What do we need to know about the "National Data Governance Framework Policy"?
Dr Raghuveer Kaur, Sanachit Mehra
“There is nothing more important in the present times than data privacy and we must never take it easy.”
We welcome the government of India’s step toward having a ‘National Governance Framework Policy.’ The thought process behind the initiative is really encouraging and the move to invite suggestions makes it align with the democratising of the idea of data policy.
To date, we don't have a privacy law in our country. That's one reason why itemised bills print out are easily accessible with streetside vendors serving snacks in the country. This makes us question how government data policy on non-personal data is going to work, we discuss this here.
In the wake of the absence of privacy legislation, we present our views on the draft National Data Governance Framework Policy. The draft document presented is promising, and it is encouraging that the government has invited feedback to make it in the best interest of the citizens. To utilise this opportunity and voice the opinion of the fraternity we operate in, we are presenting below our major concerns. We would list the important points and later discuss them in depth:
Currently, we have two national databases hosted by the government of India. Open Government Data (OGD) Platform India aims to support the Open Data initiative of the Government of India. It facilitates Government Organizations to publish their datasets in open formats for free public use. OGD is also available as Software as a Service (SaaS). The second one is NITI Aayog’s National Data and Analytics Platform (NDAP), which was launched to democratise access to public Government data through a world-class user experience. The problem with OGD is the data sets are redundant, they don’t have a schema which makes them almost impossible to use. So, when we already have these huge datasets why do we need to have a third dataset? Are these going to be removed or merged with the one proposed? If they are merged will not the existing problems resurface? Also, there are private databases such as CMIE, will they be merged? The recommendation here is to find a way to reliable datasets and not multiple datasets.
The other problem associated with the dataset is the verification of the dataset. How are the data in this database going to be verified and checked for reliability? How are the rectifications going to be made in the database? We recommend here a clear process and checkpoints in the collection and verification of data.
Non-personal data is extracted from personal data. In our country, as pointed out earlier we still don’t have personal data protection legislation. In the absence of legislation, how are we going to deal with any anomalies that exist during extraction? How are we going to deal with any breach of data? How is the draft going to establish accountability? What are the various security features associated with the data?
In addition to that, anonymisation is a huge challenge. Who anonymises the data? The sources from where the data is collected or while listing on India data set is gets anonymised? The challenge here is to identify the body and make it accountable for anonymisation and the risk associated. The redressal mechanism also lacks clarity.
Another important consideration of this framework is the composition of IDMO (Indian data management office). There is no clear information on how the IDMO would be composed and who would head it? Similarly, on the ministry level, the appointment of CDO has not got any details on roles, power, and responsibilities. The whole institutional framework lacks clarity. The person holding the positions should be well versed in which privacy legislation? It does not mention any code of conduct for conducting meetings, publishing reports, and sharing the report with people at large. It only mentions that IDMO will conduct at least two semi-annual consultations with ministries. Similarly, on state levels, the DMUs will be established and headed by CDO. Will DMUs have a representation from IDMO, how control will be established by DMU is ambiguous. What is the fate of existing CDOs appointed by OGD?
Recommended by LinkedIn
Also, there needs to be regulation for the private sector. The private sector has not been mandated to share data; they might not be willing to participate as it might result in a breach of intellectual rights. Also, once the policy is implemented it would be inevitable to establish a check on the private-sector data set.
The cost consideration needs to be published. Also, what quantum of data is to be listed open and what will be exclusive and needs to be purchased has to be defined clearly and laid public. The government can introduce membership based on industry and individual seeking data. It will help in establishing control over the users of data. However, the most important question is the enactment of this policy. Creating such a data set is going to be a humongous task, especially when in most government departments data is kept in silos. It requires capacity building. The validity and rectification of those data is another major challenge. There will also be challenges in deciding what data to be kept open and what to be made available upon request. The process of accessing the data also needs to be mentioned along with a check on the legitimacy of the request. Also, there should be a plan to incentivise various departments to keep their database accurate. These incentives should also be negative in case the database is not properly updated.
Other than that, this draft will provide a good playing field for the government to establish streamlining in its various dataset across the various PSUs, departments, and various other bodies. The policy will demand transformation changes in various departments/ ministries. It will promote automation and better transparency in handling data under government control. The policy will also push for a full-fledged independent regulation of personal data and non-personal data.
With this, we summarise that we need to have a single dataset platform that is dependable and updated. It has a schema that adds to its utility and makes it usable. It is secure, verified, and helps in making business decisions better. It provides citizens ease of access to data and makes them empowered with the sense of security they deserve.
This document represents the views of the authors and not the company. This document is only for informational purposes.
References: