Draft India Data Accessibility & Use Policy 2022 | Timeline

On 22nd Feb 22, India’s ministry of electronics and information technology (MEITY) released a policy document called Draft India Data Accessibility & Use Policy 2022.

For other articles under the TIMELINE Initiative, click HERE

The policy aims to radically transform India’s ability to harness public sector data.

The proposals of the Draft Data Accessibility Policy has been in the spotlight for permitting the licensing and sale of public data by the Government to the private sector.

Making Data Open: All data collected, generated, and stored by every government ministry and the department will be open and shareable barring certain exceptions.

Indian Data Office (IDO): It will be constituted by the Ministry of Electronics and Information Technology (MeitY) to streamline and consolidate data access and share public data repositories across the government and other stakeholders.

Indian Data Council (IDC): It will comprise the IDO and data officers of five government departments. Its tasks will include defining frameworks for defining high-value datasets, finalizing data standards and metadata standards and reviewing the implementation of the policy.

Common Database: All central and state government bodies will have to compulsorily share data with each other to create a common “searchable database”.

The monetisation of Data: The datasets that have undergone value addition could be monetised by the government.

Stakeholders like start-ups, other enterprises, individuals and researchers will be able to access enriched data through data licensing, sharing and valuation within the frameworks of data security and privacy.

A data-sharing toolkit will be provided to ministries and departments to assess and manage risks associated with data sharing.

Guidelines will also be framed to decide how long datasets can be held by the Government.

[An open data policy won’t work without earnest implementation – Live mint – 11th Mar 22]

Utility in delivery of public services: The data generated through routine administrative processes is important for the better delivery of public services.Already in practice in other countries: Such policies exist in many countries being used for an efficient use of such data in improving services.

Demands of academia and other stakeholders: i.e., large volumes of such data have remained unutilized.

[An open data policy won’t work without earnest implementation – Live mint – 11th Mar 22]

Conflict of interest: There are changes of misuse of such data for commercial or political purposes. It is because data is “the new oil”. Thus, the monetization of valuable public sector data without adequate safeguards can be counter-productive.

Issues of data integrity: As public data is a by-product of government administration; its quality is only as good as that of the administration.

Administrative control over data has also been used to thwart attempts by users and citizens to obtain data for public use. For example, the Right to Information (RTI) Act, has been diluted over the past decade like many RTI activists losing their lives.

[Why draft data accessibility policy is dangerous – Indian Express – 5th Mar 22]

Privacy related aspects: With the digitization of every aspect of life, the intensity of data collection has increased manifolds. For example:

  • Linking of Aadhaar with bank accounts and mobile connections.
  • Agristack in agriculture
  • e-SHRAM portal for unorganised labourers
  • Aarogya Setu and ABHA (Ayushman Bharat Digital Health Mission) for health sector
  • NDEAR (National Digital Education Architecture) for school children and teachers

This public data is now viewed as a prized asset of the Union government that it can freely share with the private sector for profit. All this may lead to mandatory collection of even most personal data and that too for a longer period of time.

Even experiences in data sharing are not encouraging. For example, the transport ministry had to scrap the bulk data sharing policy, 2019 citing potential misuse of personal information and privacy issues.

Making data open by default: Draft policy has used phrase “open data”, without mentioning its objectives. As per World Bank benefits of open data is that it supports “public oversight of governments and helps reduce corruption by enabling greater transparency”. These principles were recognized in the National Data Sharing and Accessibility Policy, 2012.

Out of the 13 listed objectives, only one is relevant to transparency and the majority are linked to commercialization.

Detached from the constitutional framework: Draft policy does not contain any proposals for the creation of a legal framework that governs data sharing. It makes it a part of a larger trend of policy-based administration detached from our constitutional framework.

As per the Supreme Court’s Puttaswamy judgment on the fundamental right to privacy, the first ingredient to satisfy constitutionality is the existence of a legal, more often a legislative, basis. Without a law, there is an absence of defined limits to data sharing that are enforceable and contain remedies.

Unsatisfactory anonymization tool: Policy is trying to ensure privacy preservation through anonymisation tools. However, as per Luc Rocher and co-authors at the Oxford Internet Institute, even heavily sampled anonymised datasets are unlikely to satisfy the modern standards for anonymisation set forth by GDPR.

[“Real cost of data” – Business Standard – 25th Feb 2022]

Privacy: Proposed draft legislation gives the government sweeping powers to collect data for broad purposes. If government departments share data with each other, government’s surveillance power increases. Monetization of data gives further incentive to collect more data.

Although this law deals with government departments only, the data protection bill provides the government with the power to request private data. This could lead to issues as private businesses run on IP and secrecy of technology and data.

Anonymous data: The issue with anonymous data is that though identifiers have been removed, anonymous data can be de-anonymized. This is more possible where there are multiple data sets with metadata that are connected to each other. E.g. one may combine data from the clinic, diagnostic center, and medical store to form a complete picture.

[An open data policy won’t work without earnest implementation – Live mint – 11th Mar 22]

It can lead to realizing the potential of this large volume of data. It can be shared across various ministries and between central and state governments. It can be used to encourage better utilization of large-scale data collected by the government machinery.

Public data can be complementary to a systematic evaluation of administrative functioning and independent surveys and research.

[An open data policy won’t work without earnest implementation – Live mint – 11th Mar 22]

The data accessibility-and-use policy has to be completed by a comprehensive data protection framework.

The data integrity: Our statistical system needs strengthening. Public data can be verified independently, i.e., open databases for public scrutiny and academic analysis. For example, social audits being used in the Mahatma Gandhi National Rural Employment Guarantee Act. Its social audit has not only raised the quality of data available on this job programme’s functioning, but also helped improve the scheme itself.

Protection from unnecessary attacks: It is needed to be protected from the very institution that generates it, i.e., administrative machinery as well as the political leadership

[Why draft data accessibility policy is dangerous – Indian Express – 5th Mar 2022]

Independent regulatory body, to monitor and impose penalties, should be constituted.

The draft should go through thorough Parliamentary scrutiny, because public money would be spent to enrich datasets of public data. It will help bring accountability.

[Data openness is good but its safe use is a must – Live mint – 23rd Feb 2022]

India’s new open data proposition is, although comprehensive, will have exceptions. But it will still be safe, as safety caveats will prevent misuse or illegal use of data. However, It still needs many precautions to prevent misuse:

First, All possible eventualities, that could expose the personal lives of people through data, should be taken into account. For example, the details of vehicle ownership are available online, which have led to cases of women being stalked, should be checked.
Second, Even though tagged data is supposed to be aggregated and anonymized into metadata, it should not compromise individual privacy. It is important because software tools for disaggregation exist in the market.
Third, A law to keep personal data safe from disclosure should be made.
Lastly, while classifying data as sensitive, one must take a maximalist approach. Laws leave scope for unmasking of data. Laws do not grant ownership of data to users that belongs to them.

Print Friendly and PDF