The Gopalakrishnan Committee, setup by the Indian government on non-Personal Data Governance Framework, submitted its draft report in July 2020.

The draft report of the committee that’s headed by chairman Kris Gopalakrishnan, co-founder Infosys proposed setting up a dedicated authority that would ensure non-personal data would be used for sovereign and commercial purposes.

It further stressed the need to chalk out broad parameters regarding data sharing and how the non-personal data could be prevented from being de-annonymised.

Why the committee?

Here are the five principal reasons why the committee on non-personal data was formed:

  1. It is important to ensure that big companies don’t create data monopolies.
  2. In data economy, governments and businesses need to treat data as an asset that can be traded and monetised
  3. India has the second largest number of smartphone users, which means it’s also a huge data market. It’s in the interest of everyone to regulate and formalize such a large market.
  4. It’s important to provide a framework on which to build a data sharing economy. This, in turn, would encourage startups and help improve delivery of public services.
  5. Finally, and perhaps most importantly, it was important to formalize everything without making it cumbersome.

Video on Gopalakrishnan Committee recommendations

In case you’d like to straight jump to the video on the recommendations made by the Gopalakrishnan Committee, here you go.

Gopalakrishnan Committee Draft Report Recommendations

For a detailed analysis, read below.

What are the major recommendations of the Gopalakrishnan Committee?

Following are the seven recommendations of the Gopalakrishnan Committee in their draft report:

Recommendation 1: Define Non-personal Data

The report defines Non-Personal Data and classifies it into three categories:

  • Public Non-Personal Data
  • Community Non-Personal Data
  • Private Non-Personal Data

Recommendation 2: Define Non-Personal Data Roles

The draft report suggests four Non-Personal Data roles:

  • Data Principals: The natural person to whom the data relates
  • Data Custodians: The entity that undertakes collection, storage and protection of data
  • Data Trustees: The entity through which data principal can exercise their data rights
  • Data Trusts: The institution that abide by rules, protocols and guidelines to contain and share data

Recommendation 3: Articulate legal basis for rights over Non-Personal Data

Data is an intangible asset and its ownership may have multiple claimants. Their rights and obligations may have some common area.

That’s why it’s important to articulate the legal basis of rights over this data.

  • In case of Non-Personal Data derived from individuals, the individual themselves will be the data principals.
  • In case of Non-Personal Data derived from the community, the community shall have the rights to that data.

Recommendation 4: Define data business

The Committee suggests creating a new category of business: Data Business.

However, the Committee points out, this category is not an independent sector. That’s because nearly all businesses that use data (banks, hospitals, hotels, educational institutes, NGOs etc) are Data Businesses.

Further, the Committee recommends registering Data Businesses based on whether the business had crossed a certain t0-be defined threshold of data.

The registration system for a Data Business will be an open API.

Recommendation 5: Specify Data Sharing Purpose

The Committee envisages three principal purposes for which data may be shared

  1. Sovereign or national security purpose
  2. Core or public service and research interest purpose
  3. Economic purpose

Recommendation 6: Define data sharing mechanism and checks and balances

The Gopalakrishnan Committee draft report suggests that firstly, only factual, raw data needs to be shared.

It adds that if the data shared is at value-added processing level, the system could permit some financial compensation.

Finally, there would be adequate checks and balances that outline what kind of data can be shared outside India and liabilities involved.

Also, it would involve peer review and would remain open to suggestions for changes from competent bodies.

Recommendation 7: Establish a Non-Personal Data Authority

The Committee recommends founding of a Non-Personal Data Authority.

This authority would help unlock the value of Non-Personal Data in India.

It would principally have two roles:

  1. Enabling role: It would ensure data is shared for reasons agreed upon.
  2. Enforcing role: It would ensure all stakeholders comply with rules and also assist in preventing de-annonymisation of data.