stakeholders – a development we made public last month – which covered data localisation, enabling free access to non-personal and anonymised data and whether the Data Protection Authority should also govern non-personal data, among other things. The ministry will use the responses received from these additional consultations for floating a whitepaper on this issue which can be made open for public consultation, said the report.

We have reached out to MeitY for comments and will update this when they reply.

MEITY had sought comments from select stakeholders on ‘contours’ of policy on non-personal data

In August, the ministry sought additional comments on the Personal Data Protection Bill from a select group of stakeholders. Here is a list of the questions that the ministry sent to these stakeholders:

  • Does the draft Bill impose adequate obligations on the data fiduciary?
  • The draft bill proposes that all personal data needs to be stored in India whereas significant number of feedback received suggests that restriction on cross border flow of data may be limited to sensitive or critical personal data. Do you feel it is necessary to mandate storage of all types of personal data in India?
  • The role, scope, powers and authority of the regulator proposed – Data Protection Authority of India (DPA)?
  • What could be the contours of a policy that should govern non-Personal data such as community data, anonymized data, e-commerce data etc.?
  • Could there be a case for mandating free access to such non-personal data such as community data, anonymized data, e-commerce data etc.?
  • Should the DPA also be the regulator in respect of all non- personal data?
  • Any other related matter.

MEITY may reject DPIIT’s proposal to include e-commerce data in PDP bill

Last week, it was reported that MEITY may reject the Department for Promotion of Industry and Internal Trade’s (DPIIT) idea to include e-commerce data in the proposed PDP Bill. The ministry might clarify to DPIIT that the PDP Bill will only look at privacy and security issues related to personal data, and will not focus on the data available in the public domain. MEITY believes that non-personal data should have a consultation process similar to the PDP Bill and should be covered separately. A section of the ministry also believes that the proposed Data Protection Authority should work with different sectors to come up with rules to deal with community and anonymised data.