10 August 2020, NIICE Commentary 5794
Dr. Preeti Raghunath
Even as the world grapples with the COVID-19 pandemic and continues to put in place measures for human safety, one thing that has been pronounced during this time is the public health reliance on Data. From contact tracing apps to the building of databases, the pandemic has revealed the very current turn to Datafication that is beginning to occur in a big way, across countries. India is no exception. Over the last half a decade, we have seen numerous policy shifts that prove that this is a new reality that we must contend with, and study better. This short reflection presents an analysis of the discourse and key analytical aspects of Data Governance in India.
Data Governance: An Ethnography of Non-Personal Data
Over the past few years, various policy moves have been made on the Data front, in India, ranging from the Reserve Bank of India’s requirement of data localization, to the tabling of the Personal Data Protection Bill 2019 in the Indian Parliament. Broadly speaking, Data in India has been categorized as Personal and Non-Personal Data (NPD), with internal categorizations on sensitivity and ownership, among other things. This piece concerns itself with analyzing the discourse around Non-Personal Data, a report for which is now in the public domain, for public comments. The broader conversation markers drawn from digital ethnography in the online spaces and interactions that author has had, with data governance advocates, allows for such an analysis.
Nationalization
One important theme that emerged in digital discussion spaces, has been that of Nationalization. The NPD report allows the state considerable powers, in terms of accessing data despite it being within private or a particular community’s ambit. The reasons put forth by the panel include national security, research and policy purposes to promote evidence-based policymaking. The document also talks about Data Sovereignty. This has startled tech giants, especially the US-based ones, since it is perceived as thwarting innovation and obstructing the development of data-related infrastructure. The counter argument has been that the document enables indigenous tech companies, in the face of global tech wars.
Surveillance
Along similar lines, surveillance is another key theme that emerged in stakeholder conversations. The document presents national security as a premise for unhindered access to data. Most stakeholders felt that the document does not mention “surveillance” even once. Notably, in the case of the personal Data Protection Bill, Justice Srikrishna who headed the Committee that presented a draft bill, was vocal in his criticism that the Indian government had refurbished the document to give more powers to the state, thereby encouraging surveillance. Pandemic times have showcased the manner in which states have used contact tracing as a pretext for surveillance. In India, the Aarogya Setu app has generated controversy, with defenders of Privacy crying hoarse about the manner in which health data is being tabulated.
Commons
The discourse generated by organizations like IT For Change, whose Executive Director was part of the panel that prepared the report, focuses on the idea of Data as Commons. By positing Data as Commons, the proponents draw on Elinor Ostrom’s IAD Model. The report also makes a case for Community Data, bringing into focus community access, utilization, and governance of Data. Interestingly, the idea of Duty of Care, to be exercised by the Data Custodian who would act on behalf of the community, finds elaboration in the report. However, in this process, individual Intellectual Property Rights (IPR) of the marginalized or those who work with traditional knowledge systems would find it difficult to negotiate their way in a knowledge economy.
Community Data
On a related note, the Non-Personal Data report imagines Community Data as a kind of data to be governed, besides Public ad Private Non-Personal Data. It makes a good case for community-centric data governance by speaking of a community-based Data Principal, as also a Data Custodian, Data Trusts and Trustees. The document also talks about Collective Harms to Privacy invasion, something that is a welcome move. While the report itself is not problematic in this regard, an online discussion saw Kris Gopalakrishnan, the Chair of the panel and formerly with Indian tech giant Infosys define community in an arbitrary manner. He even imagines the business community as a “community” that could find currency under the umbrella of Community Data, which is very problematic.
Data Trusts and Stewardship
Another anchor for conversations around Non-Personal Data has been the imagination of an egalitarian way of administering data, and models for governing it. Spaces like Aapti Institute have been speaking about Data Stewardship as a possible model to govern and implement the contours of Non-Personal Data in India. While India is one of the early actors globally, to attempt the governance of Non-Personal Data, these models indeed allow for alternative imaginations and options for the Indian government to consider.
This piece sought to provide early reflections from a digital ethnography of Non-Personal Data. Now, the Indian government seeks comments from the public by 13 September 2020. In an era that is seeing the accentuation of geopolitics by tech players, it remains to be seen if the state as a policy actor gets an upper-hand, signaling the further fortification of the nation-state, in what is being heralded as an era of post-globalization.
