SlideShare a Scribd company logo

Insight on Non-Personal Data Governance Framework

Shifali singh
Shifali singh

With the advent of technology, the opportunity in data has been tremendous. This opportunity is well established in NASSCOM-McKinsey Project wherein it is seen as $500 Billion opportunities till 2025. In line to same, an attempt to provide insightful article recording in detail the legal and business prospect of the non-Personal Data Governance Framework issued by the Government on 12 July 2020.

Law
1 of 11
Download to read offline
Non-Personal Data Governance Framework: Decoding sensitive anonymous character and its impact on start-up ecosystem
Non-Personal Data Governance Framework Privileged & Confidential Page | 1 DISCLAIMER: This Primer is a work of Associates of AAS Regina Legal giving there insight on recommendation provided by committee of experts by developing a new legislation and regulatory authority to govern non-personal data and its impact on start up ecosystem. The views expressed herein are only for harnessing knowledge and information. Nothing herein shall be deemed or construed to constitute a legal or business advice. Author  Shifali Singh  Ankita Singh QUERIES In case you have any query or need any clarification with respect to the information provided in this Primer, please write to shifali@aasreginalegal.com, ankita@aasreginalegal.com, shubham@aasreginalegal.com or yashvardhan@aasreginalegal.com.
Non-Personal Data Governance Framework Privileged & Confidential Page | 2 “The goal is to turn data into information, and information into insight.” – Carly Fiorina, former executive, president, and chair of Hewlett-Packard Co. BACKGROUND A Committee of Experts (the “Committee”) was constituted in September 2019 by The Ministry of Electronics & Information Technology (the “MeitY”) which was headed by Infosys co-founder Kris Gopalakrishnan to examine issues relating to non-personal data (the “NPD”) and to end the fuse revolving around NPD by providing specific suggestion on regulation of NPD. Committee after conducting numerous meetings with various sectors representative(s) from domestic and Global market, deliberate discussion with several expertsand upon literature review on the topic, submitted its report to the government. The report lays down recommendations to define &regulate NPD, setting up of a new authority which would be empowered to monitor the use & mining of such NPD, unveiling a road map to unlock the true economic potential of data. On July 12, 2020, MeiTy published the said report for public feedback, which issolicited by 13 August, 2020. WHY REGULATION ON NPD? The world is awash with data. With the wide spread adoption of the digitalization it is estimated that the world will generate about 90 zettabytes (approximately a billion terabytes) of data in this year (2020) and By 2025, worldwide data is expected to grow to 175 zettabytes, with much of the data residing in the cloud. Sharing of Personal and Non Personal data has potential to create currency out of it. Unfortunately, Imbalance of data accumulation has only benefited digital industry i.e social media, map-based services, online retail, digital healthcare, credit rating, etc. which has resulted into outsized and unbeatable techno-economic first mover advantages. To unlock the immense potential in that unregulated data which has potential in creating certainty and incentives for innovation and new products / services and increase the success rate of start- ups and MSMEs in India by obtaining data’s which doesn’t identify the identity and not abuse the privacy of person. The Government believed that said data should be non-personal data and rules and regulations framed to manage such data achieves in manner that the benefits accrue to India and its communities and businesses.
Non-Personal Data Governance Framework Privileged & Confidential Page | 3 KEY HIGHLIGHTS  DEFINATION AND CATEGORIES OF NPD The Committee under Framework had define Non-Personal Data as (i) Data which is not ‘Personal Data’1 (as defined under the Personal Data Protection Bill, 2019 (PDP Bill), or (ii) any set of data which does not contain personally identifiable information. This in essence means that no individual or living person can be identified by looking at such data. The Committee has distinguished the data into two head, one on the basis of Origin & Source and other on its sensitivity, The Committee has recommended classification on the basis of origin and source of NPD into three main categories, namely public non-personal data, community non- personal data and private non-personal data, which are broadly defined hereunder:- 1 Personal Data is defined under Section 3(28) of the PDP Bill as data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, whether online or offline, or any combination of such features with any other information, including any inference drawn from such data for the purpose of profiling. Public non-personal data • It involves all the data collected by the government and its agencies during execution of all publicly funded works. • E.g. census, data collected by municipal corporations on the total tax receipts. Community non- personal data • It involves any data identifiers about a set of people who have either the same geographic location, religion, job, or other common social interests. • E.g. The metadata collected by ride-hailing apps, telecom companies, electricity distribution companies. Private non-personal data • It can be defined as those which are produced by individuals which can be derived from application of proprietary software or knowledge. • E.g data generated by companies like Google, Amazon etc
Non-Personal Data Governance Framework Privileged & Confidential Page | 4 The Committee for its other head has further categorized NPD into a) Non-Sensitive NPD and b) Sensitive NPD. The Committee obtaining its concept from PDP Bill on Personal Data sensitivity spectrum wherein personal data was categorized into three categories, in line to same, the Committee has defined a new concept of ‘sensitivity of Non-Personal Data’ under this framework. As per Committee even Non-Personal Data could be sensitive data if – 1) It relates to national security or strategic interests; 2) It is business sensitive or confidential information; 3) It is anonymised data that bears a risk of re-identification.  ANONYMISED DATA The Committee also recognized that even after Personal Data is anonymised into Non-Personal Data, the possibilities of harm to the original data subject(s) is not totally gone, as it is being increasingly recognised that no anonymization technique provides perfect irreversibility. Hence flagging the possibility of re-identification of anonymized data, the Non-Personal Data arising from such sensitive Personal Data may be considered as sensitive Non-Personal Data. Also to curb this Committee recommended obtaining of Consent from data principals even for anonymization.  KEY ROLES As a means of developing a robust Non Personal Data eco-system, Committee recommended a set of roles/stake-holders and data infrastructures. The Key roles defined as per the recommendation are : Data Principal - In the case of Personal Data, the term Data Principal refers to a natural person only. But in the context of NPD, the definition of a data principal is related to the type of Non- Personal Data - Public, Community and Private data, as well as based on different possible kinds of subjects of data. Accordingly, Government, Companies and organizations can also be considered as “Data Principals” under recommended NPD regulation. Data Custodian - Data Custodian is an entity that undertakes collection, storage, processing, use etc of data in a manner that is in the best interest of the data principal. They have a 'duty of care' to the concerned community in relation to handling NPD related to it. Data Trustees - The data principal group/community will exercise its data rights through an appropriate community data trustee. In the case of community data, unlike personal data where an individual can directly exercise control over her data, the concept of trustee for community data comes in, who would exercise such rights on the behalf of the community. Data Trusts - In addition to Data Trustees, an institutional structure identified as “Data Trust” comprising of specific rules and protocols for containing and sharing a given set of data is also recommended.
Non-Personal Data Governance Framework Privileged & Confidential Page | 5 While Data Trustees are appointed by Data Principals, the Data Trusts may be managed by public authorities constituted by the Government to which Data Principals may voluntarily share data.  OWNERSHIP OF DATA The Committee articulated a legal basis for establishing rights over “Data”. Apart from recognizing the “Data Sovereignty” concept where the Indian State has a primary right of ownership of assets collected in/from India which applies to NPD also. The term “Ownership” holds full meaning only in terms of physical assets and in respect of knowledge and data, it should be applied to the set of primary “Economic” and “Statutory rights” over the intangible asset. Hence the notion of “Beneficial Ownership/interest” has been adopted by the Committee as regards NPD. As a result the committee recommended that:- a) In case of Non Personal Data derived from the personal data of an individual, the data principal for personal data will continue to be the data principal of the NPD, which should be utilized in the best interest of that individual. b) The rights over community NPD collected in India should vest with the trustee of that data community, with the community being the beneficial owner and such data should be utilized in the best interest of that community. This recommendation will create a slight conflict of concept since, NPD which is “Anonymized” is not “Personal Data” and there is no way it can be or should be linked to the Data Principal whether it is for his benefit or not. In line to intend behind the ownership of data, our view is that the process of anonymization should cut the umbilical cord between the Data Principal’s identity associated with the data and the anonymized data set should be left free to be harnessed by the industry. Any attempt to link it with the beneficiary will defeat the very purpose of anonymization.  DATA BUSINESS This recommendation by Committee is game changer for business entity as it introduces a new line of business activity. To put it simply, while every business uses data for it’s internal purpose, over a period some companies acquire so much of data where data management itself can become a business opportunity and this new category / taxonomy of business is called “Data Business”. It is not an independent industry/ sector but rather a horizontal classification cutting across different industry sectors. The Committee recommended an obligation on Data Business to register as a ‘Data Business’ once it reaches a certain data-related threshold, also voluntary basis of registration is also allowed. All entities that collect / process NPD, above a threshold level, will be subject to an institutional authority(ies) that will both enable and regulate various aspects of data.The Data Business companies will be required to share some data with the Government and negotiate with the Government if any price can be extracted. IT companies, Start up and service sector organizations will have a wealth of data which can be packaged and converted into value products, as they would no longer be depended on traditional way of collecting data, Since conceptualizing the data business will widen the arena of fetching relevant raw data.
Non-Personal Data Governance Framework Privileged & Confidential Page | 6  DATA SHARING The essential part of the recommendations by Committee is to ensure an effective “Data Sharing” mechanism in which “Non Personal Data” is recognized for its potential value and harnessed for the benefit of the people. Data sharing refers to the provision of “controlled access” to private sector data, public sector data and community data to individuals and organisations for “defined purposes” and with “appropriate safeguards” in place. The Committee has preferred an “Open Access” to “Meta data” and “Regulated access” to underlying data of Data Businesses with establishment of appropriate mechanisms to support data requests and data sharing. One of the key recommendations therefore is the definition of the Data Sharing purpose. The Committee recognizes three purposes namely: a) Sovereign Purpose: Under this concept, data may be requested for national security, law enforcement, legal or regulatory purposes. b) Core Public Interest Purpose: Under this concept, data may be requested for Community uses/benefits for public goods, research and innovation, for policy development, better delivery of public-services, etc. It is recognized that certain data held with the private sector, when combined with public sector data or otherwise, may be useful for policy making, improving public service, devising public programs, infrastructure etc which needs to be enabled through law. It is recommended that the Country should specify a new class of data at a national level “High -Value Dataset” like health, geospatial and/or transport data and such data should be used for research purposes. The Committee has specifically mentioned that Health Sector is a pilot use-case for Non-Personal Data Governance Framework and anonymized health data should be shared for the specified purposes. c) Economic Purpose : Committee recommend that Data may be requested in order to encourage competition and provide a level playing field or encourage innovation through start-up activities (economic welfare purpose), or for a fair monetary consideration as part of a well-regulated data market, etc.  DATA SHARING MECHANISMS The Committee recommended the implementation of sharing mechanism would require setting up data and cloud innovation labs and research centres to develop, test and implement new digital solutions, which should be an attractive thought for IT companies. It is recommended that such data should be available as training data for AI/ML systems. The Data Sharing Mechanisms are expected to provide access to meta data about data collected by different Data Businesses. This is expected to help identification of opportunities to develop innovative solutions, products and services. Such a mechanism has to involve a “Data Request Mechanism”, “Data Custodian”, “Data Disclosure Mechanism” ,“Safeguards” ,“Handling of complaints of non-disclosure by data custodians”, “Appropriate Checks and Balances” etc as part of a new regulation. It is expected that “Experts” would be recognized to evaluate data probing tools, and guide the industry regulation. They would focus on Cloud vulnerabilities, Cloud security systems etc.
Non-Personal Data Governance Framework Privileged & Confidential Page | 7  NON PERSONAL DATA REGULATORY AUTHORITY One of the key recommendations of Committee is set up a separate regulator namely “Non-Personal Data Regulatory Authority” (NPDRA). The NPDRA will be focussing on how to harness the NPD for national benefit. Hence the kind of persons who manage this authority has to be more “Progress oriented” than “Caution oriented”. They need to be more “Technology Oriented” than “Legal Oriented”. The regulator should be able to effectively implement the measures to register and regulate Non Personal Data Fiduciaries, Processors, Data Trustees, Data Trusts etc. It will have to work in harmony with other regulators like DPA and CCI as well as other sectoral regulators. It will have both the “Enabling role” and the “Enforcement Role”.  TECHNOLOGY ARCHITECTURE The Committee has also added key guiding principles on technology that can be used for creating and functioning of shared data directories, data bases and for digital implementation of rules and regulations related to data sharing briefly indicated below.:- Mechanisms for accessing data All sharable NPD and datasets created or maintained should have a REST (Representational State Transfer) API for accessing the data. Data sandboxes can be created where experiments can be run, algorithms can be deployed and only output being shared, without sharing the data. Distributed for Data Security Data storage in a distributed format so that there is no single point of leakage; sharing to be undertaken using APIs only, such that all requests can be tracked and logged; all requests for data must be operated after registering with the company for data access etc. Even when data is stored in a distributed or federated form, as appropriate, there could be coordinated management of them like would be required for data trusts and data infrastructures for important NPD in different sectors. Creating a standardized data exchange approach for data collation and exchange. Prevent de-anonymization by using the best of the breed differential privacy algorithm. KICK START FOR START-UP ECOSYSTEM From above overview and analysis it is aptly clear that the opportunity in data is huge and if India is able to grasp this first mover advantage then we can leverage this opportunity at low cost. If figures taken from NASSCOM-McKinsey study projects is to be considered, this could be $500 Billion opportunity over the next five years i.e by 2025. Micro, small and medium enterprises (MSMEs) as well as small start-ups will be benefited more than the larger companies from the government’s new plan of allowing sharing of NPD. Regulating, mining and distribution of raw data if processed into quality data in true sense will promote innovation and research. The more obtaining of raw data will led to better analysis and generation of new ideas which in turn would help MSMEs and other small businesses including start-ups in providing better service and expansion. These regulations will open new avenues for IT Sector as they will be well suited in developing data security for sharing and monitoring data and prevent leakage of NPD.
Non-Personal Data Governance Framework Privileged & Confidential Page | 8 The formulation of the framework dealing with sharing of NPDs is a step in the right direction. The government should now move ahead with formulating the regulations regarding the NPD which is complementary to the personal data protection regulations and other allied regulations in order to avoid conflict in the future.
Non-Personal Data Governance Framework Privileged & Confidential Page | 9 IMPORTANT LINKS:  Office Memorandum No. 24(4)/2019-CLES dated 13.09.2019 for constitution of Committee for NPD: https://www.meity.gov.in/writereaddata/files/constitution_of_committee_of_experts_to_delibera te_on_data_governance_framework.pdf  Draft recommendation laid down in its report titled 'Report by the Committee of Experts on Non-Personal Data Governance Framework: https://static.mygov.in/rest/s3fs-public/mygov_159453381955063671.pdf  Share Your Inputs on Draft Non-Personal Data Governance Framework on below link: https://www.mygov.in/task/share-your-inputs-draft-non-personal-data-governance- framework/  Mckinsey & Co. Podcast transcript on open data and its sharing dated June 9, 2020 https://www.mckinsey.com/business-functions/mckinsey-analytics/our-insights/how-to-make- the-most-of-ai-open-up-and-share-data#
Non-Personal Data Governance Framework Privileged & Confidential Page | 10 A: Office No. 8, First Floor Atmaram Mansion (Scindia House) KG Marg, Connaught Place New Delhi 110001, India T: +91 11 2332 0152 / +91 88267 18554 E:info@aasreginalegal.com W:www.aasreginalegal.com

Recommended

Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
Mathew Chacko
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
Komal Gadia
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
Home
 
India's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadIndia's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road Ahead
EquiCorp Associates
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
Christo W. Meyer
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_to
Anne ndolo
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
Altacit Global
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Werksmans Attorneys
 

Recommended

Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
Mathew Chacko
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
Komal Gadia
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
Home
 
India's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadIndia's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road Ahead
EquiCorp Associates
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
Christo W. Meyer
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_to
Anne ndolo
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
Altacit Global
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Werksmans Attorneys
 
Data legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeData legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M Keetshabe
African Open Science Platform
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Werksmans Attorneys
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR Policy
Len Murphy
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
caniceconsulting
 
Information governance
Information governanceInformation governance
Information governance
Gerardo Medina
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
N N
 
How to implement GDPR for the health sector, February 2018
How to implement GDPR for the health sector, February 2018How to implement GDPR for the health sector, February 2018
How to implement GDPR for the health sector, February 2018
Browne Jacobson LLP
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
Priyanka Aash
 
Data protection regulations in Nigeria
Data protection regulations in NigeriaData protection regulations in Nigeria
Data protection regulations in Nigeria
Mercy Akinseinde
 
Second Verse, Different from the First.
Second Verse, Different from the First. Second Verse, Different from the First.
Second Verse, Different from the First.
Judy Selby
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Andrea Omicini
 
Pdpa(kewal)
Pdpa(kewal)Pdpa(kewal)
Pdpa(kewal)
Kewal Pradhan
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
Elizabeth Dunne B.L. PC.dp
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in India
LATHA H C
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018
amirhannan
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical Guide
Daniel Li
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
Werksmans Attorneys
 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment (SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
Priyanka Aash
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Data set module 4
Data set module 4Data set module 4
Data set module 4
Data-Set
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
ProductNation/iSPIRT
 
iSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for IndiaiSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for India
ProductNation/iSPIRT
 

More Related Content

What's hot

Data legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeData legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M Keetshabe
African Open Science Platform
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Werksmans Attorneys
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR Policy
Len Murphy
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
caniceconsulting
 
Information governance
Information governanceInformation governance
Information governance
Gerardo Medina
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
N N
 
How to implement GDPR for the health sector, February 2018
How to implement GDPR for the health sector, February 2018How to implement GDPR for the health sector, February 2018
How to implement GDPR for the health sector, February 2018
Browne Jacobson LLP
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
Priyanka Aash
 
Data protection regulations in Nigeria
Data protection regulations in NigeriaData protection regulations in Nigeria
Data protection regulations in Nigeria
Mercy Akinseinde
 
Second Verse, Different from the First.
Second Verse, Different from the First. Second Verse, Different from the First.
Second Verse, Different from the First.
Judy Selby
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Andrea Omicini
 
Pdpa(kewal)
Pdpa(kewal)Pdpa(kewal)
Pdpa(kewal)
Kewal Pradhan
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
Elizabeth Dunne B.L. PC.dp
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in India
LATHA H C
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018
amirhannan
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical Guide
Daniel Li
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
Werksmans Attorneys
 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment (SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
Priyanka Aash
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Data set module 4
Data set module 4Data set module 4
Data set module 4
Data-Set
 

What's hot (20)

Data legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeData legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M Keetshabe
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR Policy
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
Information governance
Information governanceInformation governance
Information governance
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
 
How to implement GDPR for the health sector, February 2018
How to implement GDPR for the health sector, February 2018How to implement GDPR for the health sector, February 2018
How to implement GDPR for the health sector, February 2018
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 
Data protection regulations in Nigeria
Data protection regulations in NigeriaData protection regulations in Nigeria
Data protection regulations in Nigeria
 
Second Verse, Different from the First.
Second Verse, Different from the First. Second Verse, Different from the First.
Second Verse, Different from the First.
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
 
Pdpa(kewal)
Pdpa(kewal)Pdpa(kewal)
Pdpa(kewal)
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in India
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical Guide
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment (SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Data set module 4
Data set module 4Data set module 4
Data set module 4
 

Similar to Insight on Non-Personal Data Governance Framework

iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
ProductNation/iSPIRT
 
iSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for IndiaiSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for India
ProductNation/iSPIRT
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
UsmanMAmeer
 
Ethics In DW & DM
Ethics In DW & DMEthics In DW & DM
Ethics In DW & DM
abethan
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC article
Ronke Ekwensi
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
Data-Set
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
Data-Set
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible Data
Tom Walker
 
Noggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal DataNoggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal Data
Noggin Asia
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?
Druva
 
Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation
Data-Set
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
Numaan Huq
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
Owako Rodah
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill
Mathew Chacko
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
UsmanMAmeer
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
MediaPost
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
Donald E. Hester
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP Alignment
Mohammed J. Khan
 

Similar to Insight on Non-Personal Data Governance Framework (20)

iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
 
iSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for IndiaiSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for India
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
 
Ethics In DW & DM
Ethics In DW & DMEthics In DW & DM
Ethics In DW & DM
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC article
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible Data
 
Noggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal DataNoggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal Data
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?
 
Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP Alignment
 

Recently uploaded

Receivership and liquidation Accounts Prof. Oyedokun.pptx
Receivership and liquidation Accounts Prof. Oyedokun.pptxReceivership and liquidation Accounts Prof. Oyedokun.pptx
Receivership and liquidation Accounts Prof. Oyedokun.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
It's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of InterestIt's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of Interest
Parsons Behle & Latimer
 
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdfThe Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
veteranlegal
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Massimo Talia
 
Search Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement OfficersSearch Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement Officers
RichardTheberge
 
Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024
EbizfilingIndia
 
Genocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptxGenocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptx
MasoudZamani13
 
Business Laws Sunita saha
Business Laws Sunita sahaBusiness Laws Sunita saha
Business Laws Sunita saha
sunitasaha5
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
MattGardner52
 
San Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at SeaSan Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at Sea
Justin Ordoyo
 
The Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in ItalyThe Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in Italy
BridgeWest.eu
 
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee
 
PPT-Money Laundering - lecture 5.pptx ll
PPT-Money Laundering - lecture 5.pptx llPPT-Money Laundering - lecture 5.pptx ll
PPT-Money Laundering - lecture 5.pptx ll
MohammadZubair874462
 
From Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal EnvironmentsFrom Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal Environments
ssusera97a2f
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
bhavenpr
 
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
SKshi
 
fnaf lore.pptx ...................................
fnaf lore.pptx ...................................fnaf lore.pptx ...................................
fnaf lore.pptx ...................................
20jcoello
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
osenwakm
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
CIkumparan
 
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
15e6o6u
 

Recently uploaded (20)

Receivership and liquidation Accounts Prof. Oyedokun.pptx
Receivership and liquidation Accounts Prof. Oyedokun.pptxReceivership and liquidation Accounts Prof. Oyedokun.pptx
Receivership and liquidation Accounts Prof. Oyedokun.pptx
 
It's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of InterestIt's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of Interest
 
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdfThe Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
 
Search Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement OfficersSearch Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement Officers
 
Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024
 
Genocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptxGenocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptx
 
Business Laws Sunita saha
Business Laws Sunita sahaBusiness Laws Sunita saha
Business Laws Sunita saha
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
 
San Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at SeaSan Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at Sea
 
The Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in ItalyThe Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in Italy
 
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
 
PPT-Money Laundering - lecture 5.pptx ll
PPT-Money Laundering - lecture 5.pptx llPPT-Money Laundering - lecture 5.pptx ll
PPT-Money Laundering - lecture 5.pptx ll
 
From Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal EnvironmentsFrom Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal Environments
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
 
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
 
fnaf lore.pptx ...................................
fnaf lore.pptx ...................................fnaf lore.pptx ...................................
fnaf lore.pptx ...................................
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
 
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
 

Insight on Non-Personal Data Governance Framework

  • 1. Non-Personal Data Governance Framework: Decoding sensitive anonymous character and its impact on start-up ecosystem
  • 2. Non-Personal Data Governance Framework Privileged & Confidential Page | 1 DISCLAIMER: This Primer is a work of Associates of AAS Regina Legal giving there insight on recommendation provided by committee of experts by developing a new legislation and regulatory authority to govern non-personal data and its impact on start up ecosystem. The views expressed herein are only for harnessing knowledge and information. Nothing herein shall be deemed or construed to constitute a legal or business advice. Author  Shifali Singh  Ankita Singh QUERIES In case you have any query or need any clarification with respect to the information provided in this Primer, please write to shifali@aasreginalegal.com, ankita@aasreginalegal.com, shubham@aasreginalegal.com or yashvardhan@aasreginalegal.com.
  • 3. Non-Personal Data Governance Framework Privileged & Confidential Page | 2 “The goal is to turn data into information, and information into insight.” – Carly Fiorina, former executive, president, and chair of Hewlett-Packard Co. BACKGROUND A Committee of Experts (the “Committee”) was constituted in September 2019 by The Ministry of Electronics & Information Technology (the “MeitY”) which was headed by Infosys co-founder Kris Gopalakrishnan to examine issues relating to non-personal data (the “NPD”) and to end the fuse revolving around NPD by providing specific suggestion on regulation of NPD. Committee after conducting numerous meetings with various sectors representative(s) from domestic and Global market, deliberate discussion with several expertsand upon literature review on the topic, submitted its report to the government. The report lays down recommendations to define &regulate NPD, setting up of a new authority which would be empowered to monitor the use & mining of such NPD, unveiling a road map to unlock the true economic potential of data. On July 12, 2020, MeiTy published the said report for public feedback, which issolicited by 13 August, 2020. WHY REGULATION ON NPD? The world is awash with data. With the wide spread adoption of the digitalization it is estimated that the world will generate about 90 zettabytes (approximately a billion terabytes) of data in this year (2020) and By 2025, worldwide data is expected to grow to 175 zettabytes, with much of the data residing in the cloud. Sharing of Personal and Non Personal data has potential to create currency out of it. Unfortunately, Imbalance of data accumulation has only benefited digital industry i.e social media, map-based services, online retail, digital healthcare, credit rating, etc. which has resulted into outsized and unbeatable techno-economic first mover advantages. To unlock the immense potential in that unregulated data which has potential in creating certainty and incentives for innovation and new products / services and increase the success rate of start- ups and MSMEs in India by obtaining data’s which doesn’t identify the identity and not abuse the privacy of person. The Government believed that said data should be non-personal data and rules and regulations framed to manage such data achieves in manner that the benefits accrue to India and its communities and businesses.
  • 4. Non-Personal Data Governance Framework Privileged & Confidential Page | 3 KEY HIGHLIGHTS  DEFINATION AND CATEGORIES OF NPD The Committee under Framework had define Non-Personal Data as (i) Data which is not ‘Personal Data’1 (as defined under the Personal Data Protection Bill, 2019 (PDP Bill), or (ii) any set of data which does not contain personally identifiable information. This in essence means that no individual or living person can be identified by looking at such data. The Committee has distinguished the data into two head, one on the basis of Origin & Source and other on its sensitivity, The Committee has recommended classification on the basis of origin and source of NPD into three main categories, namely public non-personal data, community non- personal data and private non-personal data, which are broadly defined hereunder:- 1 Personal Data is defined under Section 3(28) of the PDP Bill as data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, whether online or offline, or any combination of such features with any other information, including any inference drawn from such data for the purpose of profiling. Public non-personal data • It involves all the data collected by the government and its agencies during execution of all publicly funded works. • E.g. census, data collected by municipal corporations on the total tax receipts. Community non- personal data • It involves any data identifiers about a set of people who have either the same geographic location, religion, job, or other common social interests. • E.g. The metadata collected by ride-hailing apps, telecom companies, electricity distribution companies. Private non-personal data • It can be defined as those which are produced by individuals which can be derived from application of proprietary software or knowledge. • E.g data generated by companies like Google, Amazon etc
  • 5. Non-Personal Data Governance Framework Privileged & Confidential Page | 4 The Committee for its other head has further categorized NPD into a) Non-Sensitive NPD and b) Sensitive NPD. The Committee obtaining its concept from PDP Bill on Personal Data sensitivity spectrum wherein personal data was categorized into three categories, in line to same, the Committee has defined a new concept of ‘sensitivity of Non-Personal Data’ under this framework. As per Committee even Non-Personal Data could be sensitive data if – 1) It relates to national security or strategic interests; 2) It is business sensitive or confidential information; 3) It is anonymised data that bears a risk of re-identification.  ANONYMISED DATA The Committee also recognized that even after Personal Data is anonymised into Non-Personal Data, the possibilities of harm to the original data subject(s) is not totally gone, as it is being increasingly recognised that no anonymization technique provides perfect irreversibility. Hence flagging the possibility of re-identification of anonymized data, the Non-Personal Data arising from such sensitive Personal Data may be considered as sensitive Non-Personal Data. Also to curb this Committee recommended obtaining of Consent from data principals even for anonymization.  KEY ROLES As a means of developing a robust Non Personal Data eco-system, Committee recommended a set of roles/stake-holders and data infrastructures. The Key roles defined as per the recommendation are : Data Principal - In the case of Personal Data, the term Data Principal refers to a natural person only. But in the context of NPD, the definition of a data principal is related to the type of Non- Personal Data - Public, Community and Private data, as well as based on different possible kinds of subjects of data. Accordingly, Government, Companies and organizations can also be considered as “Data Principals” under recommended NPD regulation. Data Custodian - Data Custodian is an entity that undertakes collection, storage, processing, use etc of data in a manner that is in the best interest of the data principal. They have a 'duty of care' to the concerned community in relation to handling NPD related to it. Data Trustees - The data principal group/community will exercise its data rights through an appropriate community data trustee. In the case of community data, unlike personal data where an individual can directly exercise control over her data, the concept of trustee for community data comes in, who would exercise such rights on the behalf of the community. Data Trusts - In addition to Data Trustees, an institutional structure identified as “Data Trust” comprising of specific rules and protocols for containing and sharing a given set of data is also recommended.
  • 6. Non-Personal Data Governance Framework Privileged & Confidential Page | 5 While Data Trustees are appointed by Data Principals, the Data Trusts may be managed by public authorities constituted by the Government to which Data Principals may voluntarily share data.  OWNERSHIP OF DATA The Committee articulated a legal basis for establishing rights over “Data”. Apart from recognizing the “Data Sovereignty” concept where the Indian State has a primary right of ownership of assets collected in/from India which applies to NPD also. The term “Ownership” holds full meaning only in terms of physical assets and in respect of knowledge and data, it should be applied to the set of primary “Economic” and “Statutory rights” over the intangible asset. Hence the notion of “Beneficial Ownership/interest” has been adopted by the Committee as regards NPD. As a result the committee recommended that:- a) In case of Non Personal Data derived from the personal data of an individual, the data principal for personal data will continue to be the data principal of the NPD, which should be utilized in the best interest of that individual. b) The rights over community NPD collected in India should vest with the trustee of that data community, with the community being the beneficial owner and such data should be utilized in the best interest of that community. This recommendation will create a slight conflict of concept since, NPD which is “Anonymized” is not “Personal Data” and there is no way it can be or should be linked to the Data Principal whether it is for his benefit or not. In line to intend behind the ownership of data, our view is that the process of anonymization should cut the umbilical cord between the Data Principal’s identity associated with the data and the anonymized data set should be left free to be harnessed by the industry. Any attempt to link it with the beneficiary will defeat the very purpose of anonymization.  DATA BUSINESS This recommendation by Committee is game changer for business entity as it introduces a new line of business activity. To put it simply, while every business uses data for it’s internal purpose, over a period some companies acquire so much of data where data management itself can become a business opportunity and this new category / taxonomy of business is called “Data Business”. It is not an independent industry/ sector but rather a horizontal classification cutting across different industry sectors. The Committee recommended an obligation on Data Business to register as a ‘Data Business’ once it reaches a certain data-related threshold, also voluntary basis of registration is also allowed. All entities that collect / process NPD, above a threshold level, will be subject to an institutional authority(ies) that will both enable and regulate various aspects of data.The Data Business companies will be required to share some data with the Government and negotiate with the Government if any price can be extracted. IT companies, Start up and service sector organizations will have a wealth of data which can be packaged and converted into value products, as they would no longer be depended on traditional way of collecting data, Since conceptualizing the data business will widen the arena of fetching relevant raw data.
  • 7. Non-Personal Data Governance Framework Privileged & Confidential Page | 6  DATA SHARING The essential part of the recommendations by Committee is to ensure an effective “Data Sharing” mechanism in which “Non Personal Data” is recognized for its potential value and harnessed for the benefit of the people. Data sharing refers to the provision of “controlled access” to private sector data, public sector data and community data to individuals and organisations for “defined purposes” and with “appropriate safeguards” in place. The Committee has preferred an “Open Access” to “Meta data” and “Regulated access” to underlying data of Data Businesses with establishment of appropriate mechanisms to support data requests and data sharing. One of the key recommendations therefore is the definition of the Data Sharing purpose. The Committee recognizes three purposes namely: a) Sovereign Purpose: Under this concept, data may be requested for national security, law enforcement, legal or regulatory purposes. b) Core Public Interest Purpose: Under this concept, data may be requested for Community uses/benefits for public goods, research and innovation, for policy development, better delivery of public-services, etc. It is recognized that certain data held with the private sector, when combined with public sector data or otherwise, may be useful for policy making, improving public service, devising public programs, infrastructure etc which needs to be enabled through law. It is recommended that the Country should specify a new class of data at a national level “High -Value Dataset” like health, geospatial and/or transport data and such data should be used for research purposes. The Committee has specifically mentioned that Health Sector is a pilot use-case for Non-Personal Data Governance Framework and anonymized health data should be shared for the specified purposes. c) Economic Purpose : Committee recommend that Data may be requested in order to encourage competition and provide a level playing field or encourage innovation through start-up activities (economic welfare purpose), or for a fair monetary consideration as part of a well-regulated data market, etc.  DATA SHARING MECHANISMS The Committee recommended the implementation of sharing mechanism would require setting up data and cloud innovation labs and research centres to develop, test and implement new digital solutions, which should be an attractive thought for IT companies. It is recommended that such data should be available as training data for AI/ML systems. The Data Sharing Mechanisms are expected to provide access to meta data about data collected by different Data Businesses. This is expected to help identification of opportunities to develop innovative solutions, products and services. Such a mechanism has to involve a “Data Request Mechanism”, “Data Custodian”, “Data Disclosure Mechanism” ,“Safeguards” ,“Handling of complaints of non-disclosure by data custodians”, “Appropriate Checks and Balances” etc as part of a new regulation. It is expected that “Experts” would be recognized to evaluate data probing tools, and guide the industry regulation. They would focus on Cloud vulnerabilities, Cloud security systems etc.
  • 8. Non-Personal Data Governance Framework Privileged & Confidential Page | 7  NON PERSONAL DATA REGULATORY AUTHORITY One of the key recommendations of Committee is set up a separate regulator namely “Non-Personal Data Regulatory Authority” (NPDRA). The NPDRA will be focussing on how to harness the NPD for national benefit. Hence the kind of persons who manage this authority has to be more “Progress oriented” than “Caution oriented”. They need to be more “Technology Oriented” than “Legal Oriented”. The regulator should be able to effectively implement the measures to register and regulate Non Personal Data Fiduciaries, Processors, Data Trustees, Data Trusts etc. It will have to work in harmony with other regulators like DPA and CCI as well as other sectoral regulators. It will have both the “Enabling role” and the “Enforcement Role”.  TECHNOLOGY ARCHITECTURE The Committee has also added key guiding principles on technology that can be used for creating and functioning of shared data directories, data bases and for digital implementation of rules and regulations related to data sharing briefly indicated below.:- Mechanisms for accessing data All sharable NPD and datasets created or maintained should have a REST (Representational State Transfer) API for accessing the data. Data sandboxes can be created where experiments can be run, algorithms can be deployed and only output being shared, without sharing the data. Distributed for Data Security Data storage in a distributed format so that there is no single point of leakage; sharing to be undertaken using APIs only, such that all requests can be tracked and logged; all requests for data must be operated after registering with the company for data access etc. Even when data is stored in a distributed or federated form, as appropriate, there could be coordinated management of them like would be required for data trusts and data infrastructures for important NPD in different sectors. Creating a standardized data exchange approach for data collation and exchange. Prevent de-anonymization by using the best of the breed differential privacy algorithm. KICK START FOR START-UP ECOSYSTEM From above overview and analysis it is aptly clear that the opportunity in data is huge and if India is able to grasp this first mover advantage then we can leverage this opportunity at low cost. If figures taken from NASSCOM-McKinsey study projects is to be considered, this could be $500 Billion opportunity over the next five years i.e by 2025. Micro, small and medium enterprises (MSMEs) as well as small start-ups will be benefited more than the larger companies from the government’s new plan of allowing sharing of NPD. Regulating, mining and distribution of raw data if processed into quality data in true sense will promote innovation and research. The more obtaining of raw data will led to better analysis and generation of new ideas which in turn would help MSMEs and other small businesses including start-ups in providing better service and expansion. These regulations will open new avenues for IT Sector as they will be well suited in developing data security for sharing and monitoring data and prevent leakage of NPD.
  • 9. Non-Personal Data Governance Framework Privileged & Confidential Page | 8 The formulation of the framework dealing with sharing of NPDs is a step in the right direction. The government should now move ahead with formulating the regulations regarding the NPD which is complementary to the personal data protection regulations and other allied regulations in order to avoid conflict in the future.
  • 10. Non-Personal Data Governance Framework Privileged & Confidential Page | 9 IMPORTANT LINKS:  Office Memorandum No. 24(4)/2019-CLES dated 13.09.2019 for constitution of Committee for NPD: https://www.meity.gov.in/writereaddata/files/constitution_of_committee_of_experts_to_delibera te_on_data_governance_framework.pdf  Draft recommendation laid down in its report titled 'Report by the Committee of Experts on Non-Personal Data Governance Framework: https://static.mygov.in/rest/s3fs-public/mygov_159453381955063671.pdf  Share Your Inputs on Draft Non-Personal Data Governance Framework on below link: https://www.mygov.in/task/share-your-inputs-draft-non-personal-data-governance- framework/  Mckinsey & Co. Podcast transcript on open data and its sharing dated June 9, 2020 https://www.mckinsey.com/business-functions/mckinsey-analytics/our-insights/how-to-make- the-most-of-ai-open-up-and-share-data#
  • 11. Non-Personal Data Governance Framework Privileged & Confidential Page | 10 A: Office No. 8, First Floor Atmaram Mansion (Scindia House) KG Marg, Connaught Place New Delhi 110001, India T: +91 11 2332 0152 / +91 88267 18554 E:info@aasreginalegal.com W:www.aasreginalegal.com