Indian government urged to prioritise privacy as it embarks on data-sharing plan
Law and privacy experts have called on the Indian government to implement a data protection policy before moving ahead with data-sharing plans that would monetise public sector data.
A draft policy document unveiled by the country’s Ministry of Electronics and Information Technology (MeitY) on 21 February outlines plans for all data created or held by government departments and authorised agencies to be shareable by default unless categorised as sensitive.
Under the plans, a new unit, the India Data Office, would be established from which organisations would be able to purchase data for research and other purposes.
Read more: Indian government intervenes in battle over AI roles
Privacy experts are split over whether the India Data Accessibility and Use Policy is designed primarily to use data for economic gain or to enable social transformation and improve citizen services but in either case, failure to safeguard citizens’ data would likely result in legal challenge.
Under a proposed Data Protection Bill, there would be a near blanket exemption for government agencies from adhering to the compliances outlined within it.
Apar Gupta, executive director of the Internet Freedom Foundation, which is based in New Delhi, believes the data-sharing framework does not sufficiently prioritise transparency and accountability. If the policy is implemented, there is risk of the government “acting as a data broker” and being incentivised to collect more sensitive citizen data and to store it for longer periods. “This will undermine the privacy of citizens and make them susceptible to profiling on the basis of their government data by the private sector,” he told The Financial Express (FE).
Risk of undermining India’s ‘sovereignty, security and integrity’
Pavan Duggal, a Supreme Court lawyer and cyber law expert, told FE the policy is a step in the right direction, but it is likely to face a large number of legal and policy issues and challenges.
“India does not have a cyber security law, India does not have a data protection law, and India does not have a privacy law. In this huge vacuum of policy, getting this data access policy will actually be an invitation to disaster,” he said. “It could have immense ramifications not just from the perspective of people’s fundamental liberties and rights, but could also potentially lead to situations which could prejudicially impact India’s sovereignty, security and integrity.”
If the government were to enable access to and disseminate the data it had collected, it would be a direct violation of people’s fundamental right to privacy under Article 21 of the Constitution, he said.
Read more: India considers non-personal data sharing regulation
Cybersecurity is another concern. Without adequate protections, there would be “high chances” of the government data pool being hacked or targeted, Duggal said.
He described the idea of government data sharing as a “dream” and said that if it is to become a reality the Indian government would have to cement “cogent foundational pillars that are currently missing”.
Past instances of misuse of public data
According to the draft policy document, the data-sharing framework is intended to improve policymaking, evaluation and monitoring; enhance service delivery efficiency; and build the digital and data capacity, knowledge and competency of government officials.
It stated that a robust data sharing ecosystem would protect the privacy and security of all citizens, promote transparency and accountability, ensure greater awareness among citizens of open data, and improve compliance with data-sharing standards.
However, past instances of misuse of public sector data in India have prompted criticism of the new policy which provides only a broad framework and does not include detail on how citizens’ data would be protected.
Read more: UK data strategy signals new cross-government standards
Prasanth Sugathan, legal director at the Software Freedom Law Center told FE that open data is important to ensure transparency but that the policy fails to address concerns around the risk of de-anonymisation of anonymised data, for example. “With the misuse of data by various government departments in the past, including sale of data by the Ministry of Road Transport and Highways, there should be an emphasis on safeguards to prevent such misuse,” he said.
The MeitY website acknowledges “there is a need to bring in some more clarity with regard to some of the clauses in the draft policy so that the objectives of the data accessibility policy to enable better services is made amply clear”.
Clauses will be finalised following the input of stakeholders in the consultation process, it said. The deadline for feedback on the draft proposal is 18 March 2022.
Like this story? Sign up to Global Government Forum’s email news notifications to receive the latest updates in your inbox.
About Mia Hunt
Mia is a journalist and editor with a background in covering commercial property, having been market reports and supplements editor at trade title Property Week and deputy editor of Shopping Centre magazine, now known as Retail Destination. She has also undertaken freelance work for several publications including the preview magazine of international trade show, MAPIC, and TES Global (formerly the Times Educational Supplement) and has produced a white paper on energy efficiency in business for E.ON. Between 2014 and 2016, she was a member of the Revo Customer Experience Committee and an ACE Awards judge. Mia graduated from Kingston University with a first-class degree in journalism and was part of the team that produced The River newspaper, which won Publication of the Year at the Guardian Student Media Awards in 2010.
Related Posts
