Draft Data Accessibility and Use Policy
- The Ministry of Electronics and Information Technology (MEITY) released the Draft India Data Accessibility and Use Policy 2022 (or Draft Policy) for public consultation.
- The Draft Policy aims at providing a robust scaffolding for harnessing public sector data for informed decision-making, citizen-centric delivery of public services, and economy-wide digital innovation.
What the policy Aims for?
- Specifically, it seeks to maximise access to and use of quality non-personal data (NPD) available with the public sector, overcoming a number of historical bottlenecks:
- Slow progress on the Open Government Data (OGD) platform,
- Fragmentation of data sets into departmental silos,
- Absence of data anonymisation tools,
- Insufficient attention to the development of data stewardship models; and
- lack of data quality standards, licensing, and valuation frameworks to support data-sharing.
- GovTech 3.0 approach — to unlock the valuable resource of public sector data — does upgrade the OGD vision of the National Data Sharing and Accessibility Policy (NDSAP), 2012. It seeks to harness data-based intelligence for governance and economic development.
- Ensuring greater citizen awareness, participation, and engagement with open data is mentioned as a core objective of the Draft Policy. In imagining such openness, the draft confines transparency of public data to non-personal data sets.
- This does pose ethical and procedural dilemmas to balance privacy/risk of data misuse with transparency-accountability considerations.
- The unfinished task of the NDSAP in bringing coherence between restrictions on the availability of sensitive personal information in the public domain and India’s RTI, therefore, has been lost sight of.
- Given that citizen data sets generated during service delivery contain personal identifiers, the assumption here seems to be that adherence to anonymisation standards is sufficient safeguard against privacy risks.
- But even in the case of anonymised citizen data sets (that is no longer personal data), downstream processing can pose serious risks to group privacy.
- The Draft Policy adheres to the NDSAP paradigm of treating government agencies as ‘owners’ of the data sets they have collected and compiled instead of shifting to the trusteeship paradigm recommended by the 2020 Report of the MEITY Committee of Experts on non-personal data governance.
- They have a carte blanche with respect to determining how to classify their data holdings into “open, restricted or non-shareable” sans any mechanisms for public consultation and citizen accountability.
- The lack of a data trusteeship framework gives government agencies unilateral privileges to determine the terms of data licensing.
- The proposed Draft Policy must pay attention to data quality and ensure that licensing frameworks and any associated costs do not pose an impediment to data accessibility for non-commercial purposes, while also protecting public sector data from being captured by large firms, especially transnational Big Tech, for economic innovation.
- The European Union, for instance, has focused on the creation of common, interoperable data spaces to encourage voluntary data-sharing in specific domains such as health, energy and agriculture.
- These common data spaces provide the governance framework for secure and trust-based access and use, in full compliance with personal data protection, and updated consumer protection and competition laws.
- Mandatory public access in exceptional cases such as public emergencies, suggested in the EU’s proposed Data Act (2022), cannot unlock the data enclosed by lead firms for public value creation, in general.
- In this regard, the data stewardship model for high-value datasets proposed by the MEITY’s Committee of Experts in their Report on Non-Personal Data Governance (2020) is instructive.
- In this model, a government/not-for-profit organisation may request the Non-Personal Data Authority or NPDA (an independent institutional mechanism) for the creation of a high-value data set (only non-personal data) in a particular sector, demonstrating the specific public interest purpose for which such data is being sought as well as community buy-in on the basis of an appropriate public consultation process.
- Once such a request is approved by the NPDA, the data trustee has the right to request data-sharing from all major custodians of data sets corresponding to the high-value data set category in question – both public and private.
What we need
- What we need is a new social contract for data whereby:
- The social commons of data are governed as an inappropriable commons that belong to all citizens;
- The government is the custodian or trustee with fiduciary responsibility to promote data use for public good; and
- Democratisation of data value is ensured through accountable institutional mechanisms for data governance.