The Ministry of Electronics and Information Technology ("MeitY") released the draft National Data Governance Framework Policy (the "Policy") on 26th May 2022, inviting the public to provide feedback and comments on the same.

The Policy aims to enhance the use, access, and quality of data; and align it with the current technological developments in the country, so as to standardize and improve the government's data collection and management whilst enabling a start-up ecosystem based on Artificial Intelligence ("AI") and data-based research. In recent times, digital governance has played a pivotal role in the development of India, despite the country being hit by the Covid-19 pandemic. 'Digital governance' refers to digital provision of services by the government to its citizens; which includes facilitation of transactions through the medium of internet and exchange of information, so as to enable effective governance. The increase in digitization of the economy, governance and growth of public digital platforms has not only empowered citizens but also improved engagement between the government and its citizens for formulating a data driven governance, so as to enable inclusive development.1 Correspondingly, while the quantum of non-personal data collected, processed and generated across different government entities is very large, management of the same is inconsistent, due to which the government aims to adopt standardized rules and processes for collection, usage, storage and management of data, so as to improve the experience of citizens while engaging with the government.2

At present, the framework for digitizing government data is still at a very nascent stage in India and requires consistent efforts to facilitate the management and storage of data as well as for the development of an innovative ecosystem of AI, data science and analytics. In line with these requirements, a draft on governance of public sector data created, generated, collected or archived by the government, titled India Data Accessibility and Use Policy (the "Draft Data Policy") was released earlier this year in February, 2022 for public consultation. It provided for the sale and licensing of public data by the government to the private sector. As per the Draft Data Policy, it was proposed that since certain datasets would be undergoing transformation and value-addition by the government, it would be reasonable for the same to be monetized; by providing the private sector access to readily available and transformed data sets for their commercial purposes.

However, it was soon realized after public consultation, that providing an economic incentive for collection, storage and sharing of such data may lead to collection of data beyond that which is reasonably necessary; which would violate the principle of data minimization. Thus, the Draft Data Policy received widespread criticism, as it allowed the government to monetize public data in the absence of a valid data protection legislation, which could threaten data privacy of individuals in the long run.

To harness the full potential of data, a proper framework was required for data governance, which would aid data-based innovation and significantly improve the delivery of government services to its citizens, especially in important areas like education, law and justice, and health; amongst others. The government thus decided to lay out the Policy to address some of the lacunae in the previous framework.

  1. Applicability

The Policy is applicable to all such data which is collected and managed by government departments and entities; thus bringing all government departments under its ambit. Even state governments are encouraged to adopt the provisions of this Policy, as may be applicable. The Policy is also applicable to non-personal datasets as it proposes to launch an 'India Datasets Program' which is based on non-personal data. The Policy provides certain rules and methods which would ensure that any anonymized data and non-personal data from both the private or government entities can be accessed by the 'research and innovation eco-system', in a safe and accessible manner.3

  1. Key Objectives of the Policy

The key objectives of the Policy are as follows:

  1. To accelerate Digital Governance with standardized data management and security standards across the government;
  2. To set quality standards, have standard API's and tech standards for management and access of government data and promote expansion of the Indian Datasets Program and non-personal datasets ecosystem;
  3. To promote ownership, accountability and transparency in non-personal data and datasets access, providing for sharing of non-personal data only via platforms designated and authorized by IDMO (defined below);
  4. To build a platform which would allow the receipt and processing of dataset requests;
  5. To construct digital government goals and capacity, competency and knowledge in government departments and entities;
  6. To create uniform standard based public digital platforms while ensuring privacy, safety and trust of citizens regarding their data;
  7. To ensure that citizens are more aware and accordingly have increased participation and engagement with the government.4

The Policy also ensures that the rules and standards prescribed thereunder would respect the informational privacy and data security of individuals.

  1. IDMO

The Policy provides for setting up of an India Data Management Office ("IDMO"), within the Digital India Corporation ("DIC") under MEITY, which would primarily be responsible for framing, managing, reviewing and revising the Policy; as well as for developing guidelines, standards and rules under the Policy. One of the key roles of IDMO is to consult with relevant stakeholders such as government ministries and state governments, to facilitate formulation and standardization of guidelines and rules governing the management of datasets and meta data; and to build the India Datasets Program which will consist of non-personal and anonymized data sets of Indian citizens or those in India, from data collected by government entities.5 The Policy also encourages private entities to contribute such data to the India Datasets Program6.

Any requests by Indian researchers and start-ups for access and use of anonymized and non-personal datasets will be processed by the India Datasets Platform which would be designed and managed by the IDMO. IDMO will also work closely with the 'Digital India Start-up Hub' to encourage research and innovation based in the field of Artificial Intelligence. For effective implementation of the Policy, the IDMO will closely coordinate with the 'Chief Data Officers' of the Data Management Units ("DMU") which is set up under every department and ministry of the government and will also provide assistance to all the State-level Data Officers appointed by the State governments.7

Other key roles of the IDMO include:

  1. Publishing uniform rules and standards for data anonymization across all government and private sector entities dealing with data; so as to maintain information privacy, enable identification and classification of existing datasets, build a large base of datasets and developing a data retention and storage framework by formulating rules and regulations.8
  2. Developing a mechanism for data access across government departments and ministries, who shall be responsible for creating detailed inventories of meta data for inter-government access.9
  3. Right to decide whether a requesting entity gets access to a full database or a combination of datasets for their intended requirements.10
  4. Formulation of disclosure norms for data accessed, collected, stored or shared over a certain threshold and ensuring that data usage rights stay with the data principal.11
  5. IDMO will be responsible for the overall enforcement of the Policy and shall develop principles to ensure fair and ethical use of data.12
  6. IDMO will institute a redressal mechanism which will be utilized to address grievances of individuals, comply with requests of datasets by citizens; and establish transparency and accountability of the DMUs.13
  7. IDMO shall be responsible for generating awareness regarding the data governance framework by issuing and sharing Frequently Asked Questions (FAQs), operation manuals, data sharing toolkits and Standard Operating Procedures ("SOPs"), amongst other things.14
  8. IDMO has also been given the option to charge a 'User Fee' for its maintenance and services.15
  1. Conclusion

In this era of digitization, it has become necessary to harness the full potential of data, to ensure accelerated and effective digital governance. It has also become necessary to promote AI based research and innovation for the growth and development of the country, to facilitate technological advancements by allowing researchers, innovators, private entities and startups to gain access to non-personal datasets. While this Policy helps in achieving these goals by prescribing rules and standards for usage, access, and storage of such datasets and ensuring that the rights of data principles is not compromised; there is a need to define the term 'Government data', to give clarity on the extent and scope of such data. Some important data sharing principles stated in the older Draft Data Policy16 including 'privacy and security by design'17 along with recognition and protection of ownership and intellectual property rights over the data18 should also be highlighted in the Policy. It is recommended for these principles to be taken into consideration while classifying the datasets. The need of the hour is to have a robust data privacy legislation in India and for the Policy and similar guidelines to be uniform and consistent with such legislation. The Policy, if well utilized, has the potential to facilitate informed decision making and effective service delivery to citizens in the long run.

Footnotes

1. Para 1.2, Draft National Data Governance Framework Policy, 2022 MeitY

2. Para 1.4, Draft National Data Governance Framework Policy, 2022 MeitY

3. Para 1.7, Draft National Data Governance Framework Policy, 2022 MeitY

4. Para 2.3, Draft National Data Governance Framework Policy, 2022 MeitY

5. Para 5.4,Draft National Data Governance Framework Policy, 2022 MeitY

6. Para 6.3 and 6.4, Draft National Data Governance Framework Policy 2022 MeitY

7. Para 5.6 and 5.8, Draft National Data Governance Framework Policy, 2022 MeitY

8. Para 6.1,6.4 and 6.5, Draft National Data Governance Framework Policy 2022 MeitY

9. Para 6.2, Draft National Data Governance Framework Policy 2022 MeitY

10. Para 6.9, Draft National Data Governance Framework Policy 2022 MeitY

11. Para 6.11, Draft National Data Governance Framework Policy 2022 MeitY

12. Para 6.13 and 6.15, Draft National Data Governance Framework Policy 2022 MeitY

13. Para 6.14, Draft National Data Governance Framework Policy 2022 MeitY

14. Para 6.16, Draft National Data Governance Framework Policy 2022 MeitY

15. Para 6.18, Draft National Data Governance Framework Policy 2022 MeitY

16. Para 5, India Data Accessibility and Use Policy, 2022 MeitY

17. Para 5.7, India Data Accessibility and Use Policy, 2022 MeitY

18. Para 5.12, India Data Accessibility and Use Policy, 2022 MeitY

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.