CoE Revised Report on Non-Personal Data (NPD Version 2)

Overall

1. Overall proposal is looking reasonable and feasible, even though a
   lot of details have to be worked out.

2. Proposal is demonstrating the commitment to the larger direction of
   data sovereignity and data markets. Economic value is major goal.

3. It eliminates major concerns from the previous versions:
   (a) missing institutional guarantor of the system
   (b) guarantor of the quality of data
   (c) anybody and everybody having access to any/every data
   (d) flow of information not being tracked
   (e) lack of metadata standards

4. The proposed approach is a combination of Aadhaar-like “switch” and
   Account-Aggregator-like standards and coordination mechanisms.

5. Metadata management and discovery will become a first class
   activity. Every organization has to now submit metadata.

Legal and Economic Framework

1. Unclear if it will withstand scruitiny but there is a fairly
   detailed argument around the legal underpinnings of the NPD
   proposal. It helps that Rahul Matthan, Ex-Trilegal is associated
   with the committee.

High-Value Datasets

1. Proposal puts a price (a non-profit to be created etc.) on data by
   allowing only data trustees to define and access data.
   Organizations cant demand/access any and all data.

2. Any access to data is only through organizations - which gives
   government/law ability impose costs for misbehavior.

3. It moved the hard part of identifying HVD to thirdparty - which
   is the right approach.

Data Processor

1. Moved the responsibility of data access to controller - simplifying
   the legal/compliance aspects of the processor.

Questions

1. Data processor may not share data but it still has to submit
   metadata. If clients are abroad, the clients may object to sharing
   the metadata. Declaration to this effect is a requirement under
   GDPR DPA (Data Processor Agreement).