Towards robust data regulation

Context: The non-personal data(NPD) committee needs to address the issues related to the data governance framework with more clarity and through broader consultations.

Issues related to data governance framework of NPD committee:

• Lack of clarity: The idea of communities as data principals is introduced ambiguously by the report. There is little clarity on the rights and functions of the community. 
• Report does not problematize the ways in which communities translate offline inequalities and power structures to data rights. 
• Inadequate details: It has not specified if the data custodian can be the government or just private companies.  It is also not clear how communities engage with the custodian.
• Conflict of interest: Suggestion that data custodians can potentially monetise the data they hold presents a conflict of interest with those of the data principal communities. 

• Unclear relationship: The relationship between the data principal communities and the trustees is not clear. 
• No explanation on how the trust is extended with the community and how trustees are empowered to act on behalf of the community. 
• The power, composition and functions of the trust are not established.

Way Forward:

• Trusteeship for data: Trustees should be bound by a duty of care and loyalty towards the principal and work in their best interests.
• Simplifying the ecosystem: Consider data trusts as a type of custodian so that fiduciary responsibilities can be extended.
• Broader consultations: The committee should organize broader consultations to ensure that the objective of unlocking data in the public interest and through collective consent.