The draft National Data Governance Framework Policy proposes to use non-personal data of Indian citizens and residents for improving governance, aiding the start-up and research ecosystem.
The draft National Data Governance Framework Policy proposes to use non-personal data of Indian citizens for improving governance, aiding the start-up and research ecosystem.
The story so far: The Ministry of Electronics and Information Technology (MeitY)on May 28 released a draft of its data governance policy, a replacement for the ‘India Data Accessibility & Use Policy 2022’ which was dropped following concerns over a provision mandating licensing and sale of public data by the government to the private sector.
The latest draft titled ‘National Data Governance Framework Policy’ (NDGF) proposes the launch of an India Datasets programme to manage the “safe availability” of non-personal data from government and private entities for the use of researchers and innovators, and also for the acceleration of digital governance. The Ministry has placed the proposal in the public domain, asking stakeholders for feedback by June 11.
What is non-personal data?
Non-personal data can be described as a set of information which doesn’t have any personal details that can trace the person. The Draft Data Protection Bill 2019 defined it as “any data other than personal data.”
Non-personal data is divided into three sections — public, community, and private. While data collected by the government during the course of its working comes under public non-personal data, a set of raw and unprocessed information sourced from a community is community non-personal data. Private non-personal data, meanwhile, is data with private entities derived through applied knowledge or algorithms. The categorisation was mentioned by a government-constituted expert committee in its report on the Non-Personal Data Governance Framework. The panel had been formed to study issues and risks associated with non-personal data.
The need for a data policy
The Preamble that accompanies the draft, released on May 25, notes that the existing infrastructure is not fully equipped to deal with the volume and the speed at which data is generated as the government digitises its processes. Presently, this data is strewn across departments and stored in a way that is affecting the efficacy of data-driven governance and preventing data science and artificial intelligence (AI) from making the most of it.
Via this policy, the Centre has proposed to bring together anonymised non-personal datasets on one platform so that data insights can be used by ministries and researchers for “public good and more effective digital government.”
What are the features of the data governance policy?
Along with its primary objective to accelerate digital governance, the policy also aims to transform and modernise government data collection and management by defining guidelines for its sourcing, processing, storage, access and use to improve services in healthcare, education, agriculture, and law.
Decoding MeITY’s proposal for ‘Federated Digital Identities’ | In Focus podcast
Collating and sourcing data: To achieve this aim, the government has proposed an India Datasets programme — a central repository of anonymised non-personal datasets gathered by central ministries and departments from Indian citizens or those living in the country.
Applicability: The policy will apply to all ministries and Central government departments. It will include the collating of all non-personal data collected and managed by the Centre. Government entities will have to identify and classify datasets available with them to build a common repository.
State Governments are, meanwhile, encouraged to adopt the policy provisions. Private entities are also encouraged to share data collected by them on Indian citizens and residents with this central repository.
The repository: The India Datasets programme will be set up, designed and managed by the India Data Management Office (IDMO). According to the draft, all datasets in the India Datasets programme would be accessible through a common central platform and any other platform designated by the IDMO. The platform will receive and process any requests for non-personal data.
Data access and availability: The IDMO shall be responsible for the creation of protocols for sharing non-personal datasets via the datasets programme while also safeguarding privacy.
The functioning of the India Data Management Office
According to the draft, the IDMO, to be set up under the Ministry’s Digital India Cooperation (DIC), will guide ministries and departments as they develop parameters for the identification, usage, and management of non-personal datasets.
“The IDMO shall also encourage and foster data and AI-based research and start-up ecosystems by working with Digital India Start-up Hub,” reads the draft.
To ensure smooth and proper implementation of the policy, each ministry and department will set up a data management unit or DMU which will closely work with the IDMO. At the State-level, respective governments will be encouraged to designate data officers.
The IDMO will have the final say in whether a particular entity can access the datasets. It will also set up a mechanism for inter-government data access.
The principles of “ethical and fair use of data shared beyond the government ecosystem” will be defined by IDMO. For redressal, a mechanism will be set up as part of which the DMUs will have to respond in a time-bound manner.
It will formulate disclosure norms for data collected, shared, stored or accessed over a certain threshold. “The IDMO shall oversee the publishing and compliance to domain-specific metadata and data quality standards,” the policy draft adds.
While the government has dropped the clause pertaining to the sale of data which was a part of the previous draft, this draft states that the IDMO may decide to charge user charges or fees for its maintenance and services.
The NDGFP draft states that its standards and rules will ensure data security and information privacy, but doesn’t state in detail how the government plans to safeguard data privacy. Instead, it states that “detailed implementation guidelines including the data sharing toolkit, operation manuals, mechanisms for data anonymisation and privacy will be brought out by the IDMO.”
The expert committee in its report had earlier flagged risks associated with non-personal data. It had observed that no anonymisation technique is perfect and stressed that privacy concerns from possible re-identification of anonymised personal data should be addressed. This, however, has not been addressed in the revised draft.
Also, since it will be a powerful central data body, the composition of the IDMO in a fair manner is crucial to ensure a transparent and unbiased framework. The draft policy, however, only mentions that the IDMO will be staffed by a “dedicated government data management and analytics unit”.