In News:

• The Ministry of Electronics and IT (MeitY) has issued a draft National Data Governance Framework.
• The framework aims to mobilise non-personal data of citizens for use by both public and private entities to improve services.
  • Non-personal data is any set of data which does not contain personally identifiable information.
  • e., no individual or living person can be identified by looking at such data.

What’s in Today’s Article:

• Background
• Draft India Data Accessibility and Use Policy 2022 – About, key provisions, various issues
• News Summary

Background:

• In July 2020, the Expert Committee (Chair: Mr. Kris Gopalakrishnan), constituted by the MeitY had published a draft report for public consultation.
  • It was constituted to study various issues relating to non-personal data.
• The Committee observed that non-personal data should be regulated to:
  • enable a data-sharing framework to tap the economic, social, and public value of such data, and
  • address concerns of harm arising from the use of such data.
• This report has started a debate on the need to have a proper data policy to harness non-personal data in order to unlock the economic value of such data.
  • In January 2021, Revised Draft Non-Personal Data Governance Framework was released.
  • Govt had released Draft India Data Accessibility and Use Policy 2022 in February 2022 which was subsequently scrapped.
  • In May 2022, govt came out with the current Draft National Data Governance Framework Policy (NDGFP).

Draft India Data Accessibility and Use Policy 2022

About

• In February 2022, the government had released Draft India Data Accessibility and Use Policy 2022.
  • Due to widespread criticism, govt had scrapped this policy to bring the current Draft National Data Governance Framework Policy.
• The Policy aimed to enhance access, quality, and use of non-personal data held by the government and enable sharing within the government as well as with the private sector.

Key Provisions

• It permitted the licensing and sale of public data by the Government to the private sector.
• Its operationalisation was sought to be achieved through the establishment of a India Data Office (IDO) under MEITY.
  • Each government entity had to designate a Chief Data Officer.
• The policy strategy was to make Government data open by default and then maintain a negative list of datasets which cannot be shared.
• As a measure of privacy protection, there is a recommendation for anonymisation and privacy preservation.

Various issues with this policy

• Right to privacy
  • Inter-departmental data sharing, mentioned in the policy, posed concerns related to privacy.
  • The open government data portal which contains data from all departments may result in the creation of 360-degree profiles.
    • This, in turn, will enable state-sponsored mass surveillance.
• Selling of Data
  • This draft had proposed that data collected by the Centre that has undergone value addition can be sold in the open market for an appropriate price.
  • This provision faced widespread criticism.
    • Questions were raised about the government collecting data to monetise it in the absence of a data protection law in India.
  • Also, it was silent on the following questions:
    • whether data gathered from States may be sold by the Central government and
    • whether the proceeds from it will be shared with the States.

News Summary

• In order to mobilise non-personal data of citizens for use by both public and private entities, MeitY has issued a draft National Data Governance Framework.
  • This draft is a replacement of the now scrapped ‘India Data accessibility and Use policy’.

Draft National Data Governance Framework Policy (NDGFP)

Purpose

• To transform and modernize Governments data collection and management processes and systems through standardised guidelines, rules
• To enable and catalyze vibrant AI and Data led research and Start-up ecosystem, by creating a large repository of India datasets

Key Provisions

• Data Privacy & Security
  • The NDGFP standards and rules will ensure Data security and informational privacy.
• Institutional Framework
  • An India Data Management Office (IDMO) shall be set up under the Digital India Corporation (DIC) under MeitY.
    • It shall be responsible for framing, managing and periodically reviewing and revising the Policy.
    • The IDMO shall also encourage and foster the data and AI-based Research, start-up eco-systems by working with the Digital India Start-up Hub (erstwhile MeitY Startup Hub (MSH)).
    • The composition of the IDMO and the process have not been made clear in the new draft policy
  • Every Ministry/Department shall have Data Management Units (“DMUs”) headed by a designated CDO who shall work closely with the IDMO for ensuring implementation of the Policy.
• Role of India Data Management Office (IDMO)
  • Data Storage & Retention - A comprehensive and evolving set of standards and rules would be developed and provided by IDMO to help Ministries/Departments define their data storage and retention framework.
  • Government-to-Government Data Access: Standard mechanism for inter-government data access shall be developed by the IDMO.
  • India Datasets programme - IDMO will enable and build the India Datasets program.
    • It will consist of non-personal and anonymized datasets from the Government entities that have collected data from Indian citizens or those in India.
    • Private entities will be encouraged to share such data. Experts believe that private companies may not voluntarily share non-personal data. There may be trade and intellectual property issues.
    • The non-personal data housed within this programme would be accessible to start ups and Indian researchers.
  • Data Anonymisation - IDMO will set and publish Data anonymization standards and rules to ensure informational privacy is maintained.
  • Data Quality & Meta-Data Standards – IDMO shall finalise meta-data and data standards that cut across sectors.
  • Datasets Access and availability - The IDMO shall notify protocols for sharing of non-personal datasets while ensuring privacy, security and trust.
    • The IDMO will notify rules to provide data on priority/ exclusively to Indian/ India based requesting entities.
    • The IDMO will also judge the genuineness and validity of data usage requests, for datasets other than those already made available on Open Data portal.
  • Redressal mechanism - The IDMO shall institute a mechanism for citizens to request datasets register grievances.
    • It will establish responsibility of DMUs under the IDMO to respond in a timely manner, to facilitate transparent and accountable data sharing ecosystem.
  • User Charges: The IDMO may decide to charge User charges/ Fees for its maintenance/ services.