wordpress blog stats
Connect with us

Hi, what are you looking for?

(Em)Powering India through data: Thoughts on the National Data Governance Policy Framework

Do we have an enabling system for the National Data Governance Framework Policy (NDGFP) aiming to create a repository of non-personal data?

By Soujanya Sridharan and Shefali Girish

In May 2022, the Ministry of Electronics and Information Technology (MEITY) introduced the National Data Governance Framework Policy (NDGFP) to propel India’s development through data-driven research and innovation. More specifically, the Policy seeks to build a vast repository of anonymised, non-personal data obtained from government ministries, departments and organisations, alongside anonymised data voluntarily disclosed by private entities. Such a non-personal data repository, termed the ‘India Datasets Platform’, will be available for research purposes and innovation by start-ups operating in India.

This revision – one which removes licensing requirements for data access in favour of a repository maintained by the government – is significant as the Policy attempts to overcome critique directed at its now-scrapped predecessor, the Draft India Data Accessibility and Use Policy (IDAUP). While the IDAUP alarmingly called for monetisation of anonymised public datasets, the current Policy remedies this through the introduction of the India Datasets Platform that is to be managed under the auspices of the proposed ‘India Data Management Office’. (IDMO). And herein lies the conundrum. 


Never miss out on important developments in tech policy, whether in India or across the world. Sign up for our morning newsletter, with a “Free Read of the Day”, to experience MediaNama in a whole new way.


IDMO and the mechanics of data sharing 

The IDMO, to be set up under the Digital India Corporation, is tasked with developing the necessary rules, standards and policies for sharing of anonymised data, as envisaged by the Policy. Notably, however, the Policy remains glaringly silent on the specifics of the composition and the processes by which the IDMO would go about performing its role of standard-setting and policymaking for the India Datasets Platform, opening doors for arbitrary executive action. 

Beyond framing policies, rules and setting standards, the IDMO must also ensure continuous monitoring of data sharing activities and set up oversight mechanisms for conducting risk assessments and external data audits.The IDMO could be structured as an independent body, such as the Financial Data Management Centre (FDMC) which was set up under the aegis of the Reserve Bank of India’s Financial Stability and Development Council (FSDC) to facilitate integrated data aggregation and analytics in the financial sector.

Advertisement. Scroll to continue reading.

More fundamentally, the IDMO’s functions should include establishing standards for data storage, interoperability and appropriate controls for data use such that data quality, usability and privacy are upheld through the lifecycle of a dataset. For tasks such as standard formulation, different expert committees need to be set up. To this end, the IDMO could borrow from the US Federal Data Strategy that has expert working groups such as the Data Sharing Working Group which focuses on data sharing between federal agencies and supports the Chief Data Officer Council on communicating use cases, challenges and various data sharing needs.

Further, Section 5.2 of the Policy provides for the IDMO to hold at least 2 semi-annual consultations with representation of  government and industry. However, the extent of participation of stakeholders and the manner in which consultations will be structured is yet to be determined. Embedding a robust consultation process with active involvement of all relevant stakeholders including academia, civil society, government bodies that would work alongside start-ups is required to develop the required flexibility in guidelines for data management. The Telecom Regulatory Authority of India (TRAI) provides a useful rubric for the IDMO to contemplate participatory consultation processes. TRAI has constituted advisory committees with representation from consumer groups and industry stakeholders, with a common charter to promote consumer participation in the process.

Additionally, the Policy governs access of non-personal datasets to researchers and startups. It therefore becomes imperative  to assess the gaps in the technical capacities of start-ups pertaining to data management before suggesting a framework that encourages businesses to share data. The IDMO should also focus on building capacity and supporting  government departments in development and implementation of data sharing mechanisms. This can be achieved by  building digital public infrastructure  which enables basic functions essential for public and private service delivery, i.e. collaboration, commerce, and governance. DPIs comprise a foundational layer upon which the government can collaborate with the private sector and enable sharing of data for social benefit.

An encouraging precedent for DPIs exists in the form of UPI, which is an interoperable real-time payment platform connecting users and merchants to raise simultaneous payment requests, with an essential  infrastructure which is scalable and powered by a set of open APIs. While this illustrates how a unified public technological ecosystem with multi-layered platforms can significantly improve access to financial services, its governance suffers from shortcomings. This is because the NPCI, the governing authority for all digital transactions that occur on the UPI, remains opaque and is a private body which is not subject to mandatory disclosure under the Right to Information Act. The lack of any accountability framework coupled with the absence of an overarching data protection law creates possible vulnerabilities for UPI users and avenues for misuse of data – two drawbacks that the IDMO must be alive to while setting up technical infrastructure for the India Datasets Platform.

Way forward for data sharing 

What is needed to make the Policy a meaningful and implementable regulatory instrument is an enabling ecosystem which creates mechanisms for sharing of non-personal data such as data exchange platforms and data collaboratives. Much can be gleaned from Estonia’s  X road which enables the exchange of data amongst different government departments, citizens, and other private sector stakeholders. X-road follows an open digital ecosystem approach by making decentralised public and private databases interoperable, building on reusable and shareable components, ensuring privacy and secure data exchange and having accountable institutions (the Estonian Information Systems Authority) to monitor and regulate the ecosystem.  

Advertisement. Scroll to continue reading.

Lastly, the IDMO’s actions to unlock non-personal data for research and innovation would be meaningless without appropriate protections afforded to a variety of potential harms arising from data sharing. This includes breach of individual and group privacy due to re-identification of people through combinations of datasets available on the India Datasets Platform. Therefore, it is essential that the current Policy be placed on hold until a data protection legislation is passed. Such a regulation is indispensable to secure the data rights of Indians, paving the way to hold data requesters accountable if they fail to comply with the provisions of the NDGFP.  

Soujanya Sridharan and Shefali Girish are researchers working with Aapti Institute, a think tank studying the impact of technology on society.


This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Also read 

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Studying the 'community' supporting the late Sushant Singh Rajput (SSR) shows how Twitter was gamed through organized engagement

News

Do we have an enabling system for the National Data Governance Framework Policy (NDGFP) aiming to create a repository of non-personal data?

News

A viewpoint on why the regulation of cryptocurrencies and crypto exchnages under 2019's E-Commerce Rules puts it in a 'grey area'

News

India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...

News

There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ