The Ministry of Electronics and Information Technology on May 25, 2022 released a revised draft National Data Governance Framework Policy (“NDGFP“) after heavy criticism of its precursor, India’s Draft Data Accessibility and Use Policy, 2022, which was released for consultation in February 2022 and proposed to allow licensing and sale of public data by the government to the private sector.
The Essential Role of Framework in Driving India’s Data Economy
The NDGFP aims to unlock the potential of value-locked non-personal data that is stored by different government entities in silos. The current way this data is stored across government agencies and inconsistently managed and accessed is not suited to the application of data analytics, data science and AI to generate insights into the data.
Note: Non-personal data has been defined to include all data other than personal data (Draft Data Protection Bill, 2019). In its most basic form, this means any data set that does not contain personally identifiable information, including anonymized personal data and industry databases.
With NDGFP in place, the government aims to create a data repository of anonymized non-personal data sets that can be used to generate data insights with the aim of, firstly, accelerating digital government in India and, secondly, d fueling India’s research and start-up ecosystems.
With next-wave technological innovations such as AI, data has become a critical resource for the economy and is key to advancing government and industry decision-making, governance and service delivery. private. However, issues such as data ownership, data privacy and security, and data ethics must be firmly placed in any legal framework stipulating the use of government or private data.
National Data Governance Framework Policy Applicability and Framework
NDGFP govern the non-personal data of all central administration departments and entities. State governments will also be encouraged to adopt the NDGFP. With the implementation of the NDGFP, the government plans to create a one-stop shop Indian dataset platform consisting of anonymized non-personal datasets from all government entities collected from Indian citizens or Indian citizens. This platform will process requests and provide access to non-personal anonymized datasets to Indian researchers and startups. For government-to-government data access, a separate standard mechanism will be developed under the NDGFP. Although the NDGFP does not apply to private actors as such, they can voluntarily contribute their datasets to the data repository created under the NDGFP.
For the implementation of the NDGFP, an Indian Data Management Office (IDMO) will be established under the Ministry of Electronics and Information Technology. This body will be responsible for the implementation as well as the periodic review of the NDGFP. The framework encapsulates three pane functions of the IDMO
A. Creation of an Indian dataset platform – For the creation of the one-stop Indian datasets platform that will provide access to non-personal anonymized datasets to private actors, IDMO will undertake the backend and frontend responsibilities such as
1. Identification of datasets- The IDMO should prescribe rules and standards for government entities to identify and classify the datasets available with them and create a dynamic and extensive database of datasets.
2. Standardize data storage and retention rules- A rolling set of data storage and retention standards should be specified by IDMO to standardize them across all government entities.
3. Publish data anonymization standards and rules – In addition to the identification of datasets, data anonymization rules and standards (for government and private bodies) should be developed by IDMO to ensure data confidentiality.
4. Finalize metadata standards- Metadata standards and data quality standards should be finalized by the cross-cutting IDMO. The IDMO should also take steps to ensure compliance with relevant domain specific standards by line ministries/departments.
5. Design and build the Indian dataset platform- IDMO is to design, operate and manage India’s dataset platform.
B. Data Use Protection- To ensure privacy, security and trust in the data sharing ecosystem, IDMO assumes the following responsibilities:
1. Develop protocols for sharing non-personal data sets- IDMO must notify protocols for sharing sets of non-personal data while ensuring confidentiality, security and trust. Rules to provide data in priority or exclusively to requesting entities based in India also need to be developed.
2. Govern Data Requests- For datasets other than those available on the Open Data Portal, data requests will be reviewed for authenticity and validity by IDMO. It also decides whether requesting entities can be granted access to complete databases or combinations thereof for their use cases.
3. Publish disclosure standards for large datasets- IDMO will publish disclosure standards for data collected/stored/shared and accessed above a certain threshold.
4. Ensure ethical and fair use of data- IDMO will define principles for the ethical and fair use of data beyond the government ecosystem.
5. User Fees Framework- IDMO may charge fees/usage fees for its maintenance/fees
C. Capacity Building of Government Agencies-
1. IDMO will also be tasked with capacity and skills building initiatives for civil servants from all government agencies to develop data and digital culture, knowledge and skills.
2. It will assist in the establishment of Data Management Units (DMUs) in each ministry to create dedicated capacity for data management. DMUs are accountable to IDMO to facilitate a transparent and accountable data sharing ecosystem.
3. IDMO should ensure adequate awareness by sharing SOPs, FAQs, User Manuals and should also ensure proper branding for rapid adoption of NDGFP
As the draft defines only the broad outlines and the detailed terms of this data sharing regime have yet to be published, most of the interactional implications of the NDGFP such as data privacy, security, intellectual property and Data monopoly issues seem open for the time being. Specific policies governing data anonymization standards, rules governing the conditions of access to this data for private actors, rules guaranteeing the processing and fair and ethical use of this data by private entities are essential to ensure a secure and transparent data regime. The Data Protection Bill, 2021, which has not yet been passed, and the regulations not yet published for the protection of non-personal data must be finalized to work in tandem with the NDGFP. A technical threshold for data anonymization should be specified as until then it will not be possible to state categorically what constitutes anonymized data, leading to privacy breaches. NDGFP removed “monetization” provisions from India’s previous draft Data Accessibility and Use Policy, but will the current framework be sufficient to ensure a non-monopoly data market for all market players ? Measures to ensure a fair data market for all and stronger regulations to prevent misuse of non-personal data and market failures may become inevitable when implementing the NDGFP. Mandatory regulation of access to non-personal data held by the private sector for all actors could also be a next step for the NDGFP, as most citizen data is stored by private monopolies.
But a glaring challenge right now is the implementation of the NDGFP itself. The draft policy will be a good test of governance structures around anonymization, interoperability and data sharing, as well as practices such as creating high-value datasets, given that hundreds government agencies and UAPs are involved. Streamlining data sets across government entities and breaking down data silos is a daunting task for government that will require building transformational capabilities, including changing the behavior of government officials.
Writer: Monisha Purwar (@Purwar26) is passionate about law, politics and business and currently works for the Quality Council of India and part-time with Black Dot Public Policy Advisors
The opinions expressed are personal.