A chance for India to shape a data governance regime
In recent years, India has made great strides in its digital strategies and data governance. India has embraced technology and digitalisation to drive economic growth and to improve the lives of its citizens. However, as the country continues to evolve, it must also ensure that its digital strategies and data governance are inclusive, transparent, secure, and conducive to sustainable development.
India’s G-20 presidency has provided an opportunity for the country to showcase its advancements in the digital arena, particularly with regards to data infrastructures and data governance. As the world becomes increasingly digital, the G-20 has recognised the need for international cooperation and collaboration in addressing the challenges, opportunities and risks posed by the rapid growth of data and digital technologies.
Significant progress has been made in the use of digital technologies to provide access to bank accounts and in the promotion of digital transactions through the Unified Payments Interface (UPI) and other options.
DEPA and related concerns
The launch of India’s Data Empowerment and Protection Architecture (DEPA), a consent management tool, has generated both excitement and concern among stakeholders. On the one hand, DEPA has the potential to improve data protection and privacy for citizens by giving them greater control over the use and sharing of their personal information. By allowing individuals to easily manage and control their data consents, DEPA could help to build trust in digital technologies and data governance. However, there are also risks associated with DEPA, particularly in terms of security and privacy. If the consent management tool is not properly implemented or managed, there is a risk that personal information could be misused or misappropriated.
Additionally, there are concerns that the implementation of DEPA may be inconsistent across different sectors and jurisdictions, which could undermine its effectiveness and create confusion among citizens. In order to realise the potential benefits of DEPA and minimise the risks, it is important that the tool is implemented in a transparent, consistent, and secure manner. This will require close collaboration between the government, the private sector, civil society, and other stakeholders and the development of clear and effective regulations and standards.
While the advances in financial inclusion and the successful implementation of the UPI in India are commendable, it remains to be seen whether these advancements can be replicated successfully in other areas such as health and agriculture. The use of digital technologies can enhance access to health-care services, particularly in rural and remote areas, while in agriculture they can empower farmers and enhance their incomes.
However, there are concerns that relate to security and privacy on the one hand and on infrastructure, connectivity and the availability of a skilled human workforce on the other hand. Moreover, there are also concerns around the potential misuse of data and information in these sectors. For example, in the health sector, there is a risk that sensitive medical information could be misused or exploited for commercial purposes, while in agriculture, there is a risk that market information could be manipulated for the benefit of certain actors.
Another issue is that of ownership and governance of data generated and collected in health and agriculture. What are the rights of data providers? And what are the responsibilities towards them? The state has to play a key role in addressing and resolving such issues. Obviously data governance has to be a process in evolution that is agile and responsible. But it has to be built upon fundamental rights, values and norms and on regulations that balance the interests of all stakeholders. These concerns must be addressed through strong and robust data protection regulations, the development of ethical and responsible data governance practices, as well as effective and accountable oversight mechanisms.
The issue of data sovereignty
Data sovereignty has become an increasingly important issue. The term “data sovereignty” refers to the principle that a country has the right to control the collection, storage, and use of data within its borders and also to the informational self-determination of citizens over their data.
India’s establishment of an India Data Management Office (IDMO) is a step forward in the country’s journey towards data sharing and data governance. The IDMO is expected to oversee and coordinate the implementation of India’s digital strategies and data governance framework, and to ensure that these efforts are aligned with the country’s values and priorities. It will also work to promote the development and implementation of open-source solutions, which will help to ensure that underlying data architectures are a social public good, and to promote digital technologies to become accessible and affordable for all. Again, this is a great opportunity for India to develop solutions that can be adopted and adapted in other countries. Open source and open innovation models can be important alternatives to proprietary solutions that are governed by big tech companies.
In this context, many commentators have called for the opening of data “silos” to capture the potential wealth of data sharing between governmental offices, corporations and citizens. While opening up some data silos may be useful in promoting citizen participation and increasing access to information, others may jeopardise trust and security.
Find a middle way
For example, the sharing of sensitive personal or financial information may be harmful to individuals and society as a whole, as it may lead to discrimination, exclusion, and unforeseen negative consequences. Therefore, it is important for India to navigate a middle way between restrictive data sovereignty and limitless data flow, and define which data, for which purposes, can be shared and used by whom.
In doing so, India must respect and protect the fundamental right to privacy with a robust data protection law, and balance the interests of all stakeholders, including governments, businesses, and citizens for the goal of sustainable development.
This requires the development of clear, transparent and accountable data governance policies and regulations as well as investment in the necessary digital infrastructure and skills to ensure that data is collected, stored, and used in a responsible, secure and accountable manner — so that a resilient data governance regime can be accomplished.
In conclusion, while the advancements in financial inclusion and UPI hold promise for transfer of inter alia data to other parts of the India Stack (for instance in health and agriculture) there are also valid sceptical notes that must be taken into account. (India Stack is a unified software platform that provides digital public goods, application interfaces and facilitates digital inclusion.) The challenges of digital infrastructure, privacy protection, data security, and responsible data governance must be addressed before these advancements can be fully realised in other sectors.
Further, it is essential that the India Stack is designed and implemented in a way that is consistent with India’s broader development strategies. This will help to ensure that the data governance is aligned with the country’s values and priorities, and that it supports, rather than undermines, the development of a secure, more egalitarian, and trustworthy digital future for all. In this, India has a unique opportunity to develop and implement a data governance regime that can become a model for other countries.
The views expressed are personal
The crafting of the country’s data governance must enable a secure, more egalitarian, and trustworthy digital future for all