India should set up a data regulator and require companies to disclose how they collect and store data devoid of personal details or which has been anonymised, a panel tasked to draw up such regulations has said in a draft report seen by Reuters.
As India moves to tighten policies on its citizens’ data held and processed by companies such as Facebook, Google and Amazon, it set up the panel last year to make recommendations on the regulation of “non-personal data”.
This is a term for data viewed as a critical resource by companies that analyse it to build their businesses and describes information that is independent of personal details such as names, or anonymised to protect people’s identity.
“There is a need to create a regulator or authority for data business, which provides centralized regulation for all non-personal data exchanges,” the government-appointed panel said in the report.
Such a regulator would be armed with legal powers to request data, supervise data sharing requests and settle disputes, it added.
Panel chief Kris Gopalakrishnan, a founder of Infosys, declined to comment on the 30-page undated draft, which has not previously been reported. The panel is in the final stages of deliberation on the report before it is submitted to India’s information technology ministry, a person familiar with the discussions said.
A company collecting data beyond a yet unspecified threshold should register as a “data business” in India, the report said, with government bodies also subject to the need to disclose what information they collect and store, and how they use it.
The panel consulted companies such as Amazon, Microsoft and Uber, as well as some international experts, in drawing up the report, it said.
Regulation of non-personal data is just one of several areas for which India looks to hammer out policy, which will affect tech giants in a regulatory trend gathering momentum worldwide as nations step up efforts to control data.