Context: India’s G-20 presidency has provided an opportunity for the country to showcase its advancements in the digital arena, particularly with regards to data infrastructures and data governance.
A Chance for India to Shape a Data Governance Regime Introduction
- In recent years, India has made great strides in its digital strategies and data governance, adopting technology and digitalization to boost economic growth and to improve the lives of its citizens.
- However, as the country continues to evolve, it must also ensure that its digital strategies and data governance are inclusive, transparent, secure, and conducive to sustainable development.
- In this regard, the launch of India’s Data Empowerment and Protection Architecture (DEPA), a consent management tool, has generated both excitement and concern among stakeholders.
What is Data Governance?
- Data governance refers to the management of data usage, data security, data availability and data integrity.
- It involves defining policies, procedures, and standards for data management, as well as assigning roles and responsibilities for data stewardship and oversight.
- The main goal of data governance is to ensure that data is reliable, accurate, and consistent, and that it can be trusted by the people who use it.
What is Data Empowerment and Protection Architecture (DEPA)?
- DEPA stands for Data Empowerment and Protection Architecture, is a framework to enable the safe and secure sharing of personal data between different entities.
- It was launched by the NITI Aayog in 2020 on the premise that individuals themselves are the best judges of the ‘right’ uses of their personal data.
- Under the DEPA framework, individuals have the right to access their own data, as well as the right to share it with third-party providers of their choice.
Potential Advantages with DEPA
- Empowering individuals: DEPA is designed to give individuals control over their personal data, allowing them to share it securely with third-party providers of their choice.
- Data security and privacy: DEPA is built on a decentralized architecture, which can help to improve data security and privacy by reducing the risk of data breaches and unauthorized access to personal data.
- Efficient digital transactions: DEPA’s consent management tools can help to streamline and simplify digital transactions, while also reducing transaction costs and improving the efficiency of digital markets.
- Digital trustworthiness: By allowing individuals to easily manage and control their data consents, DEPA could help to build trust in digital technologies and data governance.
- Boosting financial inclusion: DEPA enables underserved and marginalized communities to access a range of financial services by allowing them to securely share their financial data with third-party providers such as fintech startups.
What are the Concerns Associated with DEPA?
- Misuse of data: If the consent management tool of DEPA is not properly implemented or managed, there is a risk that personal information could be misused or misappropriated.
- For example, in the health sector, there is a risk that sensitive medical information could be misused or exploited for commercial purposes.
- While in agriculture, there is a risk that market information could be manipulated for the benefit of certain actors.
- Implementation Concerns: There are concerns that the implementation of DEPA may be inconsistent across different sectors and jurisdictions, which could undermine its effectiveness and create confusion among citizens.
- Infrastructure challenges: DEPA also faces concerns related to infrastructure, connectivity and the availability of a skilled human workforce.
- The issue of data sovereignty: Data sovereignty is the concept that data is subject to the laws and governance structures of the country where it is located.
- In the context of DEPA, there is a concern that the data being shared through the platform may not be subject to the same level of data sovereignty as it would be if it were kept within the country.
- This could potentially raise issues related to data protection, privacy, and security, as well as create challenges for regulating the use and sharing of data.
Other Important Initiatives and Policies for Data Governance in India
|India Data Management Office (IDMO)||India’s establishment of IDMO is a step forward in the country’s journey towards data sharing and data governance.
The IDMO is expected to oversee and coordinate the implementation of India’s digital strategies and data governance framework, and to ensure that these efforts are aligned with the country’s values and priorities.
|Draft National Data Governance Framework Policy (NDGFP)||The draft policy focuses on improving the institutional framework for: Government data sharing, promoting principles around privacy and security by design, and Encouraging the use of anonymization tools.
The aim is to standardize the government’s data collection and management while catalyzing AI and Data led research and a startup ecosystem.
- Balancing Data Sharing and Privacy: India needs to find a middle way between restrictive data sovereignty and limitless data flow, to define which data can be shared and used by whom, while also protecting the fundamental right to privacy with a robust data protection law.
- Investment in Digital Infrastructure and Skills: India needs to invest in the necessary digital infrastructure and skills to ensure that data is collected, stored, and used in a responsible, secure and accountable manner to achieve a resilient data governance regime.
- Data silos: In the context of data sovereignty, many commentators have called for the opening of data “silos” to capture the potential wealth of data sharing between governmental offices, corporations and citizens.
- Data silos are separate databases or systems within an organization that are not integrated or connected with other databases or systems.
- While opening up some data silos may be useful in promoting citizen participation and increasing access to information, others may jeopardize trust and security.
- Collaboration of multiple stake holders: The DEPA must be implemented in a transparent, consistent and secure manner, which requires close collaboration between all the government, the private sector, civil society, and other stakeholders.