Draft National Data Governance Framework Policy

In News

  • Recently, the draft plan on the National Data Governance Framework was released by the Ministry of Electronics & IT (MeitY).

Draft National Data Governance Framework Policy (NDGFP)

  • Focus of the Policy:
    • The draft policy focuses on improving the institutional framework for:
      • Government data sharing, 
      • Promoting principles around privacy and security by design, and 
      • Encouraging the use of anonymization tools.
  • Aim:
    • To standardise the government’s data collection and management while catalysing AI and Data led research and a startup ecosystem.
  • India Data Management Office (IDMO):
    • The draft includes plans for setting up the India Data Management Office (IDMO) on the lines of the US Federal Data Management Office.
      • IDMO will be set up under Digital India Corporation for framing, managing and periodically revising the policy. 
  • Data Management Units (DMUs):
    • As per the draft, all ministries will have data management units (DMUs) 
    • DMUs will be headed by a Chief Data Officer.
      • They will be responsible for the implementation of the data governance policy.
  • Sharing of data:
    • The policy also seeks to ‘encourage’ private companies to share non-personal data with startups as part of the effort.
    • IDMO shall notify protocols for sharing of non-personal datasets while ensuring privacy, security and trust
    • IDMO will notify rules to provide data on priority/exclusively to Indian/ India-based requesting entities. 

Draft India Data Accessibility and Use Policy 2022

  • Earlier the Centre released the draft India Data Accessibility and Use Policy 2022.
  • Issues:
    • However, it was criticised by internet activists and civil society members over its bid to monetise non-personal data gathered from citizens.
    • Under fire, the government later rescinded the policy and unveiled the new framework in May this year under the new name, NDGFP.
  • Changes:
    • The new framework has skipped the contentious clause that allowed the sale of data collected by the government in the open market.

Data categorisation

  • What is personal data?
    • Personal contains explicit information about a person’s name, age, gender, sexual orientation, biometrics and other genetic details.
  • What is non-personal data? 
    • Any set of data that does not contain personally identifiable information can be classified as “non-personal data”.
      • Public non-personal data:
  • All the data collected by the government and its agencies such as census, data collected by municipal corporations on the total tax receipts in a particular period or any information collected during execution of all publicly funded works has been kept under the umbrella of public non-personal data.
  • Community non-personal data:
    • Any data identifiers about a set of people who have either the same geographic location, religion, job, or other common social interests will form the community non-personal data. 
    • For example, the metadata collected by ride-hailing apps, telecom companies, electricity distribution companies among others have been put under the community non-personal data category.
  • Private non-personal data:
    • Private non-personal data can be defined as those which are produced by individuals which can be derived from the application of proprietary software or knowledge.

Challenges

  • Data sharing with Big Techs:
    • Large repository of India-specific datasets that will be created under the National Data Governance Framework Policy (NDGFP) will not be available for commercial operations of Big Techs.
  • Indian startups:
    • The repository of datasets will only be available for Indian startups.
    • There is no clarity on whether Indian startups meant those registered in India or those with operations in the country.
  • Non-personal data identification:
    • Concerns are raised on the definition of non-personal data. 
    • The issue is, if there would be an ‘absolute boundary’ for defining non-personal data citing that many non-personal datasets when combined with other datasets can lead to identification
  • Data centralisation:
    • The concerns are raised regarding the data centralisation aspect of the NDGFP when the world was moving towards decentralised frameworks like Blockchain.
  • Operations of the IDMO:
    • As of now there is no clarity on the operations of the IDMO.

Way Ahead

  • Data has grown to be an important economic and social resource
  • In India, the government is the biggest data repository
  • A policy framework is essential not only because currently there is no legal measure to protect non-personal data in the country, but also to streamline government data sharing which faces several bottlenecks today.
  • The NDGFP demonstrates the Indian government’s recognition of the immense value that can be unlocked through harnessing non-personal data.

Global data protection laws:

  • Most countries have strict data protection laws. 
  • The European Data Protection Board (EDPB) 
    • EDPB drafted rules for transferring sensitive and personal data outside EU countries. 
    • Organisations were required to take consent from individuals before transferring their personal data. 
    • Post-Brexit, Britain had to adopt GDPR to facilitate the free flow of data between the former and the EU. 
  • China’s Personal Information Protection Law (PIPL):
    • China also drafted its Personal Information Protection Law (PIPL) in the second half of 2020. 
    • The PIPL granted the residents the power to withdraw permission to share their data and the right to delete data while ensuring protection during cross-border data transfers. 
  • Canada:
    • Canada is revamping its data protection laws to include the private right to action and hefty fines. 

Source: PIB

 
Next article Juneteenth