DRAFT NATIONAL DATA GOVERNANCE POLICY FRAMEWORK

INTRODUCTION

The Ministry of Electronics and Information Technology (MeitY) put the model National Data Governance Policy Framework in the public domain on May 25, 2022, to solicit public feedback and ideas on the proposed policy. The Ministry released the proposal to “mobilize people’s non-personal data for use by both public and commercial organizations to enhance operations.”[1]

During the Covid-19 pandemic, the entire world was put under lockdown, and the global community realized the necessity of the digital world. A digital governance system was built to deal with the unexpected circumstances brought forward by the Covid-19 pandemic. “The draft emphasizes the importance of digital governance in India’s active and resilient response to the pandemic, as well as the impact on people’s lives, livelihoods, and the economy as a whole,” says the preamble of the draft policy.[2] This trend has persisted in the post-Covid age, as the governance framework has been quickly digitalized, resulting in an exponential increase in data output. The rising creation of data may prove to be a critical component in improving citizens’ experiences and engagement with government and governance frameworks.

The proposed policy calls for “the creation of a database containing citizens’ non-personal data and the implementation of a dataset program in India.”[3] The proposed policy aims to address the norms and techniques for establishing the database to ensure that researchers and start-ups have access to non-personal and anonymized data acquired from both government and commercial sources.

WHAT IS THE NEED FOR NDGFP?

In the current situation, the digital governance data has not acquired a consolidated form as it continues to be “managed, stored and accessed in incongruent and inconsistent ways as it is spread across different governing bodies.”[4]As a result, the data-driven governance framework deteriorates, preventing an eco-system of innovative and analytical AI and data science from reaching its full potential.

The evolution of digital governance, as well as the formulation of datasets programs for the consolidation of non-personal and anonymized data, is of great interest to the innovation eco-system, which includes research organizations and start-ups working in AI, as well as other government departments. In a tweet, Minister of State for Electronics and IT Rajeev Chandrasekhar noted that this will help “India’s $1 trillion digital economy.” The minister also stated that the National Data Governance Framework will help accelerate the digitalization of governance processes and digital government by establishing common policy rules and standards for accessing, storing, and managing data across various government departments and private entities, while inviting comments on the draft framework policy. This will allow the government’s valuable non-personal data to be released from its many organizations. As specified in the Data Protection Bill of 2019, “non-personal data” refers to “any data other than personal data.”[5] In other terms, it is described as “any data or sets of data that cannot be individually identifiable, including anonymized personal data,”[6] implying that the data cannot be used to identify a specific individual.

The new framework policy replaces the India Data Accessibility and Use Policy, 2022, which drew harsh criticism from stakeholders when it was released for public consultation earlier this year. The proposed licensing and sale of data acquired and maintained by the government to commercial businesses was the major criticism of the previous program. In the new policy, this commercialization of data was remedied. The proposed National Data Governance Framework Policy, which aims to increase access to and use of data, as well as quality, in conformity with current and future technology needs, has been made available for public comment.

HOW WILL IT WORK?

According to the draft NDGFP, an “India Datasets program” would be established, which will comprise “non-personal anonymized data from government departments that have acquired and maintained data on citizens or those people in India.” However, data sharing is not restricted to government agencies; commercial businesses are invited to contribute to the collection. Additionally, state governments will be “encouraged” to implement the policy and disclose data that they have.

The India Datasets Platform aims to be a one-stop-shop for gathering and storing datasets from all levels of the Indian government. The platform will process the datasets and then make them available to AI research organizations and start-ups. For G-to-G data access, however, a different data-sharing method will be devised. The draft policy calls for the formulation of the India Data Management Office (IDMO) which will be “responsible for the implementation of the NDGFP and designing and managing the India Datasets Platform under its mandate.”[7]

WHAT IS THE ROLE OF IDMO?

India Data Management Office (IDMO) will be set up under the Ministry of Electronics and Information Technology (MeitY). The office will also be responsible for the periodical review of the framework policy. The functions of IDMO can be broadly classified and listed as below:

Prescription of Rules and Standards:

  1. The IDMO will provide a complete collection of standards and guidelines to help government ministries and entities in defining their data storage and access framework definitions. IDMO will examine these rules and standards on a regular basis.
  2. The IDMO shall establish regulations and standards for the anonymization of data held by government ministries, organizations, and departments, as well as the identification and classification of data to be utilized for research and innovation.
  3. IDMO will also be in charge of establishing industry-wide standards for data and meta-data categorization. It will also oversee the departments’ adherence to quality standards, which will be developed following consultation with government stakeholders.
  4. The IDMO shall establish and enforce regulations and standards for the exchange of non-personal anonymized data while maintaining high levels of safety and security. In addition, the IDMO is responsible for ensuring the validity and authenticity of data-sharing requests. The data will be released to Indian organizations first, pursuant to IDMO’s standards.

Ensuring the Safety Standards:

    1. For inter-governmental access to data, a separate standard system will be created, in which government departments would produce complete searchable datasets and data dictionaries for easy and efficient data access.
    2. The Datasets Access Platform shall be built, constructed, and operated as a nodal point for data access, i.e., datasets can only be assessed through this or any other IDMO-approved platform.
    3. The IDMO has the ability to approve or deny any request from entities for access to the whole databases or datasets, or a combination of the two.

Capacity and Skill-Building:

      1. The IDMO will be in charge of fostering holistic capacity and skill-building programs for government employees and entities in order to improve data and digital literacy.
      2. It will also promote awareness by sharing and disseminating manuals and SOPs.

Redressal and Policy Monitoring Mechanism – The IDMO will set up a thorough framework for asking parties to put in their requests, record grievances, and hold Data Management Units (DMUs) accountable to react in a fair time period, ensuring a transparent and accountable data accessing and sharing eco-system.

CONCLUSION

The new policy provides a solid beginning for defining a procedure for utilizing non-personal data for innovation and research, and it addresses some of the issues raised against the previous policy. The draught policy, on the other hand, provides only basic guidelines and does not go into the establishment and composition of the IDMO. Even while the new draft policy does not permit the monetization of anonymized non-personal data, this presents an additional concern: whether the framework can guarantee a fair and accessible data market for everyone. In addition, the NDGFP needs the backing of data protection laws, but the Data Protection Bill, 2019 has not yet been passed into law, making it impossible to execute the framework policy without non-personal data protection measures. Under the current concept, commercial enterprises are “encouraged” to contribute data, but a mandated regulation of non-personal data collected by private organizations might be a substantial addition to the database.

In contrast, the planned NDGFP is a promising beginning for the building of a government framework for the anonymization and aggregation of data from the hundreds of government ministries, departments, and organizations. Therefore, creating IDMO and implementing NDGFP will be the most challenging tasks. When the implementation is complete, more details and upgrades may be added. Thus, the framework policy offers a solid foundation for the data management regime in our nation, which has been a growing source of worry due to the data’s fragility and susceptibility to abuse. The strategy offers an impetus for the use of the government and commercial datasets’ informational potential for AI-related research and help emerging AI-based start-ups. The regulation will undoubtedly aid in the collection of possibly inactive data scattered across numerous bodies, and its unification would provide a boost to the country’s data research efforts.

Author(s) Name: Nandita Yadav (National Law University, Delhi)

References:

[1] National Data Governance Framework Policy, 2022

[2]ibid

[3]ibid

[4]ibid

[5] Draft Data Protection Bill, 2019

[6]ibid

[7]ibid