Data Governance

Data is not the new oil. It is infinite and unconstrained by geography. It is not destroyed when it is consumed and can be used simultaneously or repeatedly without degradation in quality. Countries should not try to regulate data like they regulate oil - by bringing it under their physical control. They should not only try and force big tech to share the datasets they have created, but also make the effort to learn what it takes to build datasets of our own—and then go about building them relevant to our context.

Lawrence Lessig was the first person to come up wtih the idea of regulating the Internet through code, suggesting that restrictions on digital platforms could be implemented through code. This approach, that could streamline complex, multi-party transactions, make them scalable and reduce the risk of non-performance is an idea whose time has come.

The first draft report of India’s Non-Personal Data Committee suggests democratizing data and introducing a new category of data principal - the community. However, absent guidelines for data trusts, the potential risks of politicization and favoritism within community action groups could result in potential misuse.

In times of uncertainty - such as during a pandemic, conspiracy theories abound. This gives lie to the notion that free speech ensures that truth will prevail. Since the internet lacks bi-directional links and user-editable pages, its design contributes to misinformation spread, unlike Wikipedia’s more reliable, interconnected model.

The Supreme Court of India’s recent judgment on internet shutdowns was initially seen as a strong denouncement, but closer examination reveals it’s not an outright condemnation. While emphasizing that shutdowns must be reasonable and proportionate, the court did not elevate internet access to a fundamental right, nor did it provide a clear ruling on the constitutionality of internet shutdowns.

There is a tension between data collectors and data subjects regarding ownership and value of their data. WHile traditional ownership concepts have not really succeeded when it comes to data regulation, contained within the idea of either collector-centric or subject-centric data trusts we might find an alternative approach to data governance.

Agile governance, essential for managing rapid technological change and global scale of new technologies, involves systems thinking and design thinking for policy-making. It emphasizes multi-stakeholder participation, regulatory sandboxes for controlled experimentation, and data sharing for efficient regulation. India, with its digital public infrastructure, is well-positioned to lead in this agile governance approach.

India’s draft Personal Data Protection Bill has sparked debate over data localization, with the government insisting on processing personal data within the country. Unlike other nations that restrict data transfers, India has made localization the default, an approach seen as out of character with its global trade stance.

The McKinsey Digital India Report highlights India’s rapid digitization. With 560 million internet subscribers, it is second only to China. Despite a low Country Digital Adoption Index score of 32, India is digitizing faster than most countries - all the more reason for there to be fewer internet shutdowns.

There is value in large datasets that reveal statistically relevant insights - such as trends in fast food visits or sleep patterns. This is relevant to India’s growing data economy given the potential to use aggregated anonymous data to make informed decisions. We need to implement privacy by design, and for that organizations need to de-identify personal information to prevent potential harm if the data is lost or stolen.