It is unlikely that non-personal data that protect a person’s identity will become part of the upcoming data protection law that is currently being finalised by the Ministry of Electronics and Information Technology (MeitY), according to a report.
As per Hindustan Times, an official said that the Centre has been clear that data protection law should not create roadblocks to the development of the Indian economy.
The person familiar with the matter further stated that the law was created for personal data and “it is not likely to contain references to non-personal data”.
The official also noted that the bill should be revised in the post-Covid pandemic time. He reportedly said that the central government has been examining and studying all provisions related to the law.
According to the Personal Data Protection Bill (PDP), 2019, non-personal data is defined as data that is not personal or data that does not contain any personally identifying information.
Personal data is defined in the PDP Bill as information on an individual’s features, qualities or attributes of identity that can be used to identify them.
Non-personal data can be one that has never been linked to a natural person or data that was once personal, but has been anonymised through the use of certain techniques to ensure that individuals to whom the data relates cannot be identified.
For example, while a food delivery service’s order details will contain an individual’s name, age, gender, and other contact information, it will become non-personal data after the identifiers such as name and contact information are removed.
Non-personal data is divided into three categories by the government committee — public non-personal data, communal non-personal data, and private non-personal data.
On December 11, 2019, then Union Minister of Electronics and Information Technology Ravi Shankar Prasad introduced the bill in the Rajya Sabha. The same day, it was referred to a joint parliamentary committee (JPC).
Despite the fact that the 2019 bill was solely focused on personal data, it did mention non-personal data and its addition was recommended by the JPC.
However, the committee presented its findings in December of last year, and the administration has been reviewing them since then. Several members of the parliament spoke out against the final text, claiming that it gave the government “unbridled” exemptions, which was a source of concern.
At that time, the panel advocated broadening the scope of planned data protection legislation to include both personal and non-personal data, as well as establishing “a single administration and regulatory authority”, tightening regulation for social media platforms, along with establishing a statutory media regulatory authority on the lines of Press Council of India.
The panel said: “The committee, therefore, recommend that since the Data Protection Authority will handle both personal and non-personal data, any further policy / legal framework on non-personal data may be made a part of the same enactment instead of any separate legislation.”
However, the majority of stakeholders informed the parliamentary committee that non-personal data should be excluded from the law’s scope.
Now the draft law will most likely be introduced during the House’s monsoon session, according to reports.
But as reported recently, an insider allegedly stated that the Centre may have decided that it is more important to defend the Supreme Court’s declaration of the fundamental right to privacy, rather than adding non-personal data, which would have caused uncertainty.