TOPIC : AN ANALYSIS OF THE DRAFT NATIONAL DATA GOVERNANCE FRAMEWORK POLICY

THE CONTEXT: In May 2022, the Ministry of Electronics and Information Technology (MeitY) released a revised Draft National Data Governance Framework Policy(NDGFP). This policy aims to enhance access, quality, and use of data, in line with the current and emerging technology needs. In this article, we will study the important aspects of this policy from the UPSC examination perspective.

THE RATIONALE FOR THE NDGFP

DIGITALISING THE GOVERNMENT

  • The goal of the government is to provide better and more responsive governance to Indian residents.
  • This depends on the ability to use data to guide governance, programme evaluation, and service delivery.
  • This data-driven governance is a key component of the government’s Digital Government strategy which requires a comprehensive policy.

HARNESS THE POWER OF DATA

  • The government data is currently managed, stored and accessed in differing and inconsistent ways across different government entities.
  • This reduces the efficacy of data-driven governance, and prevents an innovative ecosystem of data science, analytics etc.
  • The power of this data must be harnessed for more effective Digital Government, public good and innovation.
  • This requires a National Data Governance Framework Policy (NDGFP).

POST-COVID DIGITISATION

  • In the post-COVID-19 era, the digitization of government is accelerating faster.
  • With this accelerated digitization, the volume and velocity of data generated is also increasing exponentially.
  • This data can be used in turn to improve citizens’ experience and engagement with the government and governance as a Digital Nagrik.

CRITICISM OF EARLIER DRAFT

  • The NDGFP comes after strong criticism of the previous ‘Draft India Data Accessibility and Use Policy, 2022’, which was opened for public consultation in February 2022.
  • It proposed to permit the licensing and sale of public data by the government to the private sector, which was strongly criticized.(READ AHEAD).

DRAFT INDIA DATA ACCESSIBILITY AND USE POLICY, 2022

The original Draft India Data Accessibility and Use Policy, 2022 was heavily criticised for its price and licencing features, which allowed the government to profit from databases.  It was stated in the draft that, detailed datasets which have undergone ‘value addition/transformation’ and qualify for monetization, may be priced appropriately.The document, however, did not go into detail about the value enhancements that were being considered or the qualifying criteria that would allow these datasets to be marketed. It was also pointed out that allowing government departments/agencies to monetize datasets would go against the policy’s purpose, which is to create an open and accessible database. The NDGFP does not have these pricing and licencing restrictions. Furthermore, while the previous draft stated that certain datasets classed as negative list datasets would be non-shareable, this is no longer the case in the new Draft.

THE OBJECTIVES OF THE NDGFP

  • To modernize and transform government data collection and management processes and systems with the goal of improving governance through a whole-of-government approach to data-driven governance.
  • To have standardized data management and security standards across the whole Government;
  • To promote transparency, accountability, and ownership in non-personal data and datasets access. For purposes of safety and trust, any non-personal data sharing by any entity can be only via platforms designated and authorized by Indian Data management Office(IDMO).
  • To build a platform that will allow dataset requests to be received and processed.
  • To build Digital Government goals and capacity, knowledge and competency in Government departments and entities.
  • To set quality standards and promote the expansion of India datasets program and overall non-personal datasets ecosystem.
  • To ensure greater citizen awareness, participation and engagement.

THE SALIENT FEATURES OF THE NDGFP

APPLICABILITY

  • This Policy will be applicable to all Central Government departments and entities.
  • The rules and standards prescribed will cover all data collected and being managed by any government entity,
  • This policy shall be applicable to all non-personal datasets, rules, and standards governing its access and use by researchers and startups.
  • State Governments shall be encouraged to adopt the provisions of the policy and rules, standards, and protocols.

DATA PRIVACY AND SECURITY

  • The NDGFP standards and rules will ensure data security and informational privacy.

INSTITUTIONAL FRAMEWORK

  • An “India Data Management Office (IDMO)” shall be set up under the Digital India Corporation (“DIC”) under MeitY and shall be responsible for framing, managing and periodically reviewing and revising the policy.

THE FUNCTIONS OF THE INDIA DATA MANAGEMENT OFFICE (IDMO)

IDENTIFICATION OF DATASETS

  • IDMO, which will be the policy monitoring and enforcement agency shall prescribe rules and standards for government entities to identify and classify the datasets available to them and build a vibrant and large database of the datasets.

DATA STORAGE AND RETENTION RULES

  • An evolving set of data storage and retention standards shall be specified by IDMO for standardizing them across Government entities.

DATA ANONYMIZATION STANDARDS AND RULES

  • Further to the identification of datasets, rules and standards for data anonymization (for both government and private bodies) shall be developed by IDMO to ensure the informational privacy of the data.

FINALIZE METADATA STANDARDS

  • Metadata standards and data quality standards shall be finalized by IDMO that cut across sectors.
  • IDMO shall also take steps to ensure compliance with the relevant domain-specific standards by Ministries/ Line Departments.

INDIA DATA SETS PLATFORM

  • The IDMO shall design, operate and manage the India Datasets Platform.
  • This will process requests and provide access to the non-personal and/or anonymized datasets to Indian researchers and Start-ups

PROTOCOL NOTIFICATION

  • IDMO shall notify protocols for sharing of non-personal datasets while ensuring privacy, security and trust.
  • Rules to provide data on priority or exclusively to Indian/India-based requesting entities shall also be developed

OTHERS

  • Publishing disclosure norms for large-size datasets, ensuring ethical and fair use of data, establishing a framework for user charges, coordination and capacity building, setting up a grievance redressal mechanism etc will be other functions of IDMO.

WHAT ARE THE CONCERNS ASSOCIATED WITH THE DRAFT POLICY?

CRUCIAL MISSING DETAILS

  • Details of data privacy, security, intellectual property, data monopoly etc appear sketchy.
  • This is because the draft merely lays out broad parameters and the precise conditions of this data-sharing regime have yet to be revealed.
  • The NDGFP draft states that its standards and rules will ensure data security and information privacy, but doesn’t state in detail how the government plans to safeguard data privacy.

LACK OF A DATA PROTECTION LAW

  • The Data Protection Bill, 2021 has not been passed and the regulations for the protection of non-personal data are not finalized which can create challenges in policy implementation.

POTENTIAL PRIVACY BREACHES

  • No technical threshold for data anonymization is specified and hence it will not be possible to categorically stipulate what constitutes anonymized data, leading to privacy breaches.

USER CHARGES AND DATA MONOPOLY

  • The NDGFP has done away with the ‘monetization’ provisions of the previous Draft India Data Accessibility and Use Policy.
  • But the current emphasis on “user charges” may not ensure a non-monopolistic data market fair for all market players.

IMPLEMENTATION CHALLENGES

  • Streamlining data sets across government agencies and breaking down data silos is a massive challenge for the government.
  • This will necessitate transformative capacity creation, as well as changes in government officials’ behaviour which is a monumental task.

PRIVATE PLAYERS’ PARTICIPATION

  • Private entities acquire and retain enormous amounts of personal data; if this data is anonymized and provided to the platform, the benefits of the repository generated can be maximized.
  • However, this initiative may not entice private firms to participate voluntarily without any incentives or benefits being supplied in exchange.

IGNORE THE EXPERT GROUP STUDY

  • An expert group has already identified concerns linked with non-personal data in its study.
  • It stated that no anonymization technique is perfect and that privacy concerns arising from the potential re-identification of anonymized personal data should be addressed.
  • However, the amended text makes no mention of this.

THE WAY FORWARD:

  1. The Draft may be revised according to suggestions received from relevant stakeholders to address the concerns raised and to bring further improvements.
  2. The passing of the Data Protection Law and other regulations need to be fast-tracked and simultaneously implemented with the NDGFP.
  3. As the IDMO is proposed to a powerful central body, its composition in a fair manner is crucial to ensure transparency and privacy of individuals which as per the current Draft is not satisfactorily explained.
  4. The Draft says that the IDMO shall formulate all data/datasets/metadata rules, standards, and guidelines in consultation with Ministries, State Governments, and industry. This must be done in letter and spirit in a meaningful manner.
  5. Nudging of private players who has a large amount of non-personal data to enthusiastically participate in the programme through incentives etc. can be explored.
  6. Structural reforms in government departments are long overdue without which the whole-of-the-government approach to data governance might remain sub-optimal. Also, the bureaucratic pathologies/dysfunctionalities leading to behavioural issues need to be overcome.

THE CONCLUSION: Although the NDGFP and the previous draft are structurally similar, the NDGFP appears to be a step forward because it does not include the contentious data licensing and price clauses. The NDGFP indicates that the Indian government recognizes the enormous value that can be extracted from non-personal data.Specific laws managing data anonymization standards, rules governing conditions of access to such data by private actors, etc. will be critical to creating a secure and transparent data regime and thereby realising the goals of the policy.

Questions:

  1. Critically analyze the Draft National Data Governance Framework Policy, 2022.
  2. “Data has become a critical resource for the economy and is the key for advancing decision making, governance and service delivery by government and private sector”. How far do you think that the Draft National Data Governance Framework Policy, 2022 can achieve these objectives?

“A whole-of-the-government approach to data governance needs to go beyond mere techno-policy interventions “. Argue.

Spread the Word
Index