Gopalakrishnan Committee On Non-Personal Data Governance Framework

  • On 12th July, 2020, Kris Gopalakrishnan committee on Non-Personal Data Governance framework (NPD Committee) submitted its report to the government.


  • The Committee was constituted by the Ministry of Electronics and Information Technology (MeitY) on 13th September, 2019 under the Chairmanship of Kris Gopalakrishnan (Co-Founder, Infosys).
  • It was formed based on the recommendations of the Justice BN Srikrishna committee on protection of personal data (PDP).

Need for a Governance Framework

  • The NPD committee noted that India is a large data market due to second highest population, with the second highest number of smartphone users and increasing internet penetration levels.
  • Some companies with the largest data pools have ‘outsized, unbeatable techno-economic advantages’ owing to first mover’s advantage, network effects and enormous data volumes which have been collected over years. These act as entry barriers for startups and new companies.
  • Therefore, the NPD committee felt that the possibility of data monopolies resulting in power imbalance between few companies having access to large datasets accumulated in an unregulated environment on one side and Indian citizens, MSMEs and startups and Indian government on the other should not be risked.

Key Recommendations

Definition of NPD

  • NPD is defined as ‘data that is not personal data, or when it is without any personally identifiable information’. Three categories of NPD have been recommended:
  • Public NPD: Data collected or generated by any government agency, and includes data collected during execution of all publicly funded works.
  • Private NPD: NPD collected by entities/persons other than governments through assets and processes privately owned by the entity/person. It includes derived/observed data collected through private effort, such as through use of algorithms or proprietary knowledge.
  • Community NPD: Data that pertains to a community of natural persons. It can include NPD about animate and inanimate things or phenomena. Such data shall not include private NPD. Examples cited include data collected by municipal corporations and public electric utilities. It also includes user information collected by telecom companies, e-commerce players, and ride-hailing platforms.

Sensitive NPD

  • It has recommended classification of NPD into general NPD, sensitive NPD and critical NPD- just like the classification of personal data under the PDP Bill.
  • The classification of NPD will be on the basis of the category of the underlying PD under the PDP Bill.
  • For example, all health-related NPD will be classified as sensitive NPD, as health data qualifies as SPD under the PDP Bill.

Consent Requirement

  • At the time of collecting the data principal’s PD, the entity must take the data principal’s consent for- (a) anonymising the data principal’s data, and (b) for usage of anonymised data.

Different roles in the NPD ecosystem

The following different roles have been proposed in the NPD ecosystem-

  • Data principal: This is essentially the entity/individual to whom the collected data pertains. It will vary depending on the category of NPD. For example, in case of census data, the citizens will be the data principal. In case of vendor registration or vendor product information, the vendor will be the data principal.
  • Data custodian: The entity that undertakes collection, storage and processing of data, keeping in mind best interest of the data principal. It has a ‘duty of care’ to the concerned community to which the NPD pertains; this ‘duty of care’ will be defined through a defined set of obligations.
  • Data trustee: The data principal or community will exercise its rights through a data trustee. The NPD legislative framework will provide guidelines for who can act as an appropriate data trustee for a group/community. For a lot of community data, the corresponding govt. entity or community body may act as a data trustee.

Ownership of data

  • The committee adopted the notion of ‘beneficial ownership/interest’ of data, as many actors may have simultaneous ownership rights and privileges to data, due to the non-rivalrous nature of data.
  • Public NPD will be treated as a ‘national resource’.

Introducing a new category of ‘data businesses’

  • Entities involved in data collection or processing will be classified as ‘data businesses’ based on a certain threshold of data collected/processed.
  • If the data collection exceeds a certain threshold, the ‘data business’ entity will have to submit meta-data about data user and community from which data is collected, with details such as classification, closest schema, volume etc.

Sharing of NPD

  • There are various grounds specified for sharing of data, including national security, law enforcement, community use, policy development and better delivery of public services.
  • India should specify a new class of ‘high value’ or ‘special public interest’ datasets, which can include health, geospatial and transportation data.

NPD Regulatory Authority

  • The Authority will have the power to address market failures in terms of lack of information about the quantum and nature of actual NPD assets held by an entity, or harms arising from processing activities, including re-identification or discrimination.
  • It will also ensure a ‘level playing field’ with fair and effective competition in digital and data markets.

Suggestions Ensuring Compliance with Data Sharing

  • The report suggests various ‘checks and balances’ for ensuring compliance with data sharing and other requirements.
  • Other than the local storage requirements based on sensitivity of NPD, the report provides for an ‘expert probing’ measure.
  • The report also suggests that ‘data spaces’ can be created to promote intensive data-based research by various stakeholders.
  • It suggests setting up ‘data and cloud innovation labs and research centres’, which will act as physical environments/field validation centres where organizations will test and implement digital solutions.
  • The committee has also suggested an illustrative three-tiered system architecture covering safeguards, technology and compliance to enable data sharing. This includes the suggestion of a ‘Policy Switch’, which would enable a single digital clearing house for regulatory management of NPD.


  • The meta-data sharing by Data Business will spur innovation at an unprecedented scale in the country.
  • One of the associated key objectives is to promote and encourage the development of domestic industry and startups that can scale their data-based businesses.
  • The report suggests a data-sharing regulation to shift data’s “economic benefits for citizens and communities in India” as well as help the government in policy making and service delivery.
  • The recommendations, if implemented, will help businesses create value of their data having an economic good, not just information.
  • The regulation of NPD will ensure: (a) provision of certainty for existing businesses; (b) creation incentives for new businesses; and (c) release of enormous untapped social and public value from data.

BN Srikrishna Committee on Protection of Personal Data

  • The Committee was constituted by the union government in July 2017, to deliberate on a data protection framework.
  • The Committee has submitted its Report and a draft Personal Data Protection Bill in July, 2018.
  • The Committee had examined a wide gamut of issues in relation to protection of personal data which found reflection in the draft Personal Data Protection Bill.
  • It also took cognizance of community data as relating to a group dimension of privacy and an extension of data protection framework.
  • It also felt that all such community data is relevant for understanding public behaviour, preferences and making decisions for the benefit of the community.

Quick Response (QR) Code Vs. Barcode

Why is it in News?

The government is now looking to make a quick response (QR) code-based payment method using the Unified Payments Interface (UPI) mandatory for all shops and establishments beyond a certain threshold.

What is QR Code?

  • QR code (Quick Response code) is a two-dimensional (matrix) machine-readable bar code made up of black and white square. This code stores the information in horizontal and vertical direction.
  • The QR code can be deciphered by a camera, smart phone etc.

How is QR Code better than Bar Code?

  • Barcode only holds information in the horizontal direction, a QR can do so vertically as well, and hence QR code is capable of carrying 100 times more information than a barcode.
  • A QR code is capable of being read in 360 degrees, from any direction, thus eliminating any interference and negative effects from backgrounds.
  • QR code generally has an error margin of 7-30%, which means that even if the QR code is tampered to an extent it can be deciphered easily. Due to this reason QR codes are extensively used by the sellers.
  • QR codes have different images to be included, hence chances of uniqueness is increased and gives designer more flexibility.

Source: Economic Times


Why is it in News?

The Supreme Court has given RBI a last chance to withdraw a November 2016 Disclosure Policy and abide by the Right to Information Act.

About RBI:

  • Reserve Bank of India was established on 1st April, 1935.
  • Reserve Bank of India is the central banking institution, which regulates the monetary policy of the Indian rupee, under the Reserve Bank of India Act, 1934.
  • RBI is not a commercial bank.
  • RBI is the lender of last resort for banks, it looks into the exchange rate of Indian currencies, regulates commercial banks etc.

What is RBI’s Argument against not abiding by the RTI Act?

  • RBI has cited Section 8 of the RTI Act, which exempts the Public Authority to release the information in public domain if it can hamper the state’s economic interest. RBI was pointing that disclosure of sensitive information regarding the annual financial reports of banks will erode the faith of customer in the banking system which can have detrimental effect on the health of the Indian economy.
  • Another argument of RBI was that it gets sensitive information of the banks because of its fiduciary relationship (i.e. mutual trust), so disclosure of such information will lead to breach of trust of the banks.
  • Under RBI Act 1934, sensitive information of banks is confidential and shall not be leaked out.

How Supreme Court countered the Arguments of RBI?

  • SC opined that withholding information is valid (under Section 8 of RTI) only if it serves the larger public interest, disclosure of information will bring in the discipline and this will serve the public interest as compared to hiding the information.
  • SC also opined that RBI gets information from banks because of being a regulator and not because of Fiduciary relationship.
  • SC opined that disclosure of information in public domain will usher in an era of transparency & accountability which is the key to functioning of any institution.

Right to Information (RTI):

  • As per the RTI Act 2005, every citizen has the right to receive a timely response from the government for any information that is sought by them with respect to the functioning of the government.
  • RTI is a fundamental right under Article 19(1) of the Indian constitution.

Under the RTI, every citizen is empowered to:

  • Seek information / ask questions to the government
  • Request for copies of government documents
  • Inspect government documents and works etc.
  • Section 8 of the RTI Act deals with the exemptions under RTI Act.

Central Information Commission (CIC):

Composition of CIC- As per RTI Act, CIC consist of the Chief Information Commissioner and such number of Central Information Commissioners not exceeding 10.

Appointment- Section 12(3) of the RTI Act 2005 provides for the following:

  • i.The Prime Minister, who shall be the Chairperson of the committee;
  • ii.The Leader of Opposition in the Lok Sabha; and
  • iii.A Union Cabinet Minister to be nominated by the Prime Minister

Duration of the Office:

Section 13 of the RTI Act 2005 provides that the Chief Information Commissioner shall hold office for a term of five years from the date on which he enters upon his office and shall not be eligible for reappointment; MPs, MLA etc. are not eligible for the office of CIC.

Powers of CIC/ICs:

CIC has the power of Civil Court (like summoning etc.) when it deals with the matters related to code of Civil Procedure, and its decisions are final and binding on the party.

Source: TH, IE, Livemint

Banking Ombudsman

Why is it in News?

Complaints to RBI Ombudsman have increased by 25% in the financial year 2018.

About Banking Ombudsman:

  • It is a quasi-judicial body that was made under Section 35A of Banking Regulation Act, 1949. It was later streamlined by the Banking Ombudsman Scheme, 2006.
  • Its main function is to plug the deficiency in the banking sector and provide customer with a platform to deal with their grievances.
  • The service provided by Ombudsman is free of cost.

Jurisdiction of Banking Ombudsman:

  • All Scheduled Commercial Banks
  • Regional Rural Banks
  • Urban Cooperative Banks
  • Deposit taking Non Banking Financial Companies (NBFCs)
  • Non deposit taking NBFCs with assets more than Rs. 100 crore.

Who can be appointed as Ombudsman?

  • The Banking Ombudsman actually is a senior official (in the rank of General Manager or Chief General Manager) appointed by the RBI to redress customer complaints against pitfalls in the stipulated banking services covered by the Banking Ombudsman Scheme.
  • The duration of the office is 3 years.
  • He is eligible for reappointment.

When can Customer Approach the Ombudsman?

  • The RBI has listed around 25 areas where the customers can raise complaints with the Banking Ombudsman. Some of them are non-payment/ inordinate delay in the payment or collection of cheques, drafts, bills etc.
  • The customer can approach the Ombudsman only if the complaints in the notified areas by RBI is not taken seriously by the banks like:
  • oIf the issue is not sorted by banks within 30 days.
  • oIf the customer is not satisfied with the bank action on the issue concerned.
  • oIf the bank rejects the complaint outrightly etc.
  • The decision of Ombudsman is not final and binding as the aggrieved party can approach tribunals if he is not satisfied with the decision of the Ombudsman.
  • The service provided by the Ombudsman is free of cost.
  • The Banking Ombudsman can consider complaints from Non-Resident Indians having an account in India.

Non-Banking Financial Companies (NBFC):

  • A NBFC is a company registered under the Companies Act, 1956. It engages in the business of:
  • oLoans and advances
  • oAcquisition of shares/stocks/bonds/debentures/securities issued by Government or local authority or other marketable securities of a like nature
  • oLeasing, hire-purchase, insurance business, chit business, etc.
  • It, however, does not include any institution whose principal business is that of:
  • oagriculture activity
  • oindustrial activity
  • opurchase or sale of any goods (other than securities)
  • oproviding any services and sale/purchase/construction of immovable property
  • NBFC does not go for Demand Deposits and they don’t form the part of payment & settlement system.
  • Deposit insurance facility of Deposit Insurance and Credit Guarantee Corporation is not available to depositors of NBFCs, unlike in case of banks.
  • All NBFCs are not regulated by RBI; different NBFCs are regulated by different regulators.
  • NBFCs with assets greater than Rs. 500 crore are called ‘Systemically Important NBFCs’. IL&FS is a systemically important NBFC.
  • At present more than 1200 NBFCs are operating in India.
  • NBFCs are also called as ‘Shadow Banking System’.

Source: TH, Livemint

Tendered Vote

Why is it in News?

Officials allowed some people to caste tendered votes in Tamil Nadu during second phase of the General Elections.

What is a Tendered Vote?

  • According to the Conduct of Elections Rules, 1961, a voter is allowed to cast a ‘tendered vote’ where someone else representing to be a particular voter has already cast that vote.
  • The presiding officer may allow the actual voter to vote, if the person is able to prove his or her identity. They would be provided a ballot paper to mark symbol and it would be placed in a cover specially kept for the purpose.
  • The ballot paper provided to the voter will have an endorsement (i.e. signature) of the Presiding Officer.

Related Facts:

  • Tender votes are conducted through ballot paper and not the Electronic Voting Machine (EVM).
  • It is also applicable in the elections to the council of states.
  • Nodal officer for tendered vote is the Presiding Officer of the booth.

Concept of Proxy Voting in India:

  • Concept of proxy voting (voting through representative) was introduced in the Lok Sabha and State Assembly Election of 2003.
  • Under proxy voting, a registered voter can delegate his power to vote to a representative of his choice.
  • Under Section 8 of Representation of the People Act 1951, only people from armed forces of State, Centre or person employed under Government of India and posted outside the country are allowed to vote via proxy.
  • In order to be a proxy (representative) for an interested voter one need not to be a registered voter of that constituency, he simply needs to be an ordinary resident of that constituency.
  • Overseas citizens are not allowed to vote via proxy.

Source: TH

Voter Verifiable Paper Audit Trail Machines (VVPAT)

Why is it in News?

Major opposition parties have decided to approach the Supreme Court for the demand of verification of at least 50% of VVPAT machines with EVMs.

Relevance of Topic for Prelims 2019:

Due to the frequent issues and objections involved with EVMs & VVPAT, candidates are expected to know about facts related to VVPAT.

About VVPAT:

  • Voter Verifiable Paper Audit Trial (VVPAT) is an independent system attached to an EVM that allows the voters to verify that their votes are cast as intended.
  • Voters can see the printout but not take it out; VVPAT helps him in verifying that his vote was registered correctly.
  • Rule 49A of the Conduct of Elections Rules, 1961, provides that every EVM shall have a control unit and a balloting unit. Under this provision, the Election Commission of India has provided for the VVPATs in the election process.

How it Works?

  • When a vote is cast, a slip is printed on the VVPAT printer containing the serial number, name and symbol of the candidate voted.
  • This remains visible to the voter through a transparent window for 7 seconds.
  • Thereafter, this printed slip automatically gets cut and falls into a sealed drop box.
  • VVPAT’s use thermal printers and print lasts for around 5years.
  • These slips can be used for tallying by the ECI in later stage of time if needed.

Who makes VVPAT?

  • VVPATs are made by only two public sector units namely- Bharat Electronics Limited (BEL) and Electronics Corporation of India Limited (ECIL) in consultation with experts from Election Commission of India.

When was VVPAT first used?

  • VVPATs were first used in the by-election for the ‘Noksen Assembly’ seat in Nagaland in 2013.
  • In the 2019 Lok Sabha elections, VVPATs are being used in all the constituencies and all the EVMs.

Why is the ECI opposed to 50% verification of VVPATs?

  • As per ECI, this whole process will lead to delay in the result declaration by minimum 6 days.
  • ECI has opined that this will unnecessarily create infrastructural burden and wastage of manpower & resources of the organisation and country as a whole.

About Electronic Voting Machine (EVM):

EVMs are standalone machines that are designed to connect Ballot Unit, Control Unit & VVPATs through a cable wire system.

There is no mechanism in EVMs to communicate with any device through wireless communication or any radio frequency.

Source:, TH