The proposal of having a single legislation for personal data protection and non-personal data governance in India is questioned. The foundational bases that justify both these regulatory frameworks are different. The way forward is to have a separate legislation with a stringent governance structure around non-personal data in case the process of anonymisation is reversed.
