Why draft data accessibility policy is dangerous

News: Government has released Draft India Data Accessibility & Use Policy 2022.

Read – Salient features of Draft India Data Accessibility & Use Policy 2022

The policy would govern, “all data and information created/generated/collected/archived by the Government of India”.  State Governments will also be free to adopt the provisions of the policy.

What are the concerns associated with the policy?

  1. Privacy related aspects: With the digitization of every aspect of life, the intensity of data collection has increased manifolds. For example:
    1. Linking of Aadhaar with bank accounts and mobile connections.
    2. Agristack in agriculture
    3. e-SHRAM portal for unorganised labourers
    4. Aarogya Setu and ABHA (Ayushman Bharat Digital Health Mission) for health sector
    5. NDEAR (National Digital Education Architecture) for school children and teachers

This Public data is now viewed as a prized asset of the Union government that it can freely share with the private sector for profit. All this may lead to mandatory collection of even most personal data and that too for a longer period of time.

Even past experiences in data sharing are not encouraging. For example, the transport ministry had to scrap the bulk data sharing policy, 2019 citing potential misuse of personal information and privacy issues.

  1. Making data open by default: Draft policy has used phrase “open data”, without mentioning its objectives. As per World Bank benefits of open data is that it supports “public oversight of governments and helps reduce corruption by enabling greater transparency”. These principles were recognized in the National Data Sharing and Accessibility Policy, 2012.

Out of the 13 listed objectives, only one is relevant to transparency and the majority are linked to commercialization.

  1. Detached from the constitutional framework: Draft policy does not contain any proposals for the creation of a legal framework that governs data sharing. It makes it a part of a larger trend of policy-based administration detached from our constitutional framework.

As per the Supreme Court’s Puttaswamy judgment on the fundamental right to privacy, the first ingredient to satisfy constitutionality is the existence of a legal, more often a legislative, basis. Without a law, there is absence of defined limits to data sharing that are enforceable and contain remedies.

Read Data openness is good but its safe use is a must
  1. Unsatisfactory anonymization tool: Policy is trying to ensure privacy preservation through anonymisation tools. However, as per Luc Rocher and co-authors at the Oxford Internet Institute even heavily sampled anonymised datasets are unlikely to satisfy the modern standards for anonymisation set forth by GDPR.

Few suggestions that can be implemented

Independent regulatory body, to monitor and impose penalties, should be constituted.

The draft should go through thorough Parliamentary scrutiny, because public money would be spent to enrich datasets of public data. It will help bring accountability.

Source: This post is created based on the article “US not ready for a solo space ride” published in Indian Express on 5th March 2022.

Print Friendly and PDF