The Ministry of Electronics and Information Technology (MeitY) published a document called the draft India Data Accessibility and Use Policy on its website on 21 February 2022.
Two provisions, in particular, immediately caught the attention of think tanks and advocacy groups:
One, which suggested that datasets that have undergone value addition or transformation may be "priced appropriately".
Another, which proposed that all data for every government body shall be "open and shareable by default," unless specified otherwise.
After a swift backlash, the policy was quietly updated, presumably on 26 February. Critical provisions have now been rewritten in softer language.
The word 'data', for instance, has been replaced with 'non-personal data' throughout the document, 'privacy' is mentioned more frequently, and the phrase 'high value datasets' has disappeared altogether.
But the document still retains its controversial essence. Here's a breakdown.
How the Government Plans To Do It
According to the latest draft, the policy aims to "radically transform India's ability to harness public sector data" and to "enhance access, quality, and use of non personal data."
If passed, it would apply to all non-personal data and information
created or collected by the Government of India directly or through authorised agencies.
State governments would be free to adopt its provisions at will.
A central India Data Office (IDO) would be set up by the IT Ministry, which would coordinate sharing and classification of data with the chief data officers of every ministry or department.
All "non personal data" will be categorised into three types:
Existing and new data would be arranged into detailed and searchable data inventories and approved data would be put into a government-wide searchable database for government-to-government data sharing.
The provision about high-value datasets being "priced appropriately" has been replaced with one that says, "Most data sets shall be made available at no cost to promote innovation and research & development."
This, however, implies that there are some data sets that could be available for purchase.
Language like, "to incentivise and promote such data sharing, innovative and just licensing frameworks that enable fair access and use will be made available by India Data Office," supports this hypothesis.
Even in its current form, the draft suggests that the government is looking to make high-quality public sector data available to the private sector to help India become a $5 trillion digital economy.
It follows in the footsteps of the National Economic Survey, 2019, which had also pushed for private organisations to be granted access to government data for a fee.
It is important to note that draft policies typically go through multiple revisions before being formally adopted, which means the provisions of this policy aren't set in stone yet.
Data Accessibility Before Privacy?
The initial draft, which was accompanied by a call for inputs and feedback, was met with concerns raised by industry groups and stakeholders. These concerns carry over to the new draft as well.
Non-profit trade association Nasscom said that though the objectives and principles in the policy were "prima facie valuable", it would only be successful if it could strike a balance between improving data access and quality, and mitigating privacy and security risks.
Others were less generous with their feedback. One of the main concerns stems from the fact that India doesn't yet have a data protection law in place.
Think tank Software Freedom Law Centre (SFLC) said that without the Data Protection Act being passed and implemented, the selling of data "seems like a dubious thing to do."
"The chances are that the government will exempt itself from the provisions of the Data Protection Act when passed," it added.
Karthik Venkatesh, program manager at The Dialogue, said that it remained to be seen how this policy would interact with the Supreme Court's Right to Privacy verdict.
"As MeitY is yet to finalise the data protection regime for the country to secure informational privacy... the interlinked non-personal data can potentially create an exploitative relationship," he said.
"For instance, inter-linkage of non-personal data sets can reveal the personal identity of the individuals due to triangulation and also cause collective privacy harms."Karthik Venkatesh
"Besides, this confederation of non-personal databases can lead to unintended consequences of surveillance by whoever has access to the system," he added.
The Internet Freedom Foundation (IFF) said that the policy had "perverse economic incentives" and that the changes made to the draft failed to address the fundamental issues with the policy.