Insights

Understanding the Draft India Data Accessibility & Use Policy, 2022

August 25, 2022

What are the main provisions of the draft document? Is the Government going to monetize public data?
The story so far: The Ministry of Electronics and Information Technology (MEITY) released a policy proposal on February 21, 2022, titled “Draft India Data Accessibility & Use Policy, 2022,” which aims to “radically transform India’s ability to use public sector data.” The draft data access policy proposals have been in the spotlight for allowing the licensing and sale of public data by the government to the private sector.

Why has the Draft Data Accessibility Policy been proposed?

Citizen data generation is expected to grow exponentially over the next decade and become a cornerstone of India’s $5 trillion digital economy. The policy goals and purposes that flow from this understanding are primarily commercial in nature and follow the logic of the National Economic Survey, 2019, which notes in Chapter 4 the commercial benefits of government data use, specifically, “The private sector may be granted access to selected databases for commercial use … Since the private sector has the potential to make enormous profits from this data, it is only fair to charge it for its use.” The goal is to harness the economic value of the data generated.

A background paper attached to the policy identifies existing data sharing bottlenecks. These include the lack of a body for policy oversight and enforcement of data sharing efforts, the lack of technical tools and standards for data sharing, identification of high-value datasets, and licensing and valuation arrangements. The report outlines a path forward to unlock the high value of data across the economy, develop a coherent and robust governance strategy, make government data interoperable, and instill data literacy and culture.

In addition, there is a lack of transparency, with no consultation paper or list of stakeholders consulted, which include “academia, industry, and government,” according to a public notice from MEITY.

How does the Draft Data Accessibility Policy aim to achieve its goals?

The policy will apply to all data and information created, generated, collected, and/or archived by the central government. State governments may also adopt the provisions. It will be implemented through the establishment of an India Data Office (IDO) under MEITY, which will be responsible for the overall administration, with each government agency appointing a Chief Data Officer. In addition, an India Data Council will be formed as an advisory body for tasks such as finalizing standards. It is not stated whether the India Data Council will have non-government participation from industry, civil society, or technologists.

The policy strategy is to make Government data open by default and then maintain a negative list of datasets that cannot be shared. The definition of more sensitive categories which should have restricted access is left to the independent government ministries. In addition to this, existing data sets will be enriched or processed to attain greater value and termed as high-value datasets. Government datasets including high-value datasets will be shared freely within government departments and also licensed to the private sector. As a measure of privacy protection, there is a recommendation for anonymization and privacy preservation.

What are the privacy issues with the Draft Data Accessibility Policy?

India does not have a data protection law that can provide accountability and remedy for privacy violations such as coercive and excessive data collection or data breaches. Here, inter-departmental data sharing poses concerns related to privacy since the open government data portal which contains data from all departments may result in the creation of 360-degree profiles and enable state-sponsored mass surveillance. Even though the policy considers anonymization as a desired goal there is a lack of legal accountability and independent regulatory oversight. There is also a failure to consider the scientific analysis and the availability of automated tools for the re-identification of anonymous data. This becomes important given the existing financial incentives of licensing to the private sector, where the Government is acting as a data broker. Here the commercial value of the data increases with greater amounts of personal data. The absence of anchoring legislation further leads to the policy not being able to fulfill the threshold of legality for state intervention into privacy which was put in place by the Supreme Court of India in its landmark right-to-privacy decision.

Are there any other issues with the policy?

There are three additional issues with the policy document that merit consideration.
While adopting the language of open data it strays from its core principle of providing transparency of the Government towards its citizens. There is only one mention of transparency and little to no mention of how such data sharing will help ensure demands for accountability and redress.
The second issue is that the policy bypasses parliament as it contemplates large-scale data sharing and enrichment that will be borne from public funds. Further, the constitution of offices, and prescription of standards that may be applicable not only to the Central government, but even to State governments, and schemes administered by them require legislative deliberation.

This brings us to the third and final issue of federalism. The policy, even though it notes that State governments will be, “free to adopt portions of the policy,” does not specify how much freedom will be achieved. It becomes relevant if specific standards are prescribed by the Central government for data sharing, or as a precondition to financial assistance. There is also the absence of any comment on whether data gathered from States may be sold by the Central government and whether the proceeds from it will be shared with the States.

How to participate and send in your views?

The draft data access policy accompanied by a background note is available on the website of MEITY and open for public consultation till March 18, 2022. For participation, comments can be sent by email to Ms. Kavita Bhatia, Scientist F at the email kbhatia@gov.in and pmu.etech@meity.gov.in.
Apar Gupta is the Executive Director and Anushka Jain is an Associate Counsel at Internet Freedom Foundation, New Delhi.

• The MEITY on February 21 released a policy proposal titled as, “Draft India Data Accessibility & Use Policy, 2022”
• The policy will be applicable to all data and information created and collected by the Central Government
• There are privacy issues that need to be addressed. Apart from that, with the adoption of the language of open data, the Government strays from its core principle of providing transparency to its citizens

The Hindu, 24 Feb 2022