Including non-personal data in proposed bill will be premature: Report

Business-standard, July 13, 2022

Including regulations for non-personal data (NPD) in the proposed Data Protection Bill 2021 would be ‘premature’ without defining clearly what such data is, experts said in a report published Tuesday.

The report, ‘Non-Personal Data 2.0’, analyses the recommendations of a Joint Parliamentary Committee (JPC) on the Bill. The key proposed changes included empowering the government to frame rules on NPD and permitting the Data Protection Authority (DPA) to govern NPD at the time of a breach.

The report, published by CUTS International (Consumer Unity & Trust Society), came amid speculations that the Bill was in its final stage and could be tabled before Parliament soon.

Clause 3(28) of draft DPB ’21, carried forward the same definition of NPD as in the previous draft. It had been criticised for being vague and open to different interpretations, the paper noted. “This would require another round of stakeholder consultation, which may further delay India getting a dedicated personal data protection law.”

The report stressed providing separate frameworks for personal data and NPD. It also recommended narrowing down the scope and definition of NPD and recognising different categories.

“While the imperative for data sharing by the public sector and the demand for trusted data are established, the enabling policy framework to accelerate data sharing and purpose-based application in a rights-respecting environment is missing,” said the report.

It suggested consideration of the definition provided by the European Union in the General Data Protection Regulation (GDPR). It defines NPD as the data, which originally did not relate to an identified or identifiable natural person, or data that was initially personal data, but later made anonymous.

This news item can also be viewed at:,