The finance ministry wants to convert the Goods and Services Tax Network (GSTN), the not-for-profit organisation that provides the technological backbone to the GST, into a government-owned company. In fact, according to media reports, even a 100 per cent government stake has not been ruled out. At present, the government holds a 49 per cent stake — the Centre and states share 24.5 per cent each — and the balance 51 per cent is held by five non-government institutions — 11 per cent by LIC Housing Finance and 10 per cent each by HDFC, HDFC Bank, ICICI Bank and NSE Strategic Investment Co Ltd. The apparent reason for this rethink, just 10 months after the roll-out of the GST, is the government’s concern about the safety and security of “sensitive” data.
It is true that the GSTN handles massive amounts of data; by now, over 10 million businesses have already registered on the GSTN portal. The government’s logic is that the GSTN deals with crucial data sets such as indirect tax returns and refunds, and so its ownership should be limited to the government for security reasons. The implicit assumption here is that data is safer with a government company than in with private sector entity. This is not the first time that such a demand has been made. A select committee of the Rajya Sabha, set up to examine the Constitution amendment Bill on the issue, had demanded that the government should ensure the shareholding of non-government financial institutions be limited to public sector banks or public sector financial institutions. In the committee’s view, the GSTN’s work is of strategic importance to the country since the firm will be a repository of a lot of sensitive data on business entities nationwide.
This is poor logic, as there is no evidence as yet that safety of data is in any way related to the ownership of the GSTN. The government and private entities do not function under different data security norms. In any case, the government’s own data security systems do not have a great track record. Several government websites have been routinely hacked – in fact, data show that 114 of them were hacked in the nine months to January this year. The controversy over leaks in Aadhaar data further undermines the confidence in the government’s ability to be a safe custodian of data. What is worse, changing the ownership will likely hurt the freedom and efficiency with which the GSTN needs to work, given the fast-paced demands of businesses. This was the reason why the GSTN’s ownership was kept free from the controls a public sector entity works under in terms of compensation structures and other speed-breakers. In any case, the government already enjoys strategic control over the GSTN due to its 49 per cent stake and the rules mandate that the quorum for a board meeting requires that at least half of the government-nominated directors should be present. Also, most large government information technology related projects have been given to private software firms in the past, and the GSTN is no exception, in that sense. The GST regime is, at last, settling down and the government should build on this stability, not risk it.