NDGFP Notes

1. What is NDGFP?

NDGFP or National Data Governance Framework Policy is introduced by MeitY to transform and
modernize Governments data collection and management processes and systems through standardised
guidelines, rules and standards for the collection, processing, storage, access, and use of Government
data – with the objective of improving governance through a whole-of government approach towards
data-led governance.

2. Objectives [2.3]
3. Precursors to the policy

Non-personal Data Governance Framework Policy

India Data Accessibility and Use Policy

[Criticisms of the policy: Aimed to monetise peoples’ non-personal data]

4. Applicability and Scope

NDGFP shall govern non personal data of all central Government departments and entities. The
State Governments shall also be encouraged to adopt NDGFP. With the implementation of
NDGFP, the Government plans to create a one-stop Indian Datasets Platform consisting of
anonymized non-personal datasets from across Government entities collected from Indian citizens
or those in India. This platform shall process requests and provide access to the non-personal
anonymized datasets to Indian researchers and start-ups. For Government-to-Government data
access, a separate standard mechanism shall be developed under NDGFP. Although NDGFP does
not apply to the private players per se, they can voluntarily contribute their datasets to the data
repository made under NDGFP. More at:

5. Connection with JPC and DPB 2021

The Personal Data Protection Bill, 2019 (“PDP Bill”) – a legislation to govern personal data - was
introduced in the Lok Sabha in 2019. The PDP Bill was referred to the Joint Parliamentary
Committee (“JPC”) which released its report in December 2021. The JPC recommended the PDP
should not be limited to personal data but must include non-personal data in its purview.
Accordingly, the JPC recommended rechristening of the PDP as the Data Protection Bill,
2021(“DPB”). Despite the radical changes, the DPB is yet to be enacted and reports suggest that
the DPB may be completely scraped and a new data protection bill may be introduced soon. Thus,
there still exist legislative gaps for the governance of non-data in the country. 
6. Rescinding DPB 2021
The Indian Parliament recently retracted the infamous Personal Data Protection Bill (PDP), 2021
bought in to regulate data protection norms and set up guidelines of cross-border data transmission
and collection. The Joint-Parliamentary Committee reviewing the bill proposed around 81
amendments and 12 recommendations to the bill. The document was withdrawn on the pretext
that the government will bring a new and comprehensive legal regime which will counter the
existing fallacies of the PDP, 2021. How does this connect with the policy and what are the odds
that its robust implementation is the reason behind the such retraction?