A chance for India to shape a data governance regime

In Context

• In recent years, India has made great strides in its digital strategies and data governance.

Data Governance

• Meaning:
  • Data governance is the process of managing the availability, usability, integrity and security of the data in enterprise systems, based on internal data standards and policies that also control data usage. 
  • Effective data governance ensures that data is consistent and trustworthy and doesn’t get misused.

• Significance of data governance in India:
  • India has embraced technology and digitalisation to drive economic growth and to improve the lives of its citizens. 
  • Significant progress has been made in the use of digital technologies to provide access to bank accounts and in the promotion of digital transactions through the Unified Payments Interface (UPI) and other options.
  • However, as the country continues to evolve, it must also ensure that its digital strategies and data governance are inclusive, transparent, secure, and conducive to sustainable development.

Government’s key policies & frameworks on data governance:

• The Data Empowerment and Protection Architecture(DEPA):

• NITI Aayog has recently released the DEPA framework with principles for data protection and architectural guidelines. 
  • It manages consent for purpose of empowerment & usage of data.
• DEPA is an evolvable and agile framework for good data governance along with introducing new institution types, and cutting edge technological building blocks to enable true data empowerment.

• Draft National Data Governance Framework Policy (NDGFP):
  • Focus of the Policy:
    • The draft policy focuses on improving the institutional framework for:
      • Government data sharing, 
      • Promoting principles around privacy and security by design, and 
      • Encouraging the use of anonymization tools.
  • Aim:
    • To standardise the government’s data collection and management while catalysing AI and Data led research and a startup ecosystem.
  • India Data Management Office (IDMO):
    • The draft includes plans for setting up the India Data Management Office (IDMO) on the lines of the US Federal Data Management Office.
      • IDMO will be set up under Digital India Corporation for framing, managing and periodically revising the policy. 
    • The IDMO is expected to oversee and coordinate the implementation of India’s digital strategies and data governance framework, and to ensure that these efforts are aligned with the country’s values and priorities. 
    • This is a great opportunity for India to develop solutions that can be adopted and adapted in other countries. 
      • Open source and open innovation models can be important alternatives to proprietary solutions that are governed by big tech companies.
  • Data Management Units (DMUs):
    • As per the draft, all ministries will have data management units (DMUs) 
    • DMUs will be headed by a Chief Data Officer.
      • They will be responsible for the implementation of the data governance policy.

Issues & challenges

• DEPA:
  • There are risks associated with DEPA, particularly in terms of security and privacy. 
    • If the consent management tool is not properly implemented or managed, there is a risk that personal information could be misused or misappropriated.
  • Additionally, there are concerns that the implementation of DEPA may be inconsistent across different sectors and jurisdictions, which could undermine its effectiveness and create confusion among citizens. 
• UPI:
  • While the advances in financial inclusion and the successful implementation of the UPI in India are commendable, it remains to be seen whether these advancements can be replicated successfully in other areas such as health and agriculture. 
    • For example, in the health sector, there is a risk that sensitive medical information could be misused or exploited for commercial purposes, while in agriculture, there is a risk that market information could be manipulated for the benefit of certain actors.
  • There are also concerns that relate to security and privacy on the one hand and on infrastructure, connectivity and the availability of a skilled human workforce on the other hand. 
  • Moreover, there are also concerns around the potential misuse of data and information in these sectors.
  • Another issue is that of ownership and governance of data generated and collected in health and agriculture. 
• Data sovereignty:
  • Data sovereignty has become an increasingly important issue. 
  • The term “data sovereignty” refers to the principle that a country has the right to control the collection, storage, and use of data within its borders and also to the informational self-determination of citizens over their data.

Suggestions & way ahead

• For DEPA:
  • In order to realise the potential benefits of DEPA and minimise the risks, it is important that the tool is implemented in a transparent, consistent, and secure manner. 
  • This will require 
    • close collaboration between the government, the private sector, civil society, and other stakeholders and 
    • the development of clear and effective regulations and standards.

• Middle way:
  • It is important for India to navigate a middle way between restrictive data sovereignty and limitless data flow, and define which data, for which purposes, can be shared and used by whom.
  • Protecting right to privacy:
    • In doing so, India must respect and protect the fundamental right to privacy with a robust data protection law, and balance the interests of all stakeholders, including governments, businesses, and citizens for the goal of sustainable development.
• Data governance policy:
  • India requires the development of clear, transparent and accountable data governance policies and regulations as well as investment in the necessary digital infrastructure and skills to ensure that data is collected, stored, and used in a responsible, secure and accountable manner.
  • The concerns must be addressed through strong and robust data protection regulations, the development of ethical and responsible data governance practices, as well as effective and accountable oversight mechanisms.