According to a report in Business Standard the Kris Goplakrishna Committee has submitted its report on “Data Governance” to the Government. One of the recommended regulations that has been leaked appears to be for setting up of a new regulator which perhaps may be called the Data Governance Authority. (DGA)
It would be interesting how the functions of the DGA would be defined in a manner that it does not interfere with the DPA. The critical aspect of this seggregation of roles between DPA and DGA is the classification of data as “Personal Data” and “Non Personal Data”. The issues of “Data Identifiers”, the “De-identification/Pseudonymization” or “Anonyization” will need to be clarified so that the industry is clear on what is regulated by DPA and what is regulated by DGA.
The concept of “Differential Privacy” which we discussed yesterday will be extremely relevant since the proponents of “Differential Privacy” claim that it could be an alternate to “Anonymization Before Big data analysis”.
The DPA as it stands today would like the personal data be anonymized before the Big Data industry takes it up for aggregation and generation of community related inferences. The “Differential Privacy” advocates however claim that they can process identifiable personal data and ensure that disclosures remain e “Anonymous”.
Similarly, there is a need to debate on a definition of “Shared Personal Data” and “Community Personal Data” which can be clarified when the new Data Governance law is drafted.