Let's Glance Through The Revised National Data Governance Framework Policy

The critical role of the Framework in boosting India's Data Economy

The NDGFP aims to unlock the potential of the value-locked non personal data which is stored by different Government entities in silos. The current manner in which this data is stored across Government bodies and managed and accessed inconsistently is unsuitable for application of data analytics, data science and AI for generating data insights.

Note: Non-personal has been defined to include all data other than personal data (Draft Data Protection Bill, 2019). In its most basic form, it means any set of data which does not contain personally identifiable information including anonymised personal data and industrial databases.

With NDGFP in place, the Government aims to create a data repository of anonymised non-personal datasets that can be used to generate data insights with the purpose to firstly, accelerate Digital Government in India and secondly, to fuel the research and start-up ecosystems of India.

With next wave technological innovations such as AI around, data has become a critical resource for the economy and is the key for advancing decision making, governance and service delivery by government and private sector. However, issues such as data ownership, data privacy and security and data ethics have to be firmly placed in any legal framework stipulating usage of Government or private data.

Applicability and Framework of National Data Governance Framework Policy

NDGFP shall govern non personal data of all central Government departments and entities. The State Governments shall also be encouraged to adopt NDGFP. With the implementation of NDGFP, the Government plans to create a one-stop Indian Datasets Platform consisting of anonymized non-personal datasets from across Government entities collected from Indian citizens or those in India. This platform shall process requests and provide access to the non-personal anonymized datasets to Indian researchers and startups. For Government-to-Government data access, a separate standard mechanism shall be developed under NDGFP. Although NDGFP does not apply to the private players per se, they can voluntarily contribute their datasets to the data repository made under NDGFP.

For implementation of NDGFP, an Indian Data Management Office (IDMO) shall be set up under the Ministry of Electronics and Information Technology. This body shall be responsible for implementing as well as periodically reviewing NDGFP. The framework encapsulates three pronged functions of the IDMO

A. Creation of Indian Datasets Platform- For creation of the one-stop Indian Datasets Platform that shall provide access to non-personal anonymized datasets to private players, the IDMO shall assume the backend and frontend responsibilities such as

1. Identification of Datasets- IDMO shall prescribe rules and standards for Government entities to identify and classify the datasets available with them and build a vibrant and large database of dataset.

2. Standardize data storage and retention rules- An evolving set of data storage and retention standards shall be specified by IDMO for standardizing them across Government entities.

3. Publish data anonymization standards and rules- Further to identification of datasets, rules and standards for data anonymization (for both Government and private bodies) shall be developed by IDMO to ensure informational privacy of the data.

4. Finalize metadata standards- Metadata standards and data quality standards shall be finalized by IDMO that cut across sectors. IDMO shall also take steps to ensure compliance to the relevant domain specific standards by Ministries/ Line Departments.

5. Design and build the Indian Datasets Platform- The IDMO shall design, operate and manage the India Datasets Platform.

B. Safeguarding Data Usage- To ensure privacy, security and trust in the data sharing ecosystem, the IDMO shall undertake the following responsibilities:

1. Develop protocols for sharing of non-personal data sets- IDMO shall notify protocols for sharing of non-personal datasets while ensuring privacy, security and trust. Rules to provide data on priority or exclusively to Indian/ India based requesting entities shall also be developed

2. Govern data requests- For datasets other than those available on the Open Data Portal, data requests shall be considered based on their genuineness and validity by the IDMO. It shall also decide whether requesting entities can be allowed access to complete databases or combinations thereof for their use cases.

3. Publish disclosure norms for large size datasets- IDMO shall publish disclosure norms for data collected/ stored/ shared and accessed over a certain threshold.

4. Ensure ethical and fair use of data- IDMO shall define principles for ethical and fair use of data beyond the Government ecosystem.

5. Framework for user charges- IDMO may charge user charges/ fees for its maintenance/ fees

C. Capacity Building of Government bodies-

1. IDMO shall also be tasked with capacity and skill building initiatives for officials in all government agencies to build data and digital literacy, knowledge and skills.

2. It shall assist in setting up of Data Management Units (DMUs) in every Ministry to create dedicated capacity for data management. DMUs shall be made accountable to IDMO to facilitate a transparent and accountable data sharing ecosystem.

3. The IDMO shall ensure adequate awareness building by sharing SOPs, FAQs, Operating Manuals and shall also ensure appropriate branding for quick adoption of NDGFP

Concerns

As the draft only lays down broad contours and the detailed terms of this data sharing regime are yet to be released, most interactional implications of NDGFP such as data privacy, security, intellectual property and data monopoly issues seem open-ended at the moment. Specific policies governing standards for data anonymization, rules for conditions of access to such data to private players, rules safeguarding processing and fair and ethical usage of such data by private entities shall be key to ensuring a safe and transparent data regime. The yet to be passed Data Protection Bill, 2021 and the not-yet-released regulations for protection of non-personal data must be finalized to work in tandem with NDGFP. A technical threshold for data anonymization should be specified as until then it will not be possible to categorically stipulate what constitutes anonymized data, leading to privacy breaches. The NDGFP has done away with the 'monetization' provisions of the previous Draft India Data Accessibility and Use Policy but will the current framework be sufficient to ensure a non-monopolistic data market fair for all market players? Steps to ensure a fair data market for all and stronger regulations to prevent misuse of non-personal data and market failures might become inevitable upon implementation of NDGFP. Mandatorily regulating access to privately held non- personal data for all players might also be a next step to NDGFP as most of citizen data is stored by private monopolies.

But a glaring challenge right now is the implementation of NDGFP itself. The draft policy will be a good test of governance structures around data anonymization, interoperability and sharing along with practices such as creating high value datasets given that there are hundreds of government agencies and PSUs involved. Streamlining data sets across Government entities and ending data silos is a humongous task for the Government that will require transformational capacity building including changing the behavior of Government functionaries.

Writer: Monisha Purwar (@Purwar26) is a law, policy and business enthusiast and is currently working for Quality Council of India and part-time with Black Dot Public Policy Advisors

Views expressed are personal.