A day after the Ministry of Electronics and Information Technology (MeitY) released the draft India Data Accessibility and Use Policy, industry experts and think tanks said that monetisation of data bases, inter-ministry data sharing and need for tighter law around data anonymisation will be the key focus areas for recommendations being sent.
Organisations including SFLC.in, Internet Freedom Foundation (IFF) and The Dialogue will be soon sending their recommendations adhering to March 18 deadline.
The draft policy was a broader framework touching upon various aspects under consideration. Key talk points include licensing and pricing of data bases as per the quality of processing. The datasets will be created by collecting citizens’ information. The policy has plans to anonymise data and make it available across government Departments and Ministries. Overall, the implementation and monitoring of the policy will be led by the India Data Office (IDO) under MeitY.
“It is a good initiative by the government to acknowledge the value of data that is collected by government departments and to make it accessible for use for the larger ecosystem as it has the potential of driving economic and social benefits. This will help start-ups, the research community as well as enterprises to unlock the value of data. We welcome that the government has invited comments on the draft policy,” Kazim Rizvi, Founding Director, The Dialogue, told BusinessLine.
”The interesting part is about licensing and pricing and the value addition through labour is to be priced appropriately. We need to see how we price data sets, and the value of a particular dataset will depend on the context in which it is solved. Value of data comes from relevance, quality, granularity, and moreover the linkage to the use case for which it needs to be used. Also, we need to create strong processes to minimize hurdles in the standardisation of prices,” he added.
‘Threat to data privacy’
IFF called out the draft policy for not having made the white paper public. The digital rights advocacy group said that the government held stakeholder consultations in closed doors.
“Coming to the content of the policy, there are problems with the objective of the policy itself, which is revenue generation. The general data protection regime (GDPR) has some of the best practices of data collection and processing, and mentions that data should be collected for a specific purpose and should be kept only to fulfil the purpose and not be further processed. The moment data collection is incentivised, it becomes problematic and can go against the purpose limitation and end up impacting data privacy,” Anushka Jain, Associate Counsel (Surveillance & Transparency), IFF told BusinessLine.
“The policy also states that all data will be shared across government bodies inter-departmentally, which will lead to a 360 degree profile of any citizen getting created. This further increases the risk of State-sponsored mass surveillance. Strict access control is needed for proper anonymisation. It’s very easy to re-identify any data even after proper anonymisation, there has been studies around it,” she added.
They are talking about putting in certain guidelines and standards for anonymisation, but we don’t know who is going to access and make those standards, whether there will be third parties involved, Jain said.
Prasanth Sugathan, legal director, SFLC.in believes that though the policy is a good initiative to bring in transparency for data collection, it should be strictly non-personal data and that too anonymised.
He said, “We need to be careful with the kind of data being shared and the kind of safeguards we have in place. The data sharing that is going to happen here cannot be personal data, only non-personal and anonymised data should be allowed. Anonymised data also leaves the concern of getting easily de-anonymised. That is where we need safeguards, tech measures in place to avoid de-anonymisation. There are also talks about sale of value-added data. These are all broader talk points.”
Rizvi added that more clarity will be required to define ‘high value’ data sets as broader terms like “based on importance in the market”, “socio economic benefits”, etc. which provide for wider powers to the incoming institutional body (Data Council) to decide on these things won’t suffice. There needs to be checks and balances apart from notifying set standards for quality data.