On 26th May 2022, the Ministry of Electronics and Information Technology (“MeitY”) published the Draft National Data Governance Framework Policy (“NDGFP”) for public consultation. The last date for submission of comments is 11th June 2022. The Preamble of the Draft NDGFP highlights the rapid growth of the economy and digitization of governance in India. It notes the value of data-driven governance during the COVID-19 era while recognising the accelerating rate of digitization and the volume and velocity of data generated in present times. The Draft NDGFP has been published with the aim to utilise this data to improve citizens’ experience and engagement with the government.
Applicability:
This Policy shall be applicable to:
Objectives & Purpose:
This Policy shall be applicable to:
Introduction of a India Data Management Office: The Draft NDGFP aims to set up a “India Data Management Office” (“IDMO”) under the “Digital India Corporation” (“DIC”) under MeitY’s regime to frame, manage and periodically review and revise the Draft Policy. It would carry out the following activities:
Our Take:
The Draft NDGFP is an attempt to standardise data storage and accessibility norms across Government Platforms. While the NDGFP primarily concerns itself with making the Government bodies better equipped at handling data, it does not expressly keep private entities out of the purview of the Framework. The framework aims to include non-personal datasets housed with ministries and private companies into the India Datasets program, encouraging private entities to share such data with the IDMO for further use by other requesting entities.
The Draft NDGFP also doesn’t expand on the technicalities involved in how such data shall be stored and the measures that may be undertaken to ensure the safety of such data. As pointed out by the Joint Parliamentary Committee Report reviewing the Data Protection Bill 2021, it is possible for anonymised data to be re-anonymised.
This may have potential data protection and privacy related issues since non-personal data, though stripped of any identifiable characteristics may be business confidential information or may have information that may be proprietary to private entities. Therefore, as was the concern with the “Draft India Data Accessibility and Use Policy” there is a need for a proper legislation for non-personal data instead of a policy as framed by the Central Govt., and such legislation for non-personal data will also have to fulfil the threefold requirements which apply to all restraints on privacy as mandated by the Supreme Court in KS Puttaswamy and Another v. Union of India and Others.
Additionally, the issue of potential privacy/data protection related risks with the erstwhile “Draft India Data Accessibility and Use Policy” persists since the implementation of the Draft Policy before the enactment of the DP Bill 2021 is pre-mature. Accordingly, legal accountability, legal framework or any regulatory mechanism in case of leakage or breach of personal data or business confidential information as shared with requesting entities or in the Open Data Portal will need to be addressed first through the enactment of the DP Bill 2021 which also includes non-personal data within its ambit and provides privacy related safeguards.
This article was first published on Saikrishna&Associates