Data Governance in India: A UPSC Mains Overview

Posted by on

 


1) Importance of Data

  • Economic driver – fuels Artificial Intelligence (AI), fintech, logistics, and healthcare.

  • Public good – enables better delivery of government services through Digital Public Infrastructure (DPI) such as Aadhaar, Unified Payments Interface (UPI), and DigiLocker.

  • Strategic value – essential for national security, research, and evidence-based policymaking.

  • Risk surface – misuse of personal data, cyberattacks, surveillance, and discrimination require safeguards.

2) Indian Measures to Safeguard and Govern Data

Legal and Regulatory

  • Digital Personal Data Protection (DPDP) Act, 2023

    • First dedicated personal data law in India.

    • Based on consent of individuals, limited purpose use, and rights such as data erasure and correction.

    • Allows data transfer only to notified “trusted” countries.

    • Enforced by Data Protection Board of India (DPBI).

  • Information Technology (IT) Act, 2000 and Rules

    • Main law for electronic governance and cybercrime.

    • Empowered CERT-In (Computer Emergency Response Team – India) to issue directives like:

      • Incident reporting within 6 hours.

      • Logs retained for 180 days.

      • Time synchronization of all servers.

Sector-Specific Regulations

  • Reserve Bank of India (RBI) Payment Data Localization (2018) – all payment system data must be stored in India (only minimal overseas processing allowed).

  • Account Aggregator (AA) Framework (2020)

    • Licensed Non-Banking Financial Companies (NBFCs) act as consent managers.

    • Uses Data Empowerment and Protection Architecture (DEPA) to allow secure, user-consented sharing of financial data between banks, insurance, and investment firms.

Public Data Policies

  • National Data Sharing and Accessibility Policy (NDSAP), 2012 – provides legal basis for proactive sharing of non-sensitive government data.

  • Open Government Data (OGD) Platform – data.gov.in – hosts datasets for researchers, citizens, and innovators.

  • Draft National Data Governance Framework Policy (2022) – proposes an Indian Data Management Office (IDMO) and India Datasets Programme for standardised access to anonymised non-personal data.

3) Global Best Practices

  • European Union (EU)

    • General Data Protection Regulation (GDPR) – strictest global privacy law, rights-based.

    • Data Governance Act (DGA), 2022 – enables voluntary data sharing, “data altruism,” and trusted intermediaries.

    • Data Act, 2023 – gives users rights over data generated by Internet of Things (IoT) devices, promotes cloud interoperability, and allows public sector access in emergencies.

  • Asia-Pacific Economic Cooperation (APEC) – Cross Border Privacy Rules (CBPR) Forum

    • Voluntary certification-based system allowing cross-border transfers if certified by member economies.

  • Organisation for Economic Co-operation and Development (OECD)

    • Guidelines on privacy and government access to data.

  • Council of Europe Convention 108+

    • First binding international treaty on data protection and transborder data flows (India is not a party).

4) Agreements, Treaties, and Conventions

  • G20 – concept of “Data Free Flow with Trust (DFFT)” discussed since Osaka 2019. India favors sovereignty over unrestricted flows.

  • Global CBPR Forum – certifies jurisdictions for trusted data flows.

  • Budapest Convention on Cybercrime – facilitates data-sharing for cybercrime investigation. India has not signed it due to sovereignty concerns.

5) Significance of Data Sharing

  • Economic value – enables open finance, competition, and inclusion.

  • Public sector effectiveness – improves targeting of subsidies and monitoring of schemes through data analytics.

  • Research and innovation – anonymised datasets help start-ups, universities, and public research institutions.

6) Challenges in Data Sharing

Domestic

  • Privacy risks – anonymised data may be re-identified using advanced techniques.

  • Cybersecurity burden – strict reporting rules may overburden small companies.

  • Fragmentation – lack of uniform standards across sectors.

International

  • Divergent regimes – EU adequacy rules, US sectoral approach, China’s strict security reviews.

  • Cross-border frictions – unresolved debates at World Trade Organization (WTO) on taxation of digital transmissions.

  • Localization trade-offs – while boosting security and control, strict localization may discourage foreign investment and innovation.

7) India’s Stance

  • Data Sovereignty – India did not join the Osaka “Data Free Flow with Trust” framework, stressing national control over data.

  • Selective Localization – strict in payments, cautious in other sectors.

  • Pro-Sharing Domestically – supports secure sharing through Account Aggregators, DEPA, and Open Government Data.

  • Pragmatic Globally – prefers bilateral or case-by-case arrangements rather than blanket free-flow commitments.

8) Bilateral and Multilateral Engagements

  • India–UK Free Trade Agreement (2025) – includes a digital trade chapter; allows India to regulate cross-border flows without binding free-flow commitments.

  • India–EU Trade Talks – EU demands stronger commitments; still under negotiation.

  • World Trade Organization (WTO) – India opposes permanent moratorium on customs duties on electronic transmissions, citing revenue concerns.

  • G20 New Delhi (2023) – promoted Digital Public Infrastructure and “Data for Development,” not unrestricted free flow.

9) Future Prospects

  • Implementation of DPDP Act, 2023 – clarity on rules, penalties, and “trusted jurisdictions” for cross-border transfers.

  • Non-Personal Data Regime – India Datasets Programme could define anonymisation standards and pricing models.

  • Expansion of Account Aggregators – beyond finance into health, education, and telecom.

  • Trade Linkages – careful commitments in Free Trade Agreements while preserving sovereignty.

  • Open Government Data 2.0 – better quality datasets with strong safeguards against re-identification.

10) Conclusion

India’s data governance model is evolving into an “open inside, cautious outside” approach. Domestically, it promotes safe data sharing through Account Aggregators, Open Government Data, and Digital Public Infrastructure. Internationally, it favors selective localization and strategic autonomy, while engaging in trade negotiations and global forums. The success of this model will depend on effective implementation of the DPDP Act, creation of non-personal data standards, and balancing innovation with security.

Comments

Post a Comment