On February 21, 2022, the Ministry of Electronics and Information Technology (MEITY) released a draft policy proposal titled “Draft India Data Accessibility and Use Policy, 2022.” The policy aims to “dramatically transform India’s capacity for data exploitation in the public sector.” The Draft Data Accessibility Policy’s proposals have come under fire for allowing the government to license and sell public data to the private sector.
What is the purpose of the Draft Data Accessibility Policy?
Citizen data generation is expected to accelerate exponentially over the next decade, becoming a cornerstone of India’s $5 trillion digital economies. The policy objectives and purpose derived from this understanding are primarily commercial in nature, consistent with the rationale stated in Chapter 4 of the National Economic Survey, 2019, which noted the commercial benefits of government data exploitation, specifically, “The private sector may be granted access to select databases for commercial use…” Given the private sector’s enormous potential for profit from this data, it is only fair to charge for its use.” Its objective is to maximize the economic value of generated data.
The policy is accompanied by a background note that details existing bottlenecks in data sharing and use, including the absence of a body to monitor and enforce data sharing policies, the absence of technical tools and standards for data sharing, the identification of high-value datasets, and licensing and valuation frameworks. It outlines a path forward for unlocking the high value of data across the economy, establishing a consistent and robust governance strategy, ensuring the interoperability of government data, and instilling data skills and culture.
Additionally, there is a lack of transparency due to the absence of a consultation paper or disclosure of the list of stakeholders consulted, which according to a MEITY public notice includes “academia, industry, and government.”
How is the Draft Data Accessibility Policy intended to accomplish its objectives?
The policy will apply to all data and information that the Central Government creates, generates, collects, and/or archives. Additionally, it would permit State governments to adopt its provisions. It will be operationalized through the establishment of a centrally managed India Data Office (IDO) under MEITY, with each government entity appointing a Chief Data Officer. Additionally, an India Data Council will be formed as a consultative body for tasks such as standardization. It is unknown whether the India Data Council will include non-governmental stakeholders such as industry, civil society, and technologists.
The policy strategy is to make government data open by default and then to maintain a blacklist of datasets that are not shareable. The independent government ministries are responsible for defining more sensitive categories to which access should be restricted. Additionally, existing data sets will be enriched or processed to increase their value, which will be referred to as high-value datasets. Government datasets, including those of high value, will be freely shared within government agencies and licensed to the private sector. There is a recommendation for anonymization and privacy preservation as a measure of privacy protection.
What are the Draft Data Accessibility Policy’s privacy implications?
India lacks a data protection law capable of holding individuals accountable and providing redress for privacy violations such as coercive and excessive data collection or data breaches. Inter-departmental data sharing raises privacy concerns, as an open government data portal containing data from all departments could result in the creation of 360-degree profiles and enable state-sponsored mass surveillance. While the policy recognizes anonymity as a desirable objective, it lacks legal accountability and independent regulatory oversight.
Additionally, scientific analysis and the availability of automated tools for the re-identification of anonymous data are overlooked. This is critical given the financial incentives associated with licensing to the private sector, in which the government acts as a data broker. Here, the commercial value of the data increases as the amount of personal data collected increases. Additionally, the absence of anchoring legislation results in the policy failing to meet the legal standard for state intervention in privacy established by the Supreme Court of India in its landmark right to privacy decision.
Is there anything else wrong with the policy?
Three additional points about the policy document warrant consideration. By adopting the language of open data, it departs from its fundamental principle of government transparency toward its citizens. There is only one reference to transparency and little to no discussion of how such data sharing will assist in ensuring accountability and redress demands.
The second issue is that the policy circumvents parliament by proposing large-scale data sharing and enrichment funded by public funds. Additionally, the establishment of offices, the establishment of standards that may apply to not only the Central government but also to state governments and the programs administered by them, all require legislative deliberation.
This brings us to the final point about federalism. Even though the policy states that state governments will be “free to adopt portions of the policy,” it does not specify how this freedom will be exercised. It becomes relevant if the Central government establishes specific standards for data sharing or as a precondition for financial assistance. Additionally, there is no comment on whether the Central government may sell data gathered from States and whether the proceeds will be shared with the States.
How can you participate and submit your viewpoints?
The draft data access policy is available on the MEITY website and is open for public consultation until March 18, 2022. To participate, send an email to Ms. Kavita Bhatia, Scientist F, at the following addresses: kbhatia@gov.in and pmu.etech@meity.gov.in.