Print Friendly, PDF & Email

What is Non- Personal Data?

Topics Covered: Cyber security related issues.

What is Non- Personal Data?

Committee of Experts on Non-Personal Data Governance Framework has released a draft.

  • This government committee (formed in 2019) headed by Infosys co-founder Kris Gopalakrishnan has suggested that non-personal data generated in the country be allowed to be harnessed by various domestic companies and entities. 

What is non-personal data?

Any set of data which does not contain personally identifiable information. This means that no individual or living person can be identified by looking at such data.

  • For example, while order details collected by a food delivery service will have the name, age, gender, and other contact information of an individual, it will become non-personal data if the identifiers such as name and contact information are taken out.


The government committee has classified non-personal data into three main categories, namely:

  1. Public non-personal data: All the data collected by government and its agencies such as census, data collected by municipal corporations on the total tax receipts in a particular period or any information collected during execution of all publicly funded works.
  2. Community non-personal data: Any data identifiers about a set of people who have either the same geographic location, religion, job, or other common social interests will form the community non-personal data.
  3. Private non-personal data: Those which are produced by individuals which can be derived from application of proprietary software or knowledge.

Suggestions made:

  1. Formulate a separate legislation to govern non-personal data.
  2. Setup a new regulatory body- Non-Personal Data Authority (NPDA). 
  3. The report identifies and defines new stakeholders in the non-personal data ecosystem, including data principal, data custodian, data trustee, and data trust, and contours their obligations and mechanisms to enable data sharing.
  4. It has also set circumstances under which a private organisation, that collects non-personal data, needs to be remunerated.

Need for regulation:

Digital transformations all over the world have meant that data is treated as an asset, which is monetised, either directly by trading it, or indirectly by developing a service on top of that data.

  • In a data economy, companies with “largest data pools have outsized and seized unbeatable techno-economic advantages.” These companies, having leveraged their “first-mover advantage” to create large pools of data, mean that smaller startups are often squeezed out of the competition, or there are significant barriers to their entry. 

India, being the second-most populous country in the world, also with the second-largest smartphone userbase, is by extension, one of the largest data markets in the world.

What are the global standards on non-personal data?

In May 2019, the European Union came out with a regulation framework for the free flow of non-personal data in the European Union, in which it suggested that member states of the union would cooperate with each other when it came to data sharing.

In several other countries across the world, there are no nationwide data protection laws, whether for personal or non-personal data.

What should the final draft include?

Final draft of the non-personal data governance framework must clearly:

  1. Define the roles for all participants, such as the data principal, the data custodian, and data trustees.
  2. Regulation must be clear, and concise to provide certainty to its market participants.
  3. Demarcate roles and responsibilities of participants in the regulatory framework.

Sources: Indian Express.