Such an overarching framework can be the skeleton for all state and central policies on the various areas that concern, or are impacted by, digital technology—from AI, cybersecurity and data privacy to healthtech, fintech, etc
In between, there was National Digital Communication Policy, 2018 and comments were sought on the Draft PDP Bill as drafted by the committee chaired by Justice Srikrishna.
Hardly a month passes by without a new policy proposal touching the digital ecosystem. Moreover, these are no longer restricted to just telecom, information technology and broadcasting, but often impact financial services, healthcare, education, agriculture and more.
A spate of policy proposals This frenzy is to be expected, given our increasing dependence on the digital ecosystem of hyper-connected persons, entities and things.
In September, NITI Aayog sought comments on the Data Empowerment and Protection Architecture (DEPA). The Independence Day address of the prime minister mentioned the upcoming National Cyber Security Strategy, extending optical fibre to six lakh villages; and, the National Digital Health Mission (NDHM). A few days later, the Telecom Regulatory Authority of India (Trai) published yet another consultation paper on broadband. In July, the ministry of electronics & IT (MeitY) had published a report on the Non-Personal Data (NPD), followed by NITI Aayog seeking comments on the Draft Framework for Responsible AI.
Last December, the Personal Data Protection Bill, 2019 (PDP Bill) was introduced in Parliament and referred to a joint committee. Incidentally, Section 91 therein deals with NPD even as the same ministry had already set up a committee of experts on NPD. In November, the office of the National Cyber Security Coordinator had sought inputs on the National Cyber Security Strategy. Draft reports on various aspects of AI by four committees under the auspices of MeitY had also been published, and yes, in February 2019, there was the Draft National Policy on E-Commerce.
A draft amendment of the intermediary guidelines was published in December 2018, and in June that year, NITI Aayog had published a discussion draft on the National Strategy for Artificial Intelligence. In between, there was National Digital Communication Policy, 2018 and comments were sought on the Draft PDP Bill as drawn up by the committee chaired by Justice BN Srikrishna.
Same-same, but different Basically, there is a set of interconnected issues crying for policy attention: Digital access and inclusion, AI, cybersecurity, personal and non-personal data, intermediary liability, and, blockchain. In addition, diplomacy is engaged in developing cyber norms under the aegis of the UN and, internet governance at multi-stakeholder platforms. Then there is e-commerce, healthtech, fintech, etc.
Even well-resourced think tanks and seasoned policy professionals find it difficult to keep track of these similar yet different efforts. However, beyond sheer volume, variety and velocity lies the challenge of volubility with hardly any agency providing a sneak peek into what is coming through the pipe.
Policy patchwork While telecom remains unambiguously a central subject, it seems that IT and allied domains are becoming de facto concurrent subjects, well almost! After all, every state has an IT policy, and some even have one for AI, cybersecurity and even data protection.
Unsurprisingly, there are numerous gaps and overlaps in such a patchwork of policies, legislation and regulatory proposals. For example, Section 91 in the Personal Data Protection Bill, 2019 deals with the ‘non-personal data’ (NPD). Likewise, the Draft E-Commerce Policy delves more with data than commerce.
This is more than anybody can chew, and the sheer capacity constraints across government and outside only amplifies the challenge. After all, policymaking is too important to be left to the policymakers alone.
New apparatus, new architecture In a quasi-federal democracy like ours, public policy is no child’s play, amidst all the chaos. But the situation is ripe for a new apparatus and a new architecture of policymaking in general and for the digital space in particular.
Firstly, the PMO must enunciate an overarching and oversee a ‘Unified Digital Policy Framework’ (UDPF) framework. Outlining a vision, basic principles and establishing institutional mechanism, UDPF would be the pole star guiding all allied policies such as AI, cybersecurity and data privacy as well as those in the realms like education, healthcare and fintech.
Secondly, the process must be inclusive, lawful, transparent, responsive, accountable and evidence-based. Public consultation is an opportunity for value addition, not an inconvenience.
Thirdly, it must be accompanied by a robust Regulatory Impact Assessment (RIA) detailing the rationale for particular choices as well as safeguards against unintended yet foreseeable consequences.
Last but not least, we need an institutional mechanism for implementation, periodic reviews, including qualitative and quantitative triggers.
The author is Public policy consultant and senior visiting fellow, ICRIER. Views are personal