On February 21, 2022, the Ministry of Electronics and Information Technology (MEITY) issued a policy proposal titled “Draft India Data Accessibility & Use Policy, 2022.” According to the policy, “India’s capacity to use public sector data will be fundamentally transformed.” The Draft Data Accessibility Policy’s ideas have received a lot of attention since they allow the government to licence and sell public data to the private sector.
What is the purpose of the Draft Data Accessibility Policy?
In the next decade, the collection of citizen data is expected to grow at an exponential rate, becoming a cornerstone of India’s $5 trillion digital economies. The policy objectives and purposes derived from this understanding are primarily commercial in nature, as stated in Chapter 4 of the National Economic Survey of 2019, which noted the commercial benefits of government data exploitation, stating, “The private sector may be granted access to select databases for commercial use…” Given that the private sector has the ability to profit greatly from this data, charging them for its usage is only reasonable. ” Its goal is to maximise the economic value of the data produced.
Existing bottlenecks in data sharing and use are outlined in a background note that comes with the policy, including the lack of a body to monitor and enforce data sharing policies, the lack of technical tools and standards for data sharing, the identification of high-value datasets, and licencing and valuation frameworks. It outlines a path ahead for unlocking the high value of data throughout the economy, including a consistent and comprehensive governance policy, the interoperability of government data, and the instillation of data skills and culture.
Furthermore, there is a lack of openness due to the lack of a consultation document or a public disclosure of the list of stakeholders who have been consulted, which, according to MEITY’s public notice, includes “academic, industry, and government.”
How does the Draft Data Accessibility Policy aim to achieve its goals?
The policy will apply to any data and information that the central government creates, generates, collects, and/or archives. State governments would be able to implement their measures as well. It would be operationalized by establishing an India Data Office (IDO) under MEITY for the overall administration, with each government agency appointing a Chief Data Officer. In addition, an India Data Council would be established as a consultative organisation for duties like standardisation. It is unclear if the India Data Council will include business, civic society, or technologists as non-governmental participants.
The policy approach is to make government data accessible by default, with a blacklist of datasets that cannot be shared. The autonomous government departments are in charge of defining more sensitive categories to which access should be limited. Existing data sets will also be enhanced or processed to increase their worth, resulting in high-value datasets. Datasets from the government, especially high-value datasets, shall be freely shared within departments and licenced to the business sector. There is a suggestion for anonymization and privacy preservation as a measure of privacy protection.
What are the privacy issues with the Draft Data Accessibility Policy?
India lacks data protection legislation that can hold people accountable and give redress for abuses of privacy, such as forceful and excessive data collection or data breaches. Inter-departmental data sharing raises privacy issues since an open government data portal with data from all departments might lead to the building of 360-degree profiles and allow state-sponsored mass monitoring. Even though anonymization is listed as a desirable aim in the policy, there is no legal responsibility or independent regulatory supervision. Scientific study and the availability of automated techniques for re-identification of anonymous data are also overlooked. Given the present financial incentives for licencing to the private sector, where the government acts as a data broker, this becomes critical. With increasing volumes of personal data, the economic worth of the data rises. The strategy also fails to meet the legality standard for state intrusion into privacy established by the Supreme Court of India in its landmark right to privacy ruling due to the lack of an anchoring statute.
Are there any other issues with the policy?
There are three more concerns with the policy text that should be addressed.
It deviates from its basic premise of offering government openness to its people. There is just one reference to openness, and there is little to no discussion of how data sharing might help ensure accountability and address demands.
The second concern is that the programme circumvents parliament by proposing large-scale data sharing and enrichment using public funds. Furthermore, the establishment of offices, as well as the prescription of norms that may apply not only to the central government but also to state governments and the programmes they administer, needs legislative discussion.
This takes us to the third and last federalism issue. Despite the fact that the policy states that state governments would be “allowed to adopt sections of the programme,” it does not clarify how this will be accomplished. It becomes significant if the central government establishes certain data-sharing criteria or as a condition of receiving financial aid. There is also no mention of whether the central government may sell data gathered from the states or whether the proceeds will be distributed to the states.