As a means of developing a robust Non Personal Data eco-system, KGC recommends a set of roles/stake-holders and data infrastructures.
The Key roles defined as per the recommendation are
- Data Principal
- Data Custodian
- Data Trustees
- Data Trusts
KGC recognizes that in the case of Personal Data, the term Data Principal refers to a natural person only. But in the context of Non personal data, it uses the term in relation to the type of NPD namely Public, Community and Private data as well as on different possible kinds of subjects of data.
Accordingly, Government, Companies and organizations can also be considered as “Data Principals” under the NPD regulation.
Data Custodian is an entity that undertakes collection, storage, processing, use etc of data in a manner that is in the best interest of the data principal.
The GKC considers the Data Custodian as a “Data Fiduciary of NPD” and emphasizes the “Duty to Care” that is expected from the Custodian in the interest of the Data Principal.
This recommendation seals the interpretation of the term “Data Fiduciary” even in the PDPB by inference.
It is expected that the regulation will define the framework for collection and processing of NPD on the lines of “Notice”, “Consent”, “Obligations” “Compliance”, etc. In a way this may translate into a law similar to the PDPB but related to NPD.
KGC has also picked up another concept used in PDPB namely the “Consent manager” and envisages a role for a “Data Trustee” who will assist the Data Principals to exercise their rights.
KGC leaves it to the detailed regulation to determine who will exercise the rights to constitute and appoint a Data Trustee to represent a group.
GKC also recognizes the need for mandatory data sharing in certain instances as envisaged under Section 91 of the PDPB.
In addition to Data Trustees, an institutional structure identified as “Data Trust” comprising of specific rules and protocols for containing and sharing a given set of data is also recommended.
While Data Trustees are appointed by Data Principals, the Data Trusts may be manged by public authorities constituted by the Government to which Data Principals may voluntarily share data.
Though the terms “Data Principal”, “Data Trust” and “Data Trustees” have the potential for confusion and alternate terminologies could be considered, the concepts are interesting and captures the needs of the ec0-system.
(To Be Continued)