The internet is a veritable smorgasbord of people, businesses, and a marketplace of ideas that generate enormous economic growth – especially in India. The ‘Digital India’ mission, moving at breakneck speed, promises to accelerate this revolution. MeitY’s recent policy proposal – ‘Draft India Data Accessibility & Use Policy, 2022’ – aims to radically transform India’s ability to harness data collected by the government. While it is to be heralded, the monetising of data collected by public agencies is a venture into unchartered territory. Utmost caution must be exercised to protect personal and sensitive data and create a safe and level playing field for everyone. Fair, reasonable and non-discriminatory terms are a clear prerequisite.

The draft policy outlines bottlenecks that exist in data sharing and use, including – the absence of a body for policy monitoring and enforcement of data sharing efforts, absence of technical tools and standards for data sharing, identification of high value datasets, and licensing and valuation frameworks. The Policy enunciates a way forward to unlock the high value of data across the economy, robust governance strategy, making Government data interoperable, and instilling data skills and culture.

All data and information generated, created, collected, or stored by the central government and authorised agencies are covered by the Policy. All government data will be open and shareable with some exceptions. Some datasets will either not be shared or provided with restricted access to trusted users under a controlled environment, as defined by the respective ministry or department. Additionally, the Policy states that data shall remain the property of the government agency or department that generates or collects it. Access to data under this policy should not violate any acts or rules of the Indian government.

The implementation of the Data accessibility and Use policy, however, is fraught with several challenges. The biggest hurdle is that India does not have a data protection law. Releasing government data collected from citizens without a data protection law in place can make crores of Indians vulnerable without any legal recourse if their data is misused or breached. Inter-departmental data-sharing poses several concerns regarding privacy. The open government data portal containing data from all departments may result in 360-degree profiles of everyday citizens and enable state-sponsored mass surveillance. The risk of this data falling into the wrong hands, is incredibly high.

The policy does state that data will be anonymised. However, there seems to be a visible lack of legal accountability and independent regulatory oversight. There are also various types of scientific analyses and automated tools that can re-identify anonymous data which may be made easier if large sets are released by various agencies.

Anonymisation is not a guarantee of data protection. Since the commercial value of data increases with access to personal data, there is an unfortunate incentive that drives re-identification. One man’s anonymous data may just be the missing piece of the puzzle in another man’s mission to re-identify individuals. Without anchoring legislation, aka the Data Protection Bill, the policy may not be able to fulfil the threshold of legality for state intervention into privacy, which was put in place by the Supreme Court of India in its landmark right to privacy decision (K.S. Puttaswamy v. Union of India in 2017).

The Policy’s core principle is to promote transparency from the Government to its citizens. However, there is only one mention of transparency, and little or no mention of how such data sharing will help ensure demands for accountability.

One of the Policy’s aims is to anonymise and share ‘high-value’ datasets but there is inadequate clarity about what constitutes ‘high value.’ Moreover, it is a complex matter to put a valuation or price on any content or data, let alone a national resource like public data. There must be caution when pricing scarce and precious national resources for commercialisation.

One of the reasons for this data sharing seems to be to spur the startup economy in India by giving them a leg up. Without clarity in data processing and data sharing, small startups will be fraught with uncertainty. Many may want data to fuel their innovations but cannot afford commercialisation and consequences of complicated legal processes due to usage of non-personal or commercial data. Competitive advantage is also a moot point as big players will purchase every available dataset. Data about India and its citizens may also be purchased by large global conglomerates and other nations.

Also, is data availability even a bottleneck? The point of startups is to ‘jugaad.’ Startups must identify a market need and design a product or service to fulfil that need, better and before everyone else. A lack of data never stopped Airbnb, Uber, or even successful Indian startups. Forget tigers and peacocks; our national animal may soon be Unicorns. In 2022 alone, eight Indian startups reached unicorn status – billion-dollar valuations (IBEF). We are home to 88 unicorns in total with a valuation of $295.99 billion. Paytm, Delhivery, Flipkart, 1mg, and more are shining examples of startups collecting the data they need from consumers by fulfilling a market need. There was no need to analyse huge amounts of existing data.

Delhivery, for example, focused on last-mile delivery solutions, after recognizing challenges in this segment. It developed an AI-based algorithm to generate the correct geographical location from incomplete or incorrectly spelt addresses. This was essential as there is no standard way in which addresses in India are specified. Today, it could sell this as a product or service, if required.

Therefore, supporting data sharing, without support for the underlying data infrastructure and algorithmic skills, will undermine the goals of the Policy. Startups need a lot more to flourish – algorithmic skills and skilled resources, growth incentives, finances, a stable regulatory regime, legal support, and more.

In its present form, the Draft Data Accessibility & Use Policy could lead to regulatory uncertainty due to the ambiguous roles of various actors. In trying to be the first country to legislate a NDSAP law, we could end up creating even greater legal regulatory uncertainty than what exists today. It needs to be examined whether mandatory data sharing is the only way to spur innovation and if it will actually do so.

The amount of citizen data gathered is expected to grow explosively in the next decade and is becoming a key cornerstone of India’s aspirations for a USD 5 trillion digital economy. The National Economic Survey 2019 observed the commercial benefits of exploitation of Government data. It also states that the private sector may be granted access to select databases for commercial use. However, with great power, comes great responsibility (Stan Lee).

India is at the cusp of a powerful digital revolution, with rapidly growing smartphone usage and strategic government policies to promote a vibrant economy. The Aadhar, for example, made it possible to deliver government services to residents while ensuring that benefits reach the right persons. It does involve parting with personal data though, including sensitive biometrics. There is no doubt that the government has a large pool of excellent and useful data. However, it may prudent to reconsider the release of large amounts of data without a data protection bill in place and active oversight of how the data will be used. Fair, reasonable and non-discriminatory (FRAND) terms are a clear prerequisite.

TV Ramachandran is Hon. Fellow of the IET (London) and President of Broadband India Forum. Views are personal. Research inputs by Debashish Bhattacharya and Abhijit Panicker.