 and I'm a public policy advisor. Today, I'm going to be talking about non-person data and why you should care about it as an investor. I think you'll find that everyone is familiar with the term personal data because of privacy and the broader increase in awareness that everyone has as to the risks that can take place if private data that is connected by companies is made available in the public domain is leaked or is otherwise hacked. But the term non-personal data is, I would say, not as familiar term for many individuals. So over the course of the next 15 minutes, I hope to tell you why you should care about non-personal data. What is non-personal data specifically? How the government here in India is thinking about non-personal data? Some of the highlights from the report that the government came out with in late 20, like 20 September, October, and finally covers some specific issues that the non-personal data report talks about, such as competition and intellectual property rights. Over the course of these 15 minutes, I think you will find that there are many things that are similar between personal and non-person data, but also many things that are very, very different and it will likely make a very big impact on how compliance and risk management is done in companies of all sizes, from the smallest startup to the largest corporation, and which is why it's something that we should all be watching out for very carefully. So why should you care about it? Traditionally, everyone has thought about data as a risk factor, which will be governed from the sense of making sure that individuals' privacy is necessarily respected, and that's broadly known as personal data, which is data that is associated with a particular individual. But non-personal data is any data that is not personal. An example that is very commonly used to talk about non-personal data is traffic insights. So all the insights that a provider like Uber collects about the traffic patterns in the city, how long it takes to go from point A to point B, what the sort of traffic patterns on some key arterial roads at certain key points in time in the day is all information that Uber as a platform can collect because of the vast number of users who utilize its services in so many areas around the world. All of that information is non-personal data because it is information that Uber has that is not necessarily associated, although it can be with an individual, but are aggregated insights and aggregated forms of data that can be used to give it a competitive advantage with other players. Similar examples can also be taken for e-commerce and many other things. So as you can see, non-personal data traditionally so far is something that has simply had no regulation around it because regulations such as the GDPR, which is the privacy law in Europe, and India's upcoming draft data protection bill traditionally only apply to personal data, which means that the moment you make a data set anonymous or don't associate personal data with it anymore, you can pretty much do whatever you want with it within the confines of reason. But with non-personal data regulation upcoming, this is all set to change. A lot of the risk and compliance that you traditionally associate with personal data is now going to start applying to non-personal data as well. And that's something that one should be very, very careful about because most companies have their processes set up in order to deal with personal data and making sure that personal data is treated in a way that complies with laws and regulations. Non-personal data, on the other hand, is something that is far more freely used and available both in the public domain as well as within companies. And this increase in risk and compliance is something that most of us are very, very poorly prepared for because of the fact that it's such a new field that governments are just starting to talk about. So many of the things that one would use non-personal data for also actually provide insights into how the company is operating as well as a competitive advantage against other players and keeping that same example that we had in mind earlier about Uber. In this case, insights that Uber has about how to price certain rights and patterns are its competitive advantage against other players in that space. And they are all collected using non-personal data. As you'll see later on, many of the things that the government is talking about will reduce this competitive advantage and require large companies to actually share this with smaller players, which can have a very wide-ranging impact on how players operate in any aspect of the technology ecosystem. So because of the increase in risk and compliance, because of the fact that it's so key for the insights that most companies use to operate and because of how integral it is to a competitive advantage that the smallest startup to the largest company enjoys in an ecosystem, you should definitely care about non-personal data. So moving on from non-personal data to what is non-personal data, the way the Indian government is thinking about it. Everything, like I said earlier, that is in personal data is non-personal data, which means that if you're an e-commerce platform, the insights of what your top 100 sole products are to what are the top localities where you traditionally deliver in what time of the day. All of these are examples of kinds of non-personal data that the government is thinking of regulating here in India. Specifically, the government has come out with this report called the non-personal data report that the committee of experts have worked on for about a year. And that report tries to create non-personal data into three distinct categories. The first is public non-personal data, which is non-personal data that is created either by the government or is otherwise funded by taxpayer money in a way that society has a greater claim over it. A very good example of this is a lot of the data sets that are available in data.gov.in, which is the government's open data portal that has data sets that provides some very fascinating aggregated insights into how everything from public delivery of services to transportation works in many parts of India. The government, by explicitly recognizing this as public non-personal data, hopes to encourage government departments to share it and also to allow for this data to be used for innovation in the ecosystem in India at large. The second category of data, and this is where it gets very interesting for companies and startups, is private non-personal data. Private non-personal data is that data that will belong to companies and startups, but they may be required to share it in its raw form with competitors or with the government when the data rises. This report is deliberately quite vague in distinguishing between raw and processed data and explicitly co-ops out the fact that algorithms and other proprietary information will not have to be shared as a part of this private non-personal data that companies collect. However, even just in the raw data set format, using the example that I gave earlier of e-commerce platforms, one can easily see why insights such as the top sole products, the top customers and their localities in a region, while without being associated with personal data are very integral for a platform to be able to decide what kinds of services it wants to provide at what time and in which area. And the fact that these may have to be shared with other players is something that many companies will likely be wary about and the government will have to work a fair bit in order to assuage many of the concerns that people have raised when the report first came out and that we would also be talking about later on in this conversation. And finally, there is community non-personal data, which is where the government creates a sense of a community and says that any group of individuals that have a common sense of community between them or a common bond between them can demand non-personal data about themselves. Now, this community could be a residence welfare association. It could be people who live in a particular village. It could be people from a particular tribe. It could also be people who are impacted by a particular event in some form. And the government says that the community must be allowed access to this non-personal data so that they can be used for the development of that community, which is an ethos that is very similar to how resources have been looked at in the context of mining law and other forms of sort of extractive processes all over, not just in India, but the world, which is why this idea of community non-personal data is probably the most nebulous aspect of the report and is probably also going to be the one that is going to be the most controversial because as we will see later on, there may be conflicting demands from different parts of the community asking for non-personal data for completely different reasons. And then that point of time, it will be companies and startups that will have to make a call between which community to serve and how to decide whether the kind of data that the community is demanding is actually data that must necessarily be shared with them. Because of the fact that we don't really have a concrete law and all of these things are just present in a broad high-level report, it's quite hard to actually imagine how these things would operate in practice. But in terms of mere categorization and thinking through some of these ideas, these three broad categories are essential to understand how the Indian government is thinking about non-personal data. We can move on to what is one of the top highlights that are present in the non-personal data report that you should know about as an investor. I would say that the first and the largest highlight as an investor is the fact that you should be aware out from the non-personal data report is that it actually creates a category called data businesses. And it says that all businesses above a particular size that actually generate data need to register as a data business, creating an almost like a new kind of compliance that many businesses would have to follow. It is important to note, however, that this is still in a report form and this is not law. And we are probably at least a couple of years away from seeing a full-fledged law on non-personal data being enacted in India and also being made binding. However, this category of non-data businesses and this idea itself is likely here to stay. And it's something that will not only increase compliance but also increase the record keeping that a company will have to undertake for the kind of non-personal data that it collects and how much of that data it necessarily makes accessible. The second key highlight from the report is that the role of the government and the role of entities like trusts which are largely paternalistic, which is entities that tell individuals or entities what to do and what not to do and how they should go about doing so is likely going to massively increase in the data ecosystem. This many people could argue is already taking place with regard to personal data. But there are some very key considerations in our privacy that justify that taking place. This increase in the role of governments as well as other data stewards such as data trusts is something that is likely going to cause some friction between companies and startups as well as entities that decide to carry out these roles. And while the report doesn't really go into the details of how things like privacy, security and the general power imbalance between governments and private entities is going to be addressed, it's something that is definitely one of the top highlights and is likely to be one of the enduring issues in the non-personal data report. We've already spoken about compliance and the fact that compliance is going to massively increase because of the fact that they're going to be new like news items about different hacks and breaches that are taking place as well as many new laws and regulations that will come forth to implement non-personal data regulation. Now, because of the fact that it will become just like privacy is right now an issue in the public spotlight and will also be something that there will be laws and regulations mandating a particular kind of compliance, it's very clear that this is definitely going to be an issue that is going to play out in the public domain as much as it will play out privately which can have a very tangible impact on the valuation and the general operation of especially smaller companies but also larger ones. It's also very key, I think, as a takeaway from the report to talk about how the creators of that report call it a statement of intent. They actively say that this is not a final report that is still in its draft form and have actually encouraged public comments and consultations from many individuals. In that regard, it is very important to make sure that one doesn't start building compliance mechanisms to comply with the things that are present in the report because it is still in its draft form. However, tracking the report very carefully and making sure that its outcomes are always beneficial to the ideal of innovative technology ecosystem in India is something that the technology sector and the investors are best pleased to do. And while there is much left to be decided, there are already some aspects of non-personal data that are even present in the draft data protection bill that may be law as soon as early next year. Because of the privacy and data protection bill considerations around non-personal data in the data protection bill, which are limited to the extent that the government can actually demand for non-personal data for public policy and planning purposes, it's very possible that certain companies, likely larger ones, but possibly even smaller ones, may have to go up against non-personal data well before we have a dedicated non-personal data law, which only adds to the reason that one should be watching this issue very carefully. And now moving on to some of the deeper issues that are present within competition and the non-personal data report, where the report very clearly makes an argument that there is a concentration of power in few large entities in the technology ecosystem all over the world. Something that is an investor, I'm sure you very frequently come across when many fields which have smaller startups are simply taken over by a larger company providing that same service that makes it very, very hard to compete at an equal footing. Well, governments are actually saying that one of the most effective ways to regulate this is to actually regulate non-personal data. They say that personal data is not enough. And regulating personal data might have led to a decrease in privacy and security risks, but has not necessarily limited the massive anti-competitive behavior that some of the larger companies, according to governments, have been able to indulge in. And therefore governments are exploding alternative means to bring greater parity between these large players and other smaller players who operate in an ecosystem. And this includes both the governments in the European Union who are coming up with their own data strategy, as well as in India where this non-personal data report is arguably just one of the first ways in which the government is actually thinking about this. Where they want to create a more level playing field between larger and smaller players by making sure that insights and data that only larger players can collect are either shared with the government who can then decide who to share it with or are shared with smaller players directly so that they can also use it in product and service development. As you can imagine, this is something that larger players or in fact, even if smaller players are made to share their data will be very, very unhappy about. And which is why it's really important to keep in mind the fact that this is still going to be implemented. This is just an idea that is present in the report. And even in the European Union, no one is really thinking about these areas in a concrete manner yet. And it's also very hard to see how this will only create impact that is limited to large players and won't impact everyone else. And it's almost certain that these things will impact innovation and funding because of the fact that there will be changes in an ecosystem that has operated in a certain manner for the better part of 20 to 30 years. So because of this impact of innovation and funding and because of the fact that it may actually lead to better competition between smaller and larger players, this is an area that as investors, one we must watch for very carefully because of the fact that when there is an increase in competition, it's usually beneficial for both consumers as well as the players in any ecosystem. However, the question remains how much can non-personal data and it's mandatory sharing with the government and other private players actually help solve this problem. This is something that we will likely only learn via experience. So there are many individuals within the Indian government and outside who are attempting to think these things through in a way to make sure that innovation and funding aren't impacted negatively, which is why it's very clear that one of the bigger things that the non-personal data report attempts to solve for is making sure there is more competition in the Indian ecosystem. And now moving on to intellectual property and non-personal data. I think anyone who works in the domain of startups and broadly is a player in the technology ecosystem knows the value of intellectual property. And intellectual property are broadly things like copyright, trademark, patents, and other things that make the work takes place within an organization exclusive to the extent that's possible to that organization so that they are the only ones who can benefit from it. Many players actually say that intellectual property is the key to innovation. However, the way that the non-personal data report talks about many of the things that it wants to do with the sharing of information, it is clear that those things will go up against intellectual property in a manner that may not be very pleasant. And that's largely the case for two broad reasons. The first is it's actually quite difficult to distinguish between insights that are derived from data, the processes used to arrive at that insight and the data itself. And the non-personal data report broadly shifts between insights and data in a manner that is quite nebulous and makes it very hard to decide when does it want the data itself to be shared with other players of the government or when it's talking about insights. As you can imagine that any investor as well as companies and startups themselves will be quite reluctant to share things that give them a competitive advantage and with other players. And it's more often than not those very things that give them a competitive advantage that are protected with intellectual property. And that's broadly the first reason why it's going to be quite hard to imagine that intellectual property is something that will not clash with non-personal data. The sort of second issue with regard to intellectual property is that the report often flits between talking about sharing with competitors and sharing with the government itself. When it comes to sharing with competitors, it's quite clear to say that many startups and companies would be very reluctant to share information or data with competitors no matter what their size, because it would make it very hard for them to compete equally with them in that same space. As we discussed in the last presentation slide, it is the competitors themselves in this case that the government is hoping to create a more level playing field between. So this is actually an outcome that the government wants. In order to overcome this concern, what in some parts the report talks about is sharing non-personal data with the government instead of competitors directly, where the government would then decide which data to share with which competitor and which ecosystem and essentially would act as an intermediary between the ecosystem as well as the entity trying to share the data. Now this is something that comes with its own set of concerns because similar issues in the past such as the sharing of source code with governments before entering into business in a country have been deep issues of concern between players in the Indian government, in the Chinese government and even the government of the United States which sometimes have these demands and have been very critical of such requests at different points in time. And that makes it all the more unimaginable to imagine that this competitive advantage that many of these smaller startups have is something that they would be okay with sharing with governments so that the governments could then distribute them to other players in the space however they deem fit. And trade secrets in particular are a completely different ball game because of the fact that in India, the law around trade secrets in itself is quite vague and the definition of what can and cannot be a trade secret is quite broad which is why in India, there may be many players especially some of the larger foreign ones who may be reluctant to carry out research and development because it may at some point or the other end up being classified as non-person leader that has to be shared with the government or with other players completely negating the point in their eyes of indulging in that research in the first place. Which is why it's critical that the sort of interface between intellectual property and non-personal data is tracked very, very carefully. And no matter what the final outcome, it's clear that the conflict that is almost inherent between these two things should be resolved in a manner that allows for the both of them to coexist and the policy objectives behind non-person leader to be achieved without unnecessarily violating intellectual property. And with that, I hope to have told you why you should care about non-personal data if you care about risk compliance and successful businesses. What some of the top kinds of non-person data in the non-person data report in India are including public, private and community non-personal data. And then we went over in detail issues around competition and intellectual property rights, the way they exist in the report. And finally, we spoke about how there may actually be some areas of non-person data that would actively become applicable much before a non-person data law comes out due to the data protection bill, actually including some provisions about mandatory non-person data sharing with the government. And for all of these reasons, it's very important that this issue be tracked very closely by investors and companies alike because it's clear that it is going to radically reshape the data ecosystem, not just in India but in many parts of the world.