Data governance

What’s changed in the government’s new data governance framework

India’s Ministry of Electronics and Information Technology on May 26 presented a new framework for citizen data governance which will see the establishment of an “Indian Data Management Office” (IDMO) to define the storage and collection standards, and create “a large repository of datasets on India” by “establishing guidelines, rules and standards for creating and accessing anonymized non-personal data”.

“IDMO shall formulate all data/datasets/metadata rules, standards and guidelines in consultation with government departments, state governments and industries. report to this end with representatives of state governments and industry.” — The National Data Governance Framework Policy

With this, the policy aims to “encourage” private companies to share non-personal data with startups and researchers through the proposed India Datasets program. The previous version of the framework project — ‘India Data Accessibility and Usage Policy‘ – launched in February, had been harshly criticized by collective lawyers for its proposal to monetize government data.

Why is this important: Data has become an important economic and social resource. In India, the government is the biggest repository of data. A policy framework is essential not only because there are currently no legal measures to protect non-personal data in the country, but also to streamline government data sharing which faces several bottlenecks today.

Never miss important developments in technology policy, whether in India or around the world. Sign up for our morning newsletter to read MediaNama’s free reading of the day and other stories.

Changes from the February draft

The most significant change in the new draft is the omission of the caveat that allowed the sale of data collected by the Indian government on the open market.

Advertising. Scroll to continue reading.

The former draft proposed that non-personal, anonymised personal data collected by the Indian government that has “undergone value addition” could be sold in the open market at an “appropriate price”. It has faced a lot of criticism with questions raised about the government collecting data to monetize it in the absence of a data protection law in India.

The new project, on the other hand, emphasizes the sharing of non-personal data. To this end, he advocates the creation of an India Datasets program, which will consist of non-personal and anonymized data sets from central government entities that have collected data from Indian citizens and residents.

What is non-personal data: Any data set that does not contain personally identifiable information can be classified as “non-personal data”.

Proposed role of IDMO

  • Storage: All kinds of government data will be hosted by IDMO. Although the storage structure has not been clarified in the proposal, this could mean that all data concerned will be stored on IDMO’s servers or that there could be unlimited communication between IDMO and various silos government data. Private entities may also contribute to this silo.
  • Access to G2G data: All government ministries and departments should be directed, under a standardized mechanism by IDMO, to create searchable data inventories with clear metadata and data dictionaries for government-to-government data access .
  • India Datasets Program: The IDMO is expected to create a pan-India dataset library, which will include non-personal and anonymized datasets from government entities that have collected data from Indian citizens and residents. IDMO also expects private entities to participate in the program.
  • Identification of datasets: Rules, including data anonymization standards for government and private entities that process data, will be managed by IDMO. This should lead every government ministry, department and organization to identify and categorize the datasets available for the Indian datasets program.
  • Data quality and metadata standards: IDMO needs to finalize metadata and data standards that cut across sectors. It will oversee the publication and adherence to domain-specific metadata and data quality standards by line ministries or departments.
  • Property and use standards: IDMO can ensure that the rights to use the data as well as the permitted purposes belong to the natural owner of the data (data controller). The organization will also formulate disclosure standards for data collected, stored, shared and accessed above a certain threshold. It will define the principles for ethical and fair use of data shared beyond the government ecosystem.
  • Capacity Building: IDMO should support holistic and comprehensive capacity building initiatives for civil servants across government agencies to develop data and digital culture, knowledge and skills. It will also assist in the establishment of data management units in ministries and departments to create dedicated data management capacity.

How is the IDMO supposed to work?

  • Responsibility: The IDMO will be established under the aegis of the Digital India Corporation (DIC), itself an entity under the Ministry of Electronics and Information Technology (MeitY). He is responsible for all changes and updates to the National Data Governance Policy.
  • Structure: Each ministry and department in the country should set up Data Management Units (DMUs) headed by a designated Data Officer (CDO) who will work closely with the IDMO to ensure the implementation of the policy.
  • Accessibility: The IDMO is to design, operate and manage the “Datasets Access” platform for the Union as well as for the state governments. All datasets of the India Datasets program can only be accessed through this platform and any other platform authorized and designated by IDMO.
  • Jurisdiction: All state and central government data, datasets and even metadata rules will be under the IDMO umbrella. It is expected to conduct at least two semi-annual consultations with Union government officials and state-level data stewards.
  • Authorization to use: Any requests from third parties such as researchers, start-ups and private companies for non-personal or anonymized datasets will be reviewed by IDMO prior to dissemination. The IDMO will have the power to limit the number or range of data requests from any Indian entity.
  • Straightening mechanism: IDMO should institute a mechanism for citizens to request datasets, register complaints and establish accountability of DMUs under IDMO to respond in a timely manner, to facilitate a sharing ecosystem transparent and accountable data.

Why was the previous version of the Data Governance Policy written?

The previous draft data access policy was published on February 21. It had introduced similar measures announced in the last draft to enable greater data sharing between government agencies and other private stakeholders. It was open for comments until March 18, 2022. The Internet Freedom Foundation (IFF) and the Software Freedom Law Center, India (SLFC), two of the project’s strongest critics, had pointed out the following flaws.

Monetization of personal data:

  1. Pricing data conflicts with open government data principles: The draft data access policy claims to promote open government data (OGD), but by proposing to price data, there is a conflict with the principles of OGD because OGD refers to data collected and processed by the government that are free to use, reuse and redistribute, SLFC submitted. Pricing such data goes against the open data principles followed by most governments around the world, the SLFC added.
  2. Databases should not be copyrighted: SFLC argued that databases created by the government should be in the public domain because they are created by state employees with taxpayers’ money, and should not be copyrighted. Also, copyright is not a strong protection because modifying the original database which results in a new and better arrangement of the database is not considered copyright infringement, explained SFLC.

Inadequate consultation:

  1. The draft policy skipped the consultation process: By directly sharing the draft policy, the consultation process required to write a good policy was avoided. This does not comply with the provisions of the 2014 pre-legislative consultation policy, which was put in place to promote transparency in law-making, the IFF said. He also noted that according to the Constitution, every law had to be enacted after going through the legislative procedure, but the draft data access policy circumvented this as it was drafted without any parliamentary discussion.
  2. On the fringes of India’s federal structure: The draft policy was developed centrally without considering India’s federal structure, the IFF said. “The proposal to share data has also been rejected by state governments earlier, such as when the Ministry of Food and Public Distribution urged states to share Aadhaar details of beneficiaries of the National Security Act food with the National Health Authority. States would have rebuffed this request due to the security implications of such data transfer, fearing that the data could be used for political purposes,” the IFF explained. But despite this, the central government continued with the draft policy, he said.

This post is published under a CC-BY-SA 4.0 License. Feel free to repost on your site, with attribution and a link. Adaptation and rewriting, although permitted, must be faithful to the original.

Read also :

Advertising. Scroll to continue reading.