Regulation of Non Personal Data.. Recommendations of the Kris Gopalakrishna Committee-3

(This is a continuation of the previous article)

Key Roles

As a means of developing a robust Non Personal Data eco-system, KGC recommends  a set of roles/stake-holders and data infrastructures.

The Key roles defined as per the recommendation are

    1. Data Principal
    2. Data Custodian
    3. Data Trustees
    4. Data Trusts

Data Principal

KGC recognizes that in the case of Personal Data, the term Data Principal refers to a natural person only. But in the context of Non personal data, it uses the term in relation to the type of NPD namely Public, Community and Private data as well as on different possible kinds of subjects of data.

Accordingly, Government, Companies and organizations can also be considered as “Data Principals” under the NPD regulation.

Data Custodian

Data Custodian is an entity that undertakes collection, storage, processing, use etc of data in a manner that is in the best interest of the data principal.

The GKC considers the Data Custodian as a “Data Fiduciary of NPD” and emphasizes the “Duty to Care” that is expected from the Custodian in the interest of the Data Principal.

This recommendation seals the interpretation of the term “Data Fiduciary” even in the PDPB by inference.

It is expected that the regulation will define the framework for collection and processing of NPD on the lines of “Notice”, “Consent”, “Obligations” “Compliance”, etc. In a way this may translate into a law similar to the PDPB but related to NPD.

Data Trustees

KGC has also picked up another concept used in PDPB namely the “Consent manager” and envisages a role for a “Data Trustee” who will assist the Data Principals to exercise their rights.

KGC leaves it to the detailed regulation to determine who will exercise the rights to constitute and appoint a Data Trustee to represent a group.

GKC also recognizes the need for mandatory data sharing in certain instances as envisaged  under Section 91 of the PDPB.

Data Trusts

In addition to Data Trustees, an institutional structure identified as “Data Trust” comprising of specific rules and protocols for containing and sharing a given set of data is also recommended.

While Data Trustees are appointed by Data Principals, the Data Trusts may be manged by public authorities constituted by the Government to which Data Principals may voluntarily share data.

Though the terms “Data Principal”, “Data Trust” and “Data Trustees” have the potential for confusion and alternate terminologies could be considered, the concepts are interesting and captures the needs of the ec0-system.

(To Be Continued)

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.