New Data Governance Framework ditches monetisation, encourages businesses to share non-personal data

India’s Ministry of Electronics and Information Technology, on May 26, floated a new framework for the governance of citizen data that will see the creation of an “Indian Data Management Office” (IDMO) to set the standards for its storage and collection, and create “a large repository of India datasets” by “establishing guidelines, rules and standards to build and access anonymised non personal data.”

“The IDMO shall formulate all data/datasets/metadata rules, standards, and guidelines in consultation with Ministries, State Governments, and industries. The IDMO shall conduct at least two semi-annual consultations and report carding for this purpose with representation from State Governments and industry.” — The National Data Governance Framework Policy

With this, the Policy seeks to “encourage” private companies to share non-personal data with startups and researchers through the proposed India Datasets programme. The previous version of the draft framework — ‘India Data Accessibility and Use Policy’ — which was floated in February, had been harshly criticised by lawyers’ collectives for its proposal to monetise government data.

Why it matters: Data has grown to be an important economic and social resource. In India, the government is the biggest data repository. A policy framework is essential not only because currently there is no legal measure to protect non-personal data in the country, but also to streamline government data sharing which faces several bottlenecks today.

Never miss out on important developments in tech policy, whether in India or across the world. Sign up for our morning newsletter to read MediaNama’s free read of the day, and other stories.

Changes from the February draft

The most significant change in the new draft is the omission of the caveat that allowed the sale of data collected by the Indian government in the open market.

The older draft had proposed that non-personal and anonymised personal data collected by the Indian government that has “undergone value addition” can be sold in the open market for an “appropriate price”. It faced widespread criticism with questions being raised about the government collecting data to monetise it in the absence of a data protection law in India.

The new draft, on the other hand, places significant focus on sharing non-personal data. For this purpose, it advocates the creation of an India Datasets programme, which will consist of non-personal and anonymised datasets from Central government entities that have collected data from Indian citizens and residents.

What is non-personal data: Any set of data which does not contain personally identifiable information can be classified as “non-personal data”.

Proposed role of the IDMO

• Storage: Any and all kinds of government data will be hosted by the IDMO. Although the storage structure hasn’t been clarified on the proposal, it could mean that either all the concerned data will be stored on the IDMO’s servers or that there might be unlimited communication between the IDMO and various government data silos. Private entities will also be able to contribute to this silo.
• G2G data access: All government ministries and departments shall be ordered, under a standardised mechanism by the IDMO, to create searchable data inventories with clear metadata and data dictionaries for government-to-government data access.
• India datasets program: The IDMO is expected to build a pan-India datasets library, which will consist of non-personal and anonymised datasets from the government entities that have collected data from Indian citizens and residents. The IDMO expects private entities to pool into the program as well.
• Identifying datasets: Rules including data anonymisation standards for both government and private entities that deal with data will be managed by the IDMO. This is expected to cause every government ministry, department and organisation to identify and classify available datasets for the Indian datasets program.
• Data quality and metadata standards: The IDMO shall finalise the meta-data and data standards that cut across sectors. It shall oversee the publishing of and compliance to domain-specific meta-data and data quality standards by line ministries or departments.
• Ownership and usage norms: The IDMO may ensure that data usage rights along with permissioned purposes to be with the natural owner of the data (Data Principal). The organisation will also formulate disclosure norms for data collected, stored, shared and accessed over a certain threshold. It shall define the principles for ethical and fair use of data shared beyond the government ecosystem.
• Capacity building: The IDMO shall support holistic and comprehensive capacity building initiatives for officials in all government agencies to build data and digital literacy, knowledge, and skills. It shall also assist in setting up data management units in ministries and departments to create dedicated capacity for data management.

How is the IDMO supposed to function?

• Accountability: The IDMO shall be set up under the Digital India Corporation (DIC), itself an entity under the Ministry of Electronics and Information Technology (MeitY). It shall be responsible for any and all developments and updations in the National Data Governance Policy.
• Structure: Every ministry and department in the country is expected to raise data management units (DMUs) headed by a designated chief data officer (CDO) who shall work closely with the IDMO for ensuring the implementation of the Policy.
• Accessibility: The IDMO shall design, operate and manage the “Datasets Access” platform for both the Union as well as state governments. All datasets in the India Datasets program can only be accessed through this and any other platforms authorised and designated by the IDMO.
• Jurisdiction: All states and Central government data, datasets and even metadata rules will be under the IDMO’s aegis. It is supposed to conduct at least two semi-annual consultations with Union government representatives and state level data officers.
• Usage permission: Any request by third parties such as researchers, start-ups and private companies for non-personal or anonymised datasets will be vetted by the IDMO before dispersal. The IDMO will have the power to limit the number or range of data requests from any Indian entity.
• Redressal mechanism: The IDMO shall institute a mechanism for citizens to request datasets, register grievances and establish responsibility of DMUs under the IDMO to respond in a timely manner, to facilitate transparent and accountable data sharing ecosystem.

Why was the previous draft of the Data Governance Policy redacted?

The previous draft data access policy was published on February 21. It had introduced similar measures announced in the newest draft to allow for greater data-sharing amongst government bodies and other private stakeholders. It was open for feedback until March 18, 2022. The Internet Freedom Foundation (IFF) and the Software Freedom Law Center, India (SLFC), two of the draft’s staunchest critics, had pointed out the following flaws.

Monetising personal data:

1. Pricing data in conflict with Open Government Data principles: The draft data access policy claims to promote Open Government Data (OGD), but by proposing to price data there is a conflict with OGD principles because OGD refers to data collected and processed by the government that is free to use, reuse, and redistribute, SLFC submitted. Pricing this data goes against the principles of open data followed by most governments across the world, SLFC added.
2. Databases should not be copyrighted: SFLC submitted that the databases created by the government must be in the public domain as they are made by state employees using taxpayers’ money, and must not be copyrighted. Besides, copyrighting is not strong protection because modification of the original database which results in a new and better arrangement of the database is not considered copyright infringement, SFLC explained.

Inadequate consultation:

1. The draft policy skipped the consultative process: By sharing the draft policy directly, the consultative process required for drafting a good policy has been skipped. This fails to abide by the provisions of the Pre-Legislative Consultation Policy, 2014, which was put in place to promote transparency in law-making, IFF said. It also noted that according to the Constitution, every law should be enacted after going through the legislative procedure but the draft data access policy bypassed this as it was drafted without any parliamentary discussion.
2. Sidelines India’s federal structure: The draft policy was made in a centralised manner without keeping in mind India’s federal structure, IFF said. “The proposal to share data has been rejected by the State governments earlier as well, such as when the Department of Food and Public Distribution urged States to share Aadhaar details of National Food Security Act beneficiaries with the National Health Authority. The States reportedly pushed back against this demand due to the security implications of such a data transfer, fearing that the data may be used for political gains,” IFF explained. But despite this, the central government has gone ahead with the draft policy, it said.

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Also Read:

• Summary: Draft India Data Accessibility And Use Policy, 2022
• Data For Revenue: Revisiting The Draft India Data Accessibility And Use Policy
• Summary: IFF Says Draft Data Access Policy Will Enable State-Sponsored Mass Surveillance, Should Be Withdrawn And Reconsidered