Termed National Data Governance Framework and Policy, the new framework will set standards for the governance of citizen data by the Centre
The move follows scathing criticism of a previous bill that was panned over a bid to monetise non-personal data gathered from citizens
The feedback on the previous policy was that the name itself (was) being misunderstood, it almost seemed like it was a data sharing policy, which it was not. We have now rejigged the policy framework: MoS Chandrasekhar
The Centre plans to unveil a new framework in a bid to set standards for the governance of citizens’ data by authorities. This was stated by Minister of State (MoS) for Electronics and IT, Rajeev Chandrasekhar, in an interview with ET.
This comes following the scathing criticism of the India Data Accessibility and Use Policy 2022, which was opened for public debate in February this year. The policy was especially panned by multiple quarters over its bid to monetise non-personal data gathered from citizens.
The Centre now seems to have put the policy in cold storage and plans to bring in a new policy called the National Data Governance Framework and Policy to alleviate any such concerns. The new policy will reportedly do away with provisions related to ‘monetisation’ and will not be applicable to private entities. It is likely to be released for public comments in the coming week, ET said.
The MoS was quoted as saying that, “The feedback on the previous policy called the India Data Accessibility and Use was that the name itself (was) being misunderstood, it almost seemed like it was a data sharing policy, which it was not. We have now rejigged the policy framework.”
The new framework will also keep restricted datasets such as Aadhaar outside the ambit of any data sharing legislation. Once formalised, the new framework will be part of the overarching digital policy legislations, from the upcoming new digital law to the Data Protection Bill, currently in the works at the MeitY. The report quotes Chandrasekhar as saying that, ”What you’re seeing today are the building blocks of the overall architecture for the next 10 years of India’s tech economy.”
Meanwhile, the Ministry seems to be hell-bent on replacing the ‘dated’ Information Technology Act, 2000 with a ‘new digital law.’ The revamped framework will also provide for the establishment of an India Data Management Office (IDMO) on the lines of the US Federal Data Management Office.
The IDMO, according to the MoS, will be responsible for ‘setting all standards, rulemaking and guidelines going forward on all aspects of data, which includes storage and anonymisation.’
Chandrasekhar further added that, “The IDMO will be accountable to make sure that the standards of anonymisation are set and that they do not permit any de-anonymisation. There is a clear case for having a national governance framework and policy to deal with the issues of setting standards of storage, collection, accessibility of computer systems and network access to the data within the government.”
The Minister also stated that the reformed legislation will make a host of datasets available in the public domain, in an anonymised format. He further added that this will help streamline governance mechanisms and will provide a $100-150 Bn opportunity for startups in the field of artificial intelligence.
Alleviating The Concerns?
It all began in March of 2019 after the Ministry of Roads, Transport and Highways (MoRTH) announced a ‘bulk data sharing policy’ to monetise data gathered from citizens’ vehicle registration certificates and driving licences. The policy was met with intense backlash, forcing the government to roll it back in a year due to concerns over misuse.
Later in February this year, the Centre again came up with a draft India Data Accessibility and Use Policy, 2022 which was put up for public consultations. This bill, however, had somewhat demarcated the data into personal and non-personal zones. Notably, while it did so, the draft policy did not state how the consent and anonymisation of an individual’s data will be dealt with.
Add to that, no clarity on companies harvesting the data for commercial uses spooked government and privacy activists alike.
The policy was also criticised by experts who had argued that since the Data Protection Act was yet to be implemented, there were no proper security safeguards for anonymisation, privacy infringement and economic incentivisation. Chandrasekhar said the new policy has addressed those concerns.
The announcement will likely bring a sigh of relief to activists who have been demanding the rollback of the bill. With the new framework likely to be unveiled soon, the Centre should tread carefully as opening up the data of Indians to startups and global companies could have its own pitfalls. Due diligence should be done before any such treasure trove of data is made public.