India's Non-Personal Data (NPD) framework

India's Non-Personal Data (NPD) framework

Knowledge repo, archives and collaborations


  1. Video of talk by Usha Ramanathan on Eminent Domain and how this applies to data regulations in India
  2. NPD primer in Bengali:

About the Non-Personal Data (NPD) framework for India: Non-personal data (NPD) is defined as anything which is not personal data. Read primer on NPD in English, Hindi and Malayalam for a quick understanding how NPD will be regulated in India.

The Committee of Experts (CoE), led by Kris Gopalakrishnan, prepared the first version of the NPD framework in July 2020. Based on the feedback received, the CoE released V2 of the NPD framework in December 2020.

Community submissions to improve the NPD framework for India: NPD Week was conducted to draw recommendations from the community on what apsects of the NPD framework should be revised, with practical suggestions. At the end of NPD Week, a document of community recommendations was drawn up. View final recommendations (PDF) for NPD V2.
These recommendations were submitted to the CoE and MeITY on 31 January 2021.

NPD Survey: Between November 2020 and January 2021, Privacy Mode’s research team interviewed 50 respondents from startup, engineering, product and investor communities to understand their concerns with the Non-Personal Data Report V1 and NPD Report V2. View the report (PDF)

Recap of NPD Week: Between 22 and 29 January, concerns were articulated with respect to NPD’s potential impact around privacy. These concerns were on issues of:

Contact details: For inquiries, call 7676332020 or email Follow #PrivacyMode on Twitter

Community Partners

The Centre for Internet and Society Data Meet Scribble Data Data Governance Network Upekkha SMC Project

Hosted by

Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more
Nadika N

Nadika N


Summary of Panel Discussion: Will NPD regulation help India to shape and benefit from global data rules

Submitted Jan 26, 2021

Moderator: Udbhav Tiwari

  • Arindrajit Basu, Centre for Internet and Society
  • Tarunima Prabhakar, Tattle Civic Tech
  • Sushant Kumar, Omidyar Network

The panel discussion looked into how data is coming to be governed around the world, and what India’s geopolitical and sovereign imperatives are in how it wants to shape this discussion, and how the country is perhaps attempting to lead or shape the emerging norms around data governance rather than follow what may have been determined by European or American legislation. So one context to judge and evaluate the NPD framework will be from a foreign policy perspective, as well as an internal civil rights, civil liberties, and economic perspective.

Panelists also looked at emerging discussions around personal data rights in the context of civil liberties, and how Non-Personal Data, and the NPD framework could aid or hinder the government’s eminent-domain.

Arindrajit Basu, Research Manager at Centre for Internet and Society began by setting the scope of his presentation

  • Why geo-politics and foreign policy is relevant
  • The political origins and narrative underpinning the report

A question Arindrajit asks: Why geopolitics and foreign policy is relevant to an area that has traditionally been about Economic Regulation?

To answer, Arindrajit looked at the Srikrishna Committee report that laid the foundation for the Personal Data Protection bill, and the developing e-commerce bill, and looked at how the dialogue is about asserting India’s rights to its own data, and to take back India’s digital economy from large technology companies outside the Indian jurisdiction
“So it was this ecosystem that sought to make a statement globally that India is not going to continue to be the victim of data colonialism and essentially assert greater digital sovereignty”

Arindrajit’s definition/explanation of digital sovereignty

  1. Regulatory assertiveness (ability to impose domestic regulation on non-state actors and shape global rules)
  2. Strategic independence and,
  3. Usage of 1 and 2 in a manner that benefits individuals, and champions fundamental rights while also fostering innovation, competitiveness

Taking off from Finnemore & Sikkink’s “Norm Cycle” model of how trends emerge, reach a critical point and then are finally absorbed and normalised, Arindrajit positioned India’s changing character as a rule-shaper, in the field of tech policy and governance.
Using the lens of war, Arindrajit looked at how a nation-state’s approach to war has changed over the last 100 years, and how political structure around the world adapted to these changed norms.
Similarly, he positioned the idea of digital or cyber war and why that could have a hand in shaping these emerging data governance norms around the world.

One trend emerging is how the EU - driven by civil liberties discourse in their member-countries and the pressure of civil society organisations, is changing its tack - of a US-influenced laissez-faire approach to governing technology companies - to a more regulatory, protective role, coming on the back of the Max Schrems case that found that the US was not doing enough to protect citizen’s privacy.

This trend has been coopted into or built upon by emerging economies and in particular India, to regulate and assert its own data sovereignty. Arindrajit also looked at the NPD framework from the angle of international trade law, and found that it does not violate the two main specifications: that a law cannot unduly favour one nation over another, and that it cannot discriminate between foreign companies and domestic companies with the terms of the law.

All this are frameworks with which to judge the NPD regulation, and that if the Committee of Experts take these into account, could avoid “a number of costs” going forward.

Link to Arindrajit’s slides

Tarunima responded to Arindrajit’s presentation, next.
Tarunima said that Arindrajit’s presentation was great as a position paper for multilateral discussions and negotiations, but noted that she couldn’t see the motivation in the framework. The goals are framed in terms of individual rights and economic growth, whereas sovereignty features as a ‘guiding principle’. TO her, the framework was imagined as the one bill to rule them all - that takes care of economic growth, community rights, public digital infrastructures, monopolization and, as you argue, also diplomatic strategy.

Tarunima also drew a distinction between data sovereignty and digital sovereignty, and where in the value chain India’s challenges are. She believed that countries in the Osaka track could have bottlenecks to economic growth with regards to data, but it may not be the same for India. Tarunima also made the point that in certain contexts, a nation’s digital sovereignty could contradict an individual’s bodily sovereignty. And thus governing data could be more complicated at this point.

Tarunima also raised the point that much of the data about Indian citizens is hosted outside the country, and there are some digital services/cloud services that are not available to Indian organisations, so a NPD framework that does not have built in data localisation

Next, Sushant Kumar, responded to both Arindrajit and Tarunima
Sushant also used the ‘Norm Cycle’ model that Arindrajit presented and believed that India was in a ‘Norm emergence’ phase and is helping guide and shape the global discourse around data governance and sovereignty. Sushant believed that the insistence on Intellectual Property Rights of the data collector is an internalisation of civil rights, civil liberties associated with personal data. Sushant believes that these discussions - emerging from personal data and privacy could also influence discussion around non-personal data, anonymisation.

Sushant then touched upon responsible stewarding of data, and how public good and public purpose of data could be unlocked. It is here, he believed, that India is firmly influencing and shaping international discourse.

Udbhav summed up the discussion, and pointed out that while a group of developed nations in Geneva were discussing regulations around e-commerce, India was piloting a discussion with other developing nations, in Delhi, and the conclusions emerging out of the Indian discussion was in direct contradiction to that emerging out of Geneva. Udbhav used this to explain that India was serious about engaging with the idea of data governance, and how this is also India’s geopolitical posturing.

Saying that much of these conversations have been influenced by the EU in the past, Udbhav made the point that these emerging norms from India also drive home the importance of civil liberties, placing of rights within a constitutional democracy framework and how India’s reputation in the past has been one of a country which prioritised those, and the urgent need to keep doing this, and be an advocate for all emerging economies, not just as a protector of internal civil liberties but also sovereign interests in a global stage.


{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more