India is making strides in the digital arena and this has also improved economic pace and improved life of citizens. Development in the field of digital technologies and its increasing usage among public has resulted in explosion of datas which can be used as a future resource. As the country evolves digitally, there is also a need to evolve inclusive, transparent, secure and sustainable strategies for data governance for the future. On this note, let us go through the different strategies suggested by the government towards data governance architecture along with their concerns.
The Draft National Data Governance Framework Policy
- Non-personal Data and Anonymized Data from Government and Private entities are safely accessible by Research and Innovation eco-system.
- Provide an institutional framework for data/datasets/metadata rules, standards, guidelines and protocols for sharing of non-personal data sets while ensuring privacy, security and trust.
- Ministry of Electronics & Information Technology has initiated a National Program on Artificial Intelligence (AI) and one of the components of the program is setting up the “India Data Management Office (IDMO)”.
- The proposed IDMO aims to improve access, quality, and use of public sector data to catalyze data-driven governance, decision-making and create an ecosystem for data-based Innovation and research.
- The Ministry of Electronics and Information Technology has released the Draft National Data Governance Framework Policy in May 2022 for public consultation.
The primary objectives envisioned for IDMO are the following:
- Data Governance:
- Designing data standards, data quality metrics, and associated tools and frameworks to leverage data for innovation
- Institute mechanisms for data sharing and access that can enable an ecosystem of data-driven governance, research, and innovation.
- It will enable and build the India Datasets Platform that will process requests and provide access to non- personal and anonymized datasets to Indian / India-based AI- and Data-led researchers and Startups.
- Building Data Capacity: To build and augment the capacity of data functionaries within government entities working on data consolidation, management, and sharing activities through sensitization and training.
Benefits of Proposed India Data Management Office (IDMO)
- Ensure Mechanism for Data Sharing and Data Governance – by coordinate closely with line Ministries, State Governments, and other schematic programs to standardize data management by building up capacity and capabilities in each Ministry.
- Accelerate inclusion of non-personal datasets housed within ministries and private companies into the India Datasets program.
- Promote data sovereignty (data converted and stored in India are subject to national laws) by coordinating India’s digital strategies and data governance framework and to ensure they are aligned with national values and priorities.
- IDMO will Promote Open-Source Solutions – promotion, development and implementation of open-source solutions (which can be modified and shared and is publicly accessible) will ensure data architectures as social public good which can become accessible and affordable for all.
- Opportunity to develop solutions that can be adopted and adapted in other countries – Open source and open innovation models can be important alternatives to proprietary solutions that are governed by big tech companies.
India Stack & Its Objectives
- India Stack is a set of Application Programming Interface (APIs) that allows governments, businesses, startups and developers to utilise an unique digital Infrastructure to solve India’s hard problems towards presence-less, paperless, and cashless service delivery.
- India Stack aim to unlock the economic primitives of identity, data, and payments at population scale.
- Foundations of the India Stack includes
- Identity Layer – Giving every resident a unique (Aadhaar, e-KYC, e-Sign)
- Payments Layer – Allowing anyone to pay everyone (UPI, Aadhaar Payments Bridge, Aadhaar Enabled Payment Service)
- Data Empowerment – Enable Secure sharing of Data (Consent Artefact, DigiLocker, Account Aggregator)
Data Empowerment & Protection Architecture
NITI Aayog has released “Draft Document on Data Empowerment And Protection Architecture” which aims to promote greater user control on data sharing.
Need for Such an Architecture
- According to NITI Aayog, millions of Indians are creating electronic transaction histories and becoming ‘data-rich’ at historic rates, even before becoming economically rich or even financially stable.
- Personal data helps people inform and build trust with key institutions providing life-altering services, such as hospitals, banks, or future employers.
- Thus, based on these examples, government believes that individuals themselves are the best judges of correct uses of their personal data, rather than competing institutional interests.
- DEPA accordingly has been designed as an evolvable and agile framework for good data governance considering the rapid change in data technology. Accordingly, DEPA seeks to provide a foundation of three key building blocks:
- 1. Enabling Regulations
- 2. Cutting Edge Technology Standards
- 3. New types of public and private organisations with incentives closely aligned to those of individuals
- In a nutshell, DEPA aims to empower people to seamlessly and securely access their data and share it with third party institutions for their own benefit.
DEPA’s technology architecture is a first of its kind interoperable, secure, and privacy preserving digital framework for data sharing through the following:
- The Consent Artefact – is a technology Standard for programmable consent to replace the all-permissive terms and conditions forms. The consent individuals provide is designed on principles acronymed ORGANS:
- Open standards (ensuring all institutions use the same approach interoperably)
- Revocable (by individuals)
- Granular (provided for each time you share data, stipulates how long data can be accessed, etc.)
- Auditable (in machine readable logs of consent provided)
- provide Notice to all parties, and Secure by design
- Open Application Programming Interface (APIs) for Data Sharing – allow many new Consent Managers to ‘plug in’ to a common sharing system rather than having to build bilateral relationships with information providers to access data. API is a software intermediary that allows two applications to talk to each other.
- Financial Information Standards – allow a data recipient to quickly interpret and understand information from a new institution.
Proposed Usage of DEPA Framework
Proposed Benefits of DEPA
- Solve Credit Crunch faced by MSMEs – Sharing of past financial data like past turnover, GST Bills etc. (with the consent of owner) will especially help people in the MSME Sector to get credit without submitting any collateral. Thus, as per NITI Aayog, DEPA will prove useful to solve 20-25 trillion Rupees credit gap faced by MSMEs.
- Better Financial Management – Using DEPA, individuals and small businesses can use their digital footprints to access not just affordable loans, but also insurance, savings, and better financial management products.
- Building Trust based on previous Digital History – Digital transaction used by small shop owners, farmers, traders, MSME entrepreneurs, rural Self Help Groups and gig economy workers are increasingly generating a digital transaction history that could be use to inform and build trust with financial institutions.
- Solve the problem of Data Access – Different type of datas are stored across sectors and in different formats which makes access to data very difficult. Thus, in India there is an issue of Data Fragmentation as Datas are not inter-connected or linked with each other on any given platform. So, DEPA will not only help in solving the issue of inaccessibility of one’s own data but will also help to link scattered data lying across sectors in different formats in an organised way.
- Need to harmonise regulations on Data Sharing – There is also a lack of harmonisation around the regulations for data sharing of citizens within and across sectors. Thus DEPA will ensure that data of citizens are not misused without individuals’ knowledge and consent. This organisation of data of individuals will help such citizens who urgently require such data to access better services.
- Need for evolvable, interoperable and secure data sharing framework – There is a need to have an evolvable, interoperable and secure data sharing framework to use newly generated data by Indians.
- Benefit for citizens through Data Management – Personal data management will help individuals and small businesses with the practical means to access, control, and selectively share personal data that they have stored across multiple institutional datasets. This will also help to maximise the benefits of data sharing for individual empowerment whilst minimising privacy risks and data misuse. Thus, overall, Personal data management will help to transform the current organisation-centric data sharing system to an individual centric approach that promotes user control on data sharing for empowerment or access to various financial, health or educational services.
- Create New Institutions – Account Aggregators & Consent Managers – DEPA’s Institutional Architecture will involve the creation of new market players whose incentives align more closely with individuals – user Consent Managers. These Consent Managers in the financial sector will be known as Account Aggregators. A non-profit collective or alliance of these players will be created called the DigiSahamati Foundation.
- Benefits in Health & Agriculture Sectors – The use of digital technologies can enhance access to health-care services, particularly in rural and remote areas, while in agriculture they can empower farmers and enhance their incomes.
Concerns – DEPA
- Privacy Risk on Sharing Information in Important Sectors – Sharing of personal data can cause security or privacy risk particularly regarding sensitive information.
- Health Sector – there is a risk that sensitive medical information could be misused or exploited for commercial purposes,
- Agriculture – there is a risk that market information could be manipulated for the benefit of certain enterprises.
- Ownership and Governance of data generated and collected in health and agriculture.
- Misuse or Misappropriation – If the consent management tool is not properly implemented or managed, there is a risk that personal information could be misused or misappropriated.
- Inconsistent Implementation across Sectors – implementation of DEPA may be inconsistent across different sectors and jurisdictions, which could undermine its effectiveness and create confusion among citizens.
- To implement DEPA tool in a transparent, consistent and secure manner, what is needed is a close collaboration between the government, private sector, civil society, and other stakeholders and the development of clear and effective regulations and standards.
- Whether Digital Inclusion in Health and Agriculture will be successfully implemented like Financial Sector Not Certain.
- Concerns on infrastructure, connectivity and the availability of a skilled human workforce to achieve the goal of digital governance.
Need to Find Balance
- While devising a strategy for data framework and governance, India needs to balance:
- Between data sovereignty and limitless data flow
- interests of all stakeholders – including governments, businesses, and citizens for the goal of sustainable development
- Between developing clear, transparent and accountable data governance policies & regulations and investment in the necessary digital infrastructure and skills to ensure that data is collected, stored, and used in a responsible, secure and accountable manner
The challenges of digital infrastructure, privacy protection, data security, and responsible data governance must be addressed before the advancements made in digital governance can be fully realised in other sectors. Further, India Stack must be designed and developed in sync with India’s broader development strategies. This will allow data governance to be aligned with the India’s core values and priorities which will ultimately promotes development of a secure, more egalitarian, and trustworthy digital future for all.