On February 21, 2022, the Ministry of Electronics and Information Technology (MeitY) published the draft India Data Accessibility and Use Policy on its website. The draft of the policy was made available for the purpose of inviting public feedback till mid-March, 2022. Since then, the policy has garnered considerable attention and critical acclaim. One of the objectives of the policy is "To radically transform India's ability to harness public sector data." If passed, this policy would govern, "all data and information created/generated/collected/archived by the Government of India" as much as, "State Governments [who] will also be free to adopt the provisions of the policy".
A background note to the draft policy outlines the reasons why MeitY has proposed this draft policy. While foremost there is the recognition that data is a high value asset and could help India's ambitions of becoming a $5 trillion-dollar digital economy based on its ability to harness the value of data. There are also the current challenges faced with data sharing and use, to name a few – the absence of a body to monitor and enforce data sharing policies, the lack of technical tools and standards for data sharing, the identification of high-value datasets, and licencing and valuation frameworks. The note outlines a path ahead for unlocking the high value of data across the economy, including a consistent and comprehensive governance policy, the interoperability of government data, and the instillation of data skills and culture. Considering this, the India Data Accessibility and Use Policy aims to enhance access, quality, and use of data, in line with the current and emerging technology needs of the decade.
Judging by the trend of digitisation, the next decade will largely see an exponential growth in the collection of citizen data across the globe and particularly India. This can soon become a cornerstone of India's $5 trillion digital economy. The goal of MeitY's data accessibility and use policy is utilise the economic value of the data generated and collected. The framework of the policy provides for the establishment of an India Data Office (IDO) to be set up by MeitY to consolidate data access and sharing of public data repositories across the government and other stakeholders. The draft policy also proposes a data management unit in every ministry, headed by Chief Data Officers, which will work closely with the IDO to implement the policy. The IDO will be responsible for coordinating with ministries, states, and other schematic programs to identify and provide access to data. The access will be provided through various mechanisms to interested parties like researchers, start-ups, enterprises, individuals, and government departments.
The draft policy is looking to cover all non-personal data and information generated by the Indian government directly or through authorised agencies by various ministries and autonomous organisations. Furthermore, state governments have been permitted to implement the policy's provisions. The draft does provide for certain data that cannot be shared and would form part of a negative list of datasets or would have restricted access and can be shared only with certain users. The policy lays down 12 principles that need to be adhered to while sharing any data, these range from identification of datasets for sharing, transparency in operations, equal and non-discriminatory access, well-defined accountability for all stakeholders to protection of intellectual property.
Under the draft policy every Government Ministry/ Department/ Organisation has been asked to identify the non-personal datasets available with it and classify them as open, restricted or non-shareable. Government ministries have also been directed to examine and create searchable data inventories. Approved inventories will thereafter be integrated into a government-wide searchable database for government-to-government data sharing. MeitY has under the policy also requested that all ministry data portals be integrated with the open government data portal via APIs or other relevant integration mechanisms. The policy provides that the IDO will provide technical and implementation support for the integration to the departments for such integration.
Furthermore, every central department has been directed by MeitY to adopt and publish its domain-specific metadata and data standards. Meta data standards are intended to establish a common understanding of the meaning or semantics of the data, to ensure correct and proper use and interpretation of the data by its owners and users.
All ministries will be provided with reference anonymization tools and decision-making frameworks, according to MeitY, to enable data officers in managing data sharing requests. It will be the duty of all ministries to comply with the IDO/MeitY minimum anonymization criteria. The policy in multiple places reiterates that to prevent misuse of any data and its confidentiality any data sharing will take place only within the legal framework of India, its national policies and legislation. Another safeguard for data protection that has been included in the policy is the tenure of data retention. According to the policy, each central government department must specify its data retention period for specific datasets and maintain compliance while managing storage and sharing of datasets. MeitY plans to create and standardize a comprehensive set of guidelines to assist ministries in defining their data retention policies. The policy also provides for the provision of a data-sharing toolkit to all ministries to help assess and optimally manage risk associated with data sharing and release. It will assist data officers in determining if a dataset qualifies for release, restricted sharing, or inclusion on the negative list, as well as to identify the proper release mechanism and level of anonymization.
While the policy is indeed a step forward especially in recognizing the value of the data, given that India still lacks a comprehensive a data protection law, it will operationally be difficult to hold people accountable and give redress for violations of privacy or data breaches. Safeguards will need to be built in more elaborately to protect privacy of public data and the integrity of such data.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.