Apar GuptaIt will allow government to enrich and sell data to private sector, will risk prioritising commercial interests over privacy
The government may very soon start selling your data based on a proposed policy released by the Ministry of Electronics and Information Technology (MEITY), titled “Draft India Data Accessibility & Use Policy 2022”. The policy aims to “radically transform India’s ability to harness public sector data”. If passed, it would govern, “all data and information created/generated/collected/archived by the Government of India” as much as, “State Governments [who] will also be free to adopt the provisions of the policy”. The twin purpose to which this data will be put to will be government-to-government sharing and high value datasets for valuation and licensing. There are three clear reasons why this policy deserves a recall by the Union government.
The immediate risk arises from perverse incentives when a government starts licensing citizen data. Over the past three years, there has been a rapid expansion in the nature and scope of our most intimate details. While the middle classes faced the mendacity of voluntarily linking their Aadhaar to their bank accounts and mobile connections, today, the digital sweep is all pervasive. For agriculture, there is an Agristack; for unorganised labourers, we have the e-SHRAM portal; in health we have Aarogya Setu and ABHA (Ayushman Bharat Digital Health Mission); and for school children and teachers there is NDEAR (National Digital Education Architecture). This list goes on. For every area of our lives, the government now has a database filled with our personal data. The stated purpose for collection has been improving service delivery, planning and checking leakages. Such methods have been criticised by privacy and welfare activists but have been justified as serving public purposes.
This changes with the draft data accessibility policy. To adopt a phrase from start-up culture, the basis of such massive data collection over citizens is undergoing a 180-degree pivot. Public data is now being viewed as a prized asset of the Union government that should be freely shared, enriched, valued and licensed to the private sector. Given that more data means more money, commercial interests will prompt the government to collect granular personal details through greater capture and increased retention periods. Tying government policy determinations with a fiscal potential may also lead to distortion of the aims of data collection — the welfare of farmers, healthcare, unorganised labourers or even schoolchildren. There is no indication that consent will be sought in a meaningful form.
Over time, the original objectives for which databases are built will get diluted in favour of commercial interests. Even past experience signals caution, given that social risks such as arson and communal violence prompted the Ministry of Road, Transport and Highways to recall a bulk sharing policy for licensing vehicular and driver licence data.
The second issue emerges from the disingenuous phrasing of “making data open by default”. The World Bank notes that one of the first benefits of open data is that it supports “public oversight of governments and helps reduce corruption by enabling greater transparency”. These principles were recognised in past policy pronouncements of the government. Specifically, the National Data Sharing and Accessibility Policy, 2012 and the implementation guidelines formulated in 2017 refer to the Right to Information Act, 2005. However, within the present draft data accessibility policy, while the phrase “open data” has been used, its values and objectives are absent. Of the 13 objectives listed, only one is relevant to transparency and is limited to a single sentence. The primary, overpowering objectives in the draft data accessibility policy and the background note are commercial.
The final area for reconsideration is a larger trend of policy-based administration detached from our constitutional framework. This is a malady afflicting large areas of data governance, with confusion on the enactment of a data protection law. Compounding this problem, the present policy, as many others, is untethered to any legislative basis and contains no proposals for the creation of a legal framework. Parliamentary scrutiny is not an inconvenient democratic artefact that can be jettisoned for a forecasted economic windfall. As per the Supreme Court’s Puttaswamy judgment on the fundamental right to privacy, the first ingredient to satisfy constitutionality is the existence of a legal, more often a legislative, basis. Without a law, there is absence of defined limits to data sharing that are enforceable and contain remedies.
In this case, the promise of privacy preservation through anonymisation tools holds little promise when it cannot be independently assessed by a body for data protection. For instance, Luc Rocher and co-authors at the Oxford Internet Institute note, “results suggest that even heavily sampled anonymised datasets are unlikely to satisfy the modern standards for anonymisation set forth by GDPR and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model.” This becomes vital as it is the principal measure suggested in the draft data accessibility policy.
Such risks will become a reality without an independent regulatory body or penalties. Parliamentary enactments also help bring accountability through deliberation that furthers foresight and contains financial memorandums – given that public money would be spent to enrich datasets of public data. Since the policy contemplates sharing data between databases of the central and state governments as well as through central funded schemes, it may also be prudent to deliberate further in the Rajya Sabha. Federalism becomes a relevant issue given that such data, when it is generated, processed and enriched by state governments to comply with interoperability standards, will lead to revenue generation for itself. These are the glaring issues in this short, 10-page draft data accessibility policy, which appears to transform the Union government into a data broker.
This column first appeared in the print edition on March 5, 2022 under the title ‘Our data, not for sale’.
After that this article was published in the Indian Express on March 5, 2022 14:29 IST