*****Government’s open data push sets off alarms – The Economic Times

Clipped from: https://economictimes.indiatimes.com/tech/technology/governments-open-data-push-sets-off-alarms/articleshow/90503805.cms

SynopsisThe Ministry of Electronics and Information Technology (Meity) released a draft of the India Data Accessibility and Use Policy 2022 for public consultation in February. It proposes that all central and state government bodies compulsorily share data with each other to create a common “searchable database”.

Chennai: The union government’s draft policy on data accessibility and use is stoking concern among industry members and activists who fear it will trigger increased privacy risks in the absence of regulatory cover for personal data in the country.

The Ministry of Electronics and Information Technology (MeitY) released a draft of the India Data Accessibility and Use Policy 2022 for public consultation in February. It proposes that all central and state government bodies compulsorily share data with each other to create a common “searchable database”.

While minimally processed data sets shall be made freely available, detailed data sets that have undergone value addition, transformation and qualify for monetisation may be priced appropriately, it said.

Industry groupings argue that this could open up a pandora’s box of privacy risks in the absence of a Data Protection Law. They are also seeking clearer definitions of terms like high-value data set, anonymised data along with a phased implementation plan. Terming the objectives and data sharing and governance principles as “prima facie valuable”, Nasscom said they are “broadly worded and are not articulated as quantifiable outcomes against which future performance can be measured.”

Responding to invitations for stakeholder comments, the IT industry grouping said that the policy’s success will depend on how successful it is in striking a balance between improving data access and quality, facilitating data reuse, and mitigating risks to privacy or security. “We suggested that the IDAUP should primarily apply to data that is created, generated, or commissioned by covered public entities using public funds,” Nasscom said.

“Further, we suggested that the IDAUP should only apply to anonymised data after due care has been taken to ensure identifying information has been removed and that other safeguards to preserve privacy have been implemented.”

The government, which is seeking to better utilise the voluminous data that it collects to provide better delivery of public services, had invited comments on the policy until March 18.

Software Freedom Law Centre (SFLC) — a digital think tank — categorically stated that with the Data Protection Act not being implemented, the selling of data was a “dubious” thing to do. It said that since there are no security safeguards that have been put in place for anonymisation, and the task has been delegated to the respective ministries, this would leave room for states to decide the standards for themselves. “The chances are that the government will exempt itself from the provisions of the Data Protection Act when passed,” SFLC said in its submission to the government that was published on their website on March 24 and was reviewed by ET. “Thus, there will be no checks and balances on government-to-government (or G2G) sharing of data. High security standards demand better infrastructure, which would disincentivise government departments/agencies from having proper security standards in place for the protection of data. Thus, MeitY should have secure anonymisation standards in the Policy,” it added.

The Internet Freedom Foundation (IFF) went a step ahead and said that the primary objectives were undergirded by “perverse economic incentives”. It also said that the cursory changes made to the Draft Data Access Policy fail to recognise the fundamental issues with the policy.

The Draft Data Access Policy states that “India’s ambition of becoming a $5 trillion economy depends on its ability to use data for better service delivery”. This policy approach is unfortunate as citizens’ data will be exploited in the name of achieving the country’s economic goals,” IFF said in a statement.

Further, IFF flagged that non-personal data has not been defined, leaving the door open to vagueness and arbitrary interpretations. The threat of deanonymisation has also not been adequately accounted for as several studies have shown that certain anonymised datasets have been found to be vulnerable to techniques of de-anonymisation.

In an interview with ET last week, Infosys cofounder and non-personal data (NPD) committee head S (Kris) Gopalakrishnan said that India needs to allow for the commercialisation of data, and the open data policy of the government which recommends monetisation of data should be encouraged.

“As long as citizens’ data privacy is protected and citizens receive better services in future, we need to allow for commercialisation,” Gopalakrishnan said. “This is sort of like travelling in a private car and public transportation — we share our private space for better economics. I am happy that select government data is available for research and innovation. We need to continue this process and make more data available with suitable safeguards for commercialisation and better citizen services.”

Gopalakrishnan had said that private and public interests must be balanced. He said that while there is a need to bolster economic activity around data, it is equally important to listen to concerns and try and address these or explain why certain decisions are made.

Share the joy of reading! Gift this story to your friends & peers with a personalized message. Gift Now

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s