The Joint Parliamentary Committee (JPC) has recommended bringing non-personal data (NPD) under the ambit of the Data Protection Act, noting that NPD is essentially derived from one of the three sets of data— personal data, sensitive personal data, critical personal data — and then anonymised or converted into non-identifiable data. Non-personal data provisions should be part of the Data Protection Act The committee recommended that the legal framework on NPD must be a part of the Data Protection Act instead of any separate legislation and that both personal and non-personal data will be regulated by one Data Protection Authority (DPA) to avoid confusion and mismanagement. It was not in favour of having two DPAs. The committee wrote that the government can draft separate provisions on non-personal data and include them in the Data Protection Act, as soon as they are finalised. Earlier draft: There was no mention of the non-personal data regulation in the draft Personal Data Protection Bill, 2019. Reasons for change: The committee observed that there is a mass movement of data without any distinction of personal or non-personal. It added that it is not possible to differentiate between personal or non-personal data in the initial stage or at the later stages. The committee also revealed that “it is actually simpler to enact a single law and a single regulator to oversee all the data that originates from any data principal and is in the custody of any data fiduciary” as it will restrict grey areas in terms of anonymisation and…
