A chance for India to shape a data governance regime | 14th March 2023 | UPSC Daily Editorial Analysis

What's the article about?

• It talks about the evolving data governance regime in India.

Relevance:

• GS2: Government Policies and Interventions for Development in various sectors and Issues arising out of their Design and Implementation;
• GS3: Basics of Cyber Security;
• Prelims

Context:

• In recent years, India has made great strides in its digital strategies and data governance.
• India has embraced technology and digitalisation to drive economic growth and to improve the lives of its citizens.
• However, as the country continues to evolve, it must also ensure that its digital strategies and data governance are inclusive, transparent, secure, and conducive to sustainable development.

Recent developments and challenges in India’s data governance regime:

Data Empowerment and Protection Architecture (DEPA):

• Data Empowerment and Protection Architecture is a framework released by National Institute for Transforming India (NITI) Aayog in India.
• It is also called a “consent-based-data-sharing framework to accelerate financial inclusion”.
• DEPA framework aims at allowing people to access their data seamlessly and securely, and share it with third-party institutions.
• It is an Indian model of data governance that is evolving and targets individual empowerment, economic recovery and growth, and competitive data democracy.
• Why is DEPA required?
  • Currently, data is in control of the giants who have captured most of the marketplace all over the world.
  • These incumbents make profits more than the GDP of a few countries.
  • Since data is the new oil, they have become powerful and have already created a monopoly in the market dynamics.
  • This has affected small scale enterprises to survive in such a tech-savvy marketplace. It is inevitable to mention that with the COVID-19 outbreak, businesses of many small entrepreneurs have either vanished or are surviving with much difficulty.
  • To overcome the same, and to sustain competition in the market, it has become essential for governments to intervene and come up with some solution for providing fair opportunities to all the businesses present in the market, and to promote new ones providing them with the facility to easy access to the existing data and to share it with third-party institutions.
  • Therefore, NITI Aayog has come up with a framework known as Data Empowerment and Protection Architecture (hereinafter referred to as DEPA) which will enable SMEs to utilise the existing data that is available in silos, i.e., with the existing players from the industry such as fintech, e-commerce, healthcare or insurance bringing out new products and services in the market.
• Significance of the DEPA:
  • DEPA has the potential to improve data protection and privacy for citizens by giving them greater control over the use and sharing of their personal information.
  • By allowing individuals to easily manage and control their data consents, DEPA could help to build trust in digital technologies and data governance.
• What are the concerns reading DEPA?
  • Security and privacy: If the consent management tool is not properly implemented or managed, there is a risk that personal information could be misused or misappropriated.
  • Inconsistency across different sectors: The implementation of DEPA may be inconsistent across different sectors and jurisdictions, which could undermine its effectiveness and create confusion among citizens.
  • Implementation and other stakeholders: In order to realise the potential benefits of DEPA and minimise the risks, it is important that the tool is implemented in a transparent, consistent, and secure manner. This will require close collaboration between the government, the private sector, civil society, and other stakeholders and the development of clear and effective regulations and standards.
  • Lack of infrastructure, connectivity and the availability of a skilled human workforce.
  • Potential misuse of data and information in some sensitive sectors such as health, agriculture, etc.
  • Issue of ownership and governance of data generated and collected in some sensitive sectors such as health, agriculture, etc.
• Way forward for DEPA:
  • Data governance has to be a process in evolution that is agile and responsible. But it has to be built upon fundamental rights, values and norms and on regulations that balance the interests of all stakeholders.
  • These concerns must be addressed through strong and robust data protection regulations, the development of ethical and responsible data governance practices, as well as effective and accountable oversight mechanisms.

Data sovereignty:

• The term “data sovereignty” refers to the principle that a country has the right to control the collection, storage, and use of data within its borders and also to the informational self-determination of citizens over their data.
• India’s establishment of an India Data Management Office (IDMO) is a step forward in the country’s journey towards data sharing and data governance.

• The IDMO is expected to oversee and coordinate the implementation of India’s digital strategies and data governance framework, and to ensure that these efforts are aligned with the country’s values and priorities.
• It will also work to promote the development and implementation of open-source solutions, which will help to ensure that underlying data architectures are a social public good, and to promote digital technologies to become accessible and affordable for all.
• Again, this is a great opportunity for India to develop solutions that can be adopted and adapted in other countries. Open source and open innovation models can be important alternatives to proprietary solutions that are governed by big tech companies.

India Stack:

• India Stack is the collection of Application Peripheral Interfaces launched by the Government of India. This includes BHIM, Digilocker, UPI, and several other applications.
• The components of this collection are owned and maintained by different agencies.
  • Aadhaar products such as e-auth and e-KYC are owned by the Unique ID Authority of India.
  • eSign is a technology specification which is maintained by the Ministry of Communications and Information Technology.
  • Digilocker is owned by the Ministry of Electronics and Information Technology.
  • UPI is owned by the National Payments Corporation of India.
  • The Account Aggregator framework is regulated by RBI and its technology standards and owned by ReBIT.

Way Forward:

• The challenges of digital infrastructure, privacy protection, data security, and responsible data governance must be addressed before these advancements can be fully realised in other sectors.
• Further, it is essential that the India Stack is designed and implemented in a way that is consistent with India’s broader development strategies.
• This will help to ensure that the data governance is aligned with the country’s values and priorities, and that it supports, rather than undermines, the development of a secure, more egalitarian, and trustworthy digital future for all.
• In this, India has a unique opportunity to develop and implement a data governance regime that can become a model for other countries.