25.1 C
New Delhi
Friday, November 22, 2024
HomeTechExperts flag lack of laws on govt use of citizen data

Experts flag lack of laws on govt use of citizen data


Mumbai: The government’s plan to compulsorily require all government agencies to share data on a common database raises concerns about “privacy” and “monetisation” of citizen data, legal and privacy experts told ET, since India does not yet have a data protection law.


They pointed out that the current Information Technology Act, 2000 governs usage of personal data by private corporations but there is no policy to govern personal data usage by the government.

The ‘India Data Accessibility and Use’ draft policy, released by the Ministry of Electronics and IT (MeitY) on Monday, has proposed an India Data Office (IDO) and will give measured access to suitably “anonymised” data to governments, startups, researchers and enterprises.

Citizen’s data will be protected as per existing policies “within the legal framework of India”, according to the policy draft.

The intention behind considering non-personal data as a community or national resource is commendable, but data monetization should not happen at the cost of individual privacy, said

Salman Waris, partner, TechLegis. Otherwise, it would defeat the very purpose of the personal data protection law, Waris said.

Discover the stories of your interest



Questions have also been raised on safe implementation of data anonymisation and monetization measures proposed under the new policy.

The draft states that the legal framework for personal data protection will be governed by existing acts and rules in India.

The current personal data protection provisions under the IT Act do not apply to government agencies and, therefore, the new policy should protect against a replay of the Vahan-Sarathi issue around three years ago, said N S Nappinai, an advocate at the Supreme Court and founder of Cyber Saathi, which spreads awareness about cyber threats, especially against children.

Also read:
MeitY’s draft data policy looks to unlock govt data for all

In 2019, a bulk data sharing policy allowed the Union transport ministry to share personal information gathered from vehicles and driving licence registries, with over 170 private parties, including car makers and insurance firms.

The government earned over Rs 111 crore from these transactions until it was scrapped in June 2020 citing potential misuse of personal information and privacy issues.

“Merely relying on the IT Act will not suffice as it does not apply to government entities, only to body corporates. The government-to-government sharing of data is fair from a governance perspective but when it entails giving data access to private entities, we need to ensure implementation of personal data anonymisation effectively,” Nappinai said.

The government has invited feedback from all stakeholders on the new policy till March 18.

The draft is an update to existing government policies on data sharing and comes after it set up a committee under Infosys cofounder S (Kris) Gopalakrishnan in 2019 to draft a framework around sharing of non-personal data (NPD) or anonymised data of Indians.

Non-personal data is stripped of personally identifiable information.

The draft policy will be a good test of governance structures around data anonymization, interoperability and sharing along with practices such as creating high value datasets given that there are hundreds of government agencies and PSUs involved, said Parminder Jeet Singh, executive director of Policy for Change, a think tank.

“Once these models are carefully deliberated and are evolved, government should not stop here. Between 80-90% of data of citizens is held by private companies, so the government should bring a law to enable data sharing for and between companies as well,” Singh, who was also a member of the Gopalakrishnan committee on NPD, said.

Companies have raised concerns over IPR infringement arising from some of the recommendations of the committee.

The ambit of the latest version of the draft Data Protection Bill – after the recommendations of a Joint Committee of Parliament – has been widened to include non-personal data.

“…Hence, it (data accessibility policy) deals with non-personal data, and as such, would overlap with the PDP Bill if and when passed,” Waris of TechLegis said.

The policy will apply to all data and information generated, created, collected or archived by the central government and authorized agencies.

State governments can also adopt the provisions, as applicable, according to the policy document.

Researchers, startups, enterprises, individuals and government departments will be able to access data through data licensing, sharing and valuation within the overall framework of data security and privacy.



Source link

- Advertisment -

YOU MAY ALSO LIKE..

Our Archieves