The Ministry of Electronics and Information Technology (“MeitY”), on 21st February 2022, released a Draft India Data Accessibility and Use Policy ("Draft Policy"), along with a Background Note on the same. The Draft Policy is aimed at transforming India’s ability to harness public sector data, in pursuit of the higher goal of social transformation. It envisages both government to public data sharing through the existing open data sharing portal as well as government to government data sharing.
The stated objectives of the Draft Policy includes, among others, maximizing access to and use of quality non personal data available with the public sector and enhancing the efficiency of service delivery, protecting the privacy of all citizens and increasing the availability of datasets of national importance. The desired outcome of the Draft Policy would be the creation of detailed, searchable data inventories.
This Draft policy will be applicable to all non-personal data and information created, generated, collected or archived by the Government of India directly or indirectly through authorised agencies and autonomous bodies. State Governments will also be free to adopt the provisions of this policy and the protocols as applicable.
The Draft Policy envisages a negative list to be published by departments and ministries, which would enumerate confidential data sets which are not to be shared at all. There would also be a restricted access list, of datasets accessible only through a prescribed process of registrations and authorization by respective departments or organizations.
In addition to the MeitY, the Policy provides for the creation of the two new executing bodies – The India Data Office (IDO) and the India Data Council (IDC). The IDO would facilitate data access to stakeholders including researchers, start-ups, enterprises, individuals and government departments. It would also notify protocols for sharing of non-personal datasets. The IDC shall comprise of the India Data Officer and Chief Data Officers of state and central government departments. Broadly they shall device frameworks for defining important datasets, finalize data and metadata standards and review the implementation of the policy.
Impact and Concerns
It is felt that this exercise of framing a data accessibility and use policy before enacting a data protection legislation amounts to putting the cart before the horse (with the horse being the enactment of the Data Protection Bill 2021). The Data Protection Bill 2021 (“DP Bill”) must be enacted first, particularly in light of the Supreme Court judgment in KS Puttaswamy and Another v. Union of India and Others[(2017) 10 SCC 1], holding that any intrusion into the privacy of an individual by access to personal information (or anonymised non-personal data with the possibility of re-identification), will have to necessarily be subject to legislative sanction and legitimate state interest, both required to be valid from a constitutional validity perspective.
Additionally, there should be legislative safeguards for limited use of inter-departmental data sharing to prevent any potential surveillance related overreaches.
The last date for submission of stakeholder inputs was 18 March 2022.