Data Governance in India

Why is in news? India’s G-20 presidency has provided an opportunity for the country to showcase its advancements in the digital arena, particularly with regards to data infrastructures and data governance.

Background

As the world becomes increasingly digital, the G-20 has recognised the need for international cooperation and collaboration in addressing the challenges, opportunities and risks posed by the rapid growth of data and digital technologies.

In recent years, India has made great strides in its digital strategies and data governance.

India has embraced technology and digitalisation to drive economic growth and to improve the lives of its citizens.

However, as the country continues to evolve, it must also ensure that its digital strategies and data governance are inclusive, transparent, secure, and conducive to sustainable development.

Significant progress has been made in the use of digital technologies to provide access to bank accounts and in the promotion of digital transactions through the Unified Payments Interface (UPI) and other options.

DEPA: Indian model of Data governance

Data Empowerment and Protection Architecture (DEPA) is a framework released by National Institute for Transforming India (NITI) Aayog in India. It is also called a “consent-based-data-sharing framework to accelerate financial inclusion.

It is an Indian model of data governance that is evolving and targets individual empowerment, economic recovery and growth, and competitive data democracy.

DEPA framework aims at allowing people to access their data seamlessly and securely, and share it with third-party institutions.

Significance of DEPA

Financial exclusion

üDEPA also focuses on the financial inclusion of individuals, digital opportunity, consent manager involvement, organ framework, APIs for data sharing, etc.

üIt enables the growth of MSMEs (greater financial security), new aspirations (through credit), and prosperity (through savings and investment).

Digital opportunity

üSince data is the new oil, through this framework, MSMEs will become data-rich, and resultantly, witness socio-economic growth. Due to the large scale use of data in the digital market and the increase in mobile connectivity after the advent of Aadhar, UPI, etc., members from lower socioeconomic strata are more data-savvy a have more access to data.

üTherefore, small businesses, Kirana shop owners etc., could use their digital data for building trusts with financial institutions for availing credit. APIs enable encrypted data flow between the data user and the data provider.

Overcome the challenge of Data silos



üData is in control in the hands of a few incumbents; and presently, whoever has data, has power.

üFor instance, Facebook and Google together dominate about 71 per cent of the digital ad market in the US. It is merely because of the concentration of data in the hands of silos. Data needs to flow to gain maximum economic growth.

üIn India, DEPA has tried resolving a similar issue by focusing on sharing data amongst other small players present in the market and simultaneously, protecting and empowering the data.

Inverting the data

üIt basically means giving power to the user and announcing to him the owner of his data.

üUsers can share the data in a secure manner, and opt for sharing it for its own benefit, rather than sharing it with silos to get advertisements.

üAlthough it requires an evolvable, interoperable, and secure data sharing framework to stand in the market.

Shifts towards empowerment

üIt is personal data management that transforms the current organization-centric data sharing to an individual-centric approach, it promotes user control on data sharing for empowermentHence, companies can not benefit from an individual’s data.

Concerns with DEPA

DEPA could help to build trust in digital technologies and data governance. However, there are also risks associated with DEPA, particularly in terms of security and privacy.

If the consent management tool is not properly implemented or managed, there is a risk that personal information could be misused or misappropriated.

Additionally, there are concerns that the implementation of DEPA may be inconsistent across different sectors and jurisdictions, which could undermine its effectiveness and create confusion among citizens.

There are concerns that relate to security and privacy on the one hand and on infrastructure, connectivity and the availability of a skilled human workforce on the other hand. Moreover, there are also concerns around the potential misuse of data and information in these sectors.

üFor example, in the health sector, there is a risk that sensitive medical information could be misused or exploited for commercial purposes, while in agriculture, there is a risk that market information could be manipulated for the benefit of certain actors.

Another issue is that of ownership and governance of data generated and collected in health and agriculture

In order to realise the potential benefits of DEPA and minimise the risks, it is important that the tool is implemented in a transparent, consistent, and secure manner. This will require close collaboration between the government, the private sector, civil society, and other stakeholders and the development of clear and effective regulations and standards.

The issue of data sovereignty

Data sovereignty has become an increasingly important issue.

The term “data sovereignty” refers to the principle that a country has the right to control the collection, storage, and use of data within its borders and also to the informational self-determination of citizens over their data.

India’s establishment of an India Data Management Office (IDMO) is a step forward in the country’s journey towards data sharing and data governance.

The IDMO is expected to oversee and coordinate the implementation of India’s digital strategies and data governance framework, and to ensure that these efforts are aligned with the country’s values and priorities. It will also work to promote the development and implementation of open-source solutions, which will help to ensure that underlying data architectures are a social public good, and to promote digital technologies to become accessible and affordable for all.

Again, this is a great opportunity for India to develop solutions that can be adopted and adapted in other countries. Open source and open innovation models can be important alternatives to proprietary solutions that are governed by big tech companies.

In this context, many commentators have called for the opening of data “silos” to capture the potential wealth of data sharing between governmental offices, corporations and citizens. While opening up some data silos may be useful in promoting citizen participation and increasing access to information, others may jeopardise trust and security.

Find a middle way

The sharing of sensitive personal or financial information may be harmful to individuals and society as a whole, as it may lead to discrimination, exclusion, and unforeseen negative consequences.

Therefore, it is important for India to navigate a middle way between restrictive data sovereignty and limitless data flow, and define which data, for which purposes, can be shared and used by whom.

In doing so, India must respect and protect the fundamental right to privacy with a robust data protection law, and balance the interests of all stakeholders, including governments, businesses, and citizens for the goal of sustainable development.

This requires the development of clear, transparent and accountable data governance policies and regulations as well as investment in the necessary digital infrastructure and skills to ensure that data is collected, stored, and used in a responsible, secure and accountable manner — so that a resilient data governance regime can be accomplished.

In conclusion, while the advancements in financial inclusion and UPI hold promise for transfer of inter alia data to other parts of the India Stack (for instance in health and agriculture) there are also valid sceptical notes that must be taken into account. (India Stack is a unified software platform that provides digital public goods, application interfaces and facilitates digital inclusion.)

The challenges of digital infrastructure, privacy protection, data security, and responsible data governance must be addressed before these advancements can be fully realised in other sectors.

Further, it is essential that the India Stack is designed and implemented in a way that is consistent with India’s broader development strategies.

This will help to ensure that the data governance is aligned with the country’s values and priorities, and that it supports, rather than undermines, the development of a secure, more egalitarian, and trustworthy digital future for all.

In this, India has a unique opportunity to develop and implement a data governance regime that can become a model for other countries.

Conclusion

Obviously data governance has to be a process in evolution that is agile and responsible. But it has to be built upon fundamental rights, values and norms and on regulations that balance the interests of all stakeholders. These concerns must be addressed through strong and robust data protection regulations, the development of ethical and responsible data governance practices, as well as effective and accountable oversight mechanisms.