In the previous article, we discussed the “Consent for Anonymization” which has been recommended by the revised report submitted by the Kris Gopalakrishan report.
One other concept which has been suggested by the committee which requires some detailed look is the definition of “High-Value Data Sets” (HVD).
The concept of HVD is a little confusing as it is used in reference to the “Role of an Organization”. In general, concept however it appears to be a Special Category of Non Personal Data” just like how “Sensitive Personal Data” is defined in the PDPB as different from Personal Data in general.
The report defines HVD as
-a “Data Set” that is “beneficial” to the community at large
-shared as a “public good” subject to certain guidelines
There are 15 different types of data sets which have been listed as HVDs plus “and others” whatever it means.
The 15 types of HVDs are the following
i. Useful for policy making and improving public service and citizen engagement
ii. Helps create new and high-quality jobs
iii. Helps create new businesses – startups and SMEs
iv. Helps in research and education
v. Helps in creating new innovations, newer value-added services / applications
vi. Helps in achieving a wide range of social and economic objectives including
vii. Poverty alleviation
viii. Financial inclusion
ix. Agriculture development
xii. Urban planning
xiii. Environmental planning
xv. Diversity and Inclusion
The organization (either a Government or a non-profit organization) responsible for the creation, maintenance and data sharing of HDVs are called a “Data Trustee”.
It is envisaged that a community of people can come together to create a “Data Trustee” and host the HVD.
The Data Trustee will have a responsibility to ensure that HVDs are used only in the interest of the community. The data trustee will also ensure that the HVD is not re-identified and also maintain a “Grievance Redressal mechanism”.
Key Guidelines for HVD processing
The report suggests that for every HVD, there will be one Data Trustee but one data trustee may be responsible for more than one HVDs. What appears to be the intention of the committee is that the organization that collects, processes or shares HVDs will be called a Data Trustee (like the Data Fiduciary in PDPB). But a single such Data Trustee may manage multiple HVDs.
The HVD will be maintained in a data infrastructure which corresponds to “Technical-material” elements like the actual data bases, APIs organizational systems etc. This is similar to the concept of “Personal Data Processing Sub Units” which has been recommended under the PDPSI (Personal Data Protection Standard of India).
Depending on the type of HVDs, the regulatory authority namely the Non Personal Data Governance Authority (NPDGA) will set the guidelines to determine appropriateness of the chosen HVD such as the objectives, what is the public good involved etc. It would be necessary for the Data Trustee to secure an “Expression of Interest” from a minimum number of community entities to be part of the HVD initiative.
It appears that the concept suggested here is like a “Trade Union” and if there is a difference of opinion among the community constituents, about the Data Trustee, there could be issues like in an industry with multiple trade unions.
However, the committee envisages that there will be only one Data Trustee per HVD. The concept of “One Data Trustee” for “One HVD” appears to be short sighted and needs rethinking.
Otherwise the committee appears to think the “Data Trustee” as similar to Significant Data Fiduciaries or Guardian Data Fiduciaries under PDPB 2019. There has to be a process of registration of an entity as Data Trustee at the NPDGA.