Regulation of Non Personal Data.. Recommendations of the Kris Gopalakrishna Committee-4

(This is a continuation of the previous article)

Ownership of Data

KGC has articulated a legal basis for establishing rights over “Data”.

Apart from recognizing the “Data Sovereignty” concept where the State has a primary right of ownership of assets collected in/from India which applies to Non Personal Data (NPD) also, the KGC has iterated that the term “Ownership” holds full meaning only in terms of physical assets and in respect of knowledge and data, it should be applied to the st of primary “Economic” and “Statutory rights” over the intangible asset. Hence the notion of “Beneficial Ownership/interest” has been adopted by the Committee as regards NPD.

As a result the committee recommends that

a) In case of Non Personal Data derived from the personal data of an individual, the data principal for personal data will continue to be the data principal of the NPD, which should be utilized in the est interest of that individual.

b) The rights over community Non Personal data collected in India should vest with the trustee of that data community, with the community being the beneficial owner and suchd data should be utilized in the best interest of that community.

This recommendation will create a slight conflict of concept since, NPD which is “Anonymized” is not “Personal Data” and there is no way it can be or should be linked to the Data Principal whether it is for his benefit or not.

The process of anonymization should cut the umbilical cord between the Data Principal’s identity associated with the data and the anonymized data set should be left free to be harnessed by the industry. Any attempt to link it with the beneficiary will defeat the very purpose of anonymization.

Otherwise, the KGC speaking about the Community NPD recommends that the benefits accrue not only to the organizations that collect such data but also equally to the community that typically produces the raw/factual data that is being captured. Accordingly the committee suggests that such data (Community NPD) may be shared in instances where there are defined grounds or purposes for sharing of NPD with Citizens, Startups, Indian companies, Government etc.

KGC also highlights the role of the Data Trustee in ensuring that the community interests are protected.

In the light of the above, KGC has placed the recommendation that

a) Data derived from public efforts should be considered as national resource.

b) Sharing of data benefits should be recognized among multiple parties.

c) Legal basis should be established to enable collection and use of community data by private data custodians or public organisations.

d) Raw/factual data sets comprising of anonymised user-information data collected by private data cusodians like telecom/ecommerce operators may be considered as community data

e) raw data should be maintained under open license free standard

f) There must be appropriate incentives to recognize and reward collectors of community data

g) As the processing value-add ver the raw data increases appropriate mechanisms may be leveraged for data sharing. (P.S: Here the recommendation appears to be closely aligned with the concept of “Additive value hypothesis” discussed in the Naavi’s theory of data.)

(To Be Continued)

Naavi

 

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.