Understanding the Draft India Data Accessibility & Use Policy, 2022

The story so far: The Ministry of Electronics and Information Technology (MEITY) on February 21, 2022 released a policy proposal titled as, “Draft India Data Accessibility & Use Policy, 2022”. The policy aims to, “radically transform India’s ability to harness public sector data”. The proposals of the Draft Data Accessibility Policy has been in the spotlight for permitting the licensing and sale of public data by the Government to the private sector.

Why has the Draft Data Accessibility Policy been proposed?

The generation of citizen data is slated to increase exponentially in the next decade and become a cornerstone of India’s $5 trillion-dollar digital economy. The policy objectives and purpose drawn from this understanding are primarily commercial in nature following the rationale of the National Economic Survey, 2019 which at Chapter 4 noted the commercial benefits of Government data exploitation, notably, “The private sector may be granted access to select databases for commercial use…Given that the private sector has the potential to reap massive dividends from this data, it is only fair to charge them for its use.” It aims to harness the economic value of the generated data.

A background note that accompanies the policy outlines existing bottlenecks in data sharing and use which includes the absence of a body for policy monitoring and enforcement of data sharing efforts, absence of technical tools and standards for data sharing, identification of high value datasets and licensing and valuation frameworks. It indicates a way forward to unlock the high value of data across the economy, congruent and robust governance strategy, making Government data interoperable and instilling data skills and culture.

Beyond this, there is a lack of transparency with the absence of a consultation paper or a disclosure of the list of stakeholders who have been consulted which as per a public notice by MEITY include, “academia, industry, and Government”.

How does the Draft Data Accessibility Policy aim to achieve its goals?

The policy will be applicable to all data and information created, generated, collected and/or archived by the Central Government. It would also allow State governments to adopt its provisions. Its operationalisation will be achieved through the establishment of a India Data Office (IDO) under MEITY for overall management, with each government entity designating a Chief Data Officer. In addition to it, a India Data Council will be formed as a consultative body for tasks that include finalisation of standards. It is not indicated whether the India Data Council will have non-governmental participation from industry, civil society or technologists.

The policy strategy is to make Government data open by default and then maintain a negative list of datasets which cannot be shared. Definition of more sensitive categories which should have restricted access is left to the independent government ministries. In addition to this, existing data sets will be enriched or processed to attain greater value and termed as high-value datasets. Government datasets including high-value datasets will be shared freely within government departments and also licensed to the private sector. As a measure of privacy protection, there is a recommendation for anonymisation and privacy preservation.

What are the privacy issues with the Draft Data Accessibility Policy?

India does not have a data protection law that can provide accountability and remedy for privacy violations such as coercive and excessive data collection or data breaches. Here, inter-departmental data sharing poses concerns related to privacy since the open government data portal which contains data from all departments may result in the creation of 360 degree profiles and enable state-sponsored mass surveillance. Even though the policy considers anonymisation as a desired goal there is a lack of legal accountability and independent regulatory oversight. There is also a failure to consider scientific analysis and the availability of automated tools for the re-identification of anonymous data. This becomes important given the existing financial incentives of licensing to the private sector, where the Government is acting as a data broker. Here the commercial value of the data increases with greater amounts of personal data. The absence of an anchoring legislation further leads to the policy not being able to fulfill the threshold of legality for state intervention into privacy which was put in place by the Supreme Court of India in its landmark right to privacy decision.

Are there any other issues with the policy?

There are three additional issues with the policy document that merit consideration.

While adopting the language of open data it strays from its core principle of providing transparency of the Government towards its citizens. There is only one mention of transparency and little to no mention of how such data sharing will help ensure demands for accountability and redress.

The second issue is that the policy bypasses parliament as it contemplates large scale data sharing and enrichment that will be borne from public funds. Further, the constitution of offices, prescription of standards that may be applicable not only to the Central government, but even State governments and schemes administered by them require legislative deliberation.

This brings us to the third and final issue of federalism. The policy, even though it notes that State governments will be, “free to adopt portions of the policy,” does not specify how such freedom will be achieved. It becomes relevant, if specific standards are prescribed by the Central government for data sharing, or as a precondition to financial assistance. There is also the absence of any comment on whether data gathered from States may be sold by the Central government and whether the proceeds from it will be shared with the States.

How to participate and send in your views?

The draft data access policy accompanied by a background note is available on the website of MEITY and open for public consultation till March 18, 2022. For participation, comments can be sent by email to Ms. Kavita Bhatia, Scientist F at the email kbhatia@gov.in and pmu.etech@meity.gov.in.

Co-author: Anushka Jain

The article was published in The Hindu on February 24, 2022