33  Data and Governance

33.1 What the Syllabus Covers

Data has become one of the central instruments of governance — informing policy, monitoring service delivery, and creating accountability. The relationship works in two directions: government generates massive datasets, and good governance increasingly depends on how those datasets are managed, shared, and protected.

PYQs reliably ask: (a) name Indian Government data initiatives (OGD, Aadhaar, DigiLocker, UMANG, India Stack), (b) define data governance and its components, (c) identify the DPDP Act 2023 and IT Act 2000, and (d) match a flagship platform with its parent body (NIC, MeitY, UIDAI, RBI, NPCI).

33.2 What Is Data Governance?

Data governance is the system of decision rights and accountabilities for data assets — who can do what, with which data, under what conditions.

TipSix Pillars of Data Governance
  1. Data quality — accuracy, completeness, timeliness.
  2. Data security — protection from unauthorised access.
  3. Data privacy — protecting personal information.
  4. Data interoperability — standards that let systems exchange data.
  5. Open access — making non-sensitive data available to public.
  6. Compliance — adherence to law and ethics.

33.2.1 Data Governance vs Data Management

TipGovernance vs Management
  • Data governance sets policy — what is allowed.
  • Data management is the execution — building the systems that enforce policy.

33.3 The Indian Data Ecosystem

33.3.1 India Stack — The Digital Public Infrastructure

TipIndia Stack — Four Layers
  • Identity layer: Aadhaar (UIDAI, 2010 onwards) — 12-digit unique ID.
  • Payment layer: UPI (Unified Payments Interface) — NPCI, 2016.
  • Data layer: Account Aggregator framework, DigiLocker, DEPA (Data Empowerment and Protection Architecture).
  • e-Sign layer: Digital signatures using Aadhaar authentication.

33.3.2 Major Digital Initiatives

TipIndian Digital Governance Initiatives
Initiative What it does Coordinator Year
Aadhaar 12-digit unique identification UIDAI 2010
DigiLocker Cloud locker for govt documents MeitY / NeGD 2015
UMANG Unified Mobile App for citizen services MeitY / NeGD 2017
UPI Unified Payments Interface NPCI / RBI 2016
CoWIN Vaccination tracking platform MoHFW 2021
ABDM Ayushman Bharat Digital Mission (health data) NHA 2021
NDHM / ABHA National Digital Health Mission / Account NHA 2021
eSanjeevani Telemedicine platform MoHFW 2020
MyGov Citizen-engagement portal NIC 2014
PRAGATI PM’s monitoring platform NIC 2015
API Setu Government API marketplace NeGD 2020
OGD Platform Open Government Data NIC / MeitY 2012
NDEAR National Digital Education Architecture MoE 2021
DIKSHA Digital Infra for Knowledge Sharing NCERT / MoE 2017
GSTN GST Network MoF 2017
DBT Direct Benefit Transfer MoF 2013
JAM Trinity Jan Dhan + Aadhaar + Mobile MoF 2014
PMJDY Pradhan Mantri Jan Dhan Yojana DFS, MoF 2014
ABC Academic Bank of Credits UGC / NeGD 2021
NAD National Academic Depository NeGD 2017
Bhuvan Geospatial portal ISRO 2009
PM-WANI Wi-Fi access network interface DoT 2020
Bharat Net National rural broadband DoT 2011 onwards
Smart Cities Mission 100 smart cities MoHUA 2015
Digital India Programme Umbrella programme MeitY 2015
National AI Portal AI initiatives NeGD + MeitY 2020
IndiaAI Mission National AI mission MeitY 2024

33.3.3 Key Coordinating Bodies

TipCoordinating Bodies
  • MeitY — Ministry of Electronics and Information Technology.
  • NIC — National Informatics Centre (1976; under MeitY).
  • NeGD — National e-Governance Division (under MeitY).
  • UIDAI — Unique Identification Authority of India (2009 onwards).
  • NPCI — National Payments Corporation of India (2008; RBI + IBA).
  • CERT-In — Indian Computer Emergency Response Team (cybersecurity).
  • C-DAC — Centre for Development of Advanced Computing.
  • STQC — Standardisation, Testing and Quality Certification.
  • NHA — National Health Authority (health data).
  • NITI Aayog — Policy think tank.

33.5 Open Data and Open Government

TipOpen Data Principles
  • Open Data Charter (2015, G8 origin) — eight principles: Open by default · Timely & Comprehensive · Accessible & Usable · Comparable & Interoperable · For Improved Governance · For Inclusive Development · For Innovation.
  • FAIR data: Findable · Accessible · Interoperable · Reusable.
  • Tim Berners-Lee’s 5-star scheme: ★ data is online → ★★ machine-readable → ★★★ open format → ★★★★ URI-identifiable → ★★★★★ linked open data.

33.5.1 India’s Open Data Stack

TipIndia’s Open Government Data
  • OGD Platform — data.gov.in (2012) — launched by MeitY, hosted by NIC.
  • National Data Sharing and Accessibility Policy (NDSAP, 2012) — frames open data.
  • Sectoral portals — NHM dashboard, NSS data, RBI DBIE, COVID data.
  • Open APIs — gradually being released through API Setu.

33.6 Data-Driven Policy Initiatives

TipNotable Data-Driven Reforms
  • DBT (Direct Benefit Transfer, 2013) — Aadhaar-linked direct payments to beneficiaries; estimated savings due to deduplication.
  • JAM Trinity (Jan Dhan + Aadhaar + Mobile) — financial inclusion platform.
  • GST (2017) — unified indirect tax system using GSTN data flows.
  • NIRF (2015 onwards) — institutional rankings based on submitted data.
  • AISHE (2010 onwards) — annual HE survey.
  • NITI Aayog SDG India Index — state SDG performance.
  • Aspirational Districts Programme (2018) — performance-based monitoring of 112 districts.
  • National Achievement Survey (NAS) — student-level learning data, NCERT.
  • PARAKH (NEP 2020) — holistic assessment regulator at NCERT.

33.7 Cybersecurity, Cyber Crime, and Critical Infrastructure

TipIndian Cybersecurity Institutional Framework
  • CERT-In — Indian Computer Emergency Response Team (under MeitY).
  • NCIIPC — National Critical Information Infrastructure Protection Centre (under NTRO).
  • NCSC — National Cyber Security Coordinator (PMO).
  • Cyber Crime Coordination Centre (I4C) — under MHA.
  • NCRB cyber-crime data.
  • CCMP — Crisis Management Plan for Cyber Attacks.
  • Cyber Surakshit Bharat (capacity building for CISOs).
  • National Cyber Security Strategy (under finalisation).

33.8 e-Governance — Models

TipFour Models of e-Governance
  • G2C — Government to Citizen (e.g., DigiLocker, UMANG, MyGov).
  • G2B — Government to Business (e.g., GST portal, MCA21).
  • G2E — Government to Employee (HRMS, e-Office).
  • G2G — Government to Government (NIC inter-departmental).
TipFive Stages of e-Governance Maturity (UN)
  1. Emerging — basic web presence.
  2. Enhanced — one-way info flow.
  3. Interactive — two-way services.
  4. Transactional — citizens can transact (apply, pay, download).
  5. Connected / Integrated — seamless across departments.

33.9 Aadhaar — A Closer Look

TipAadhaar Key Facts
  • 12-digit unique identification number issued by UIDAI (Unique Identification Authority of India).
  • UIDAI established 2009; legally backed by Aadhaar Act 2016.
  • Voluntary in principle, but mandatory for many subsidies.
  • Biometric (10 fingerprints, 2 iris, photo) + demographic.
  • Largest biometric ID system globally (1.3 billion+ enrolments).
  • K.S. Puttaswamy v Union of India (2017) — SC declared right to privacy a fundamental right; upheld Aadhaar Act (2018) with limitations.
  • Aadhaar verification: OTP, biometric, eKYC.

33.10 Data and Education

TipEducation-Sector Data Initiatives
  • UDISE+ (Unified District Information System for Education Plus) — school data.
  • AISHE (All India Survey on Higher Education) — annual HE survey.
  • NAS (National Achievement Survey) — student learning outcomes.
  • DIKSHA — teaching/learning resources platform.
  • SWAYAM — MOOC platform.
  • PRAGYATA / NETF — NEP 2020 digital frameworks.
  • NDEAR — National Digital Education Architecture (2021).
  • ABC — Academic Bank of Credits, NAD — National Academic Depository.
  • NIRF — Institution rankings.
  • VIDWAN — expert database, INFLIBNET.

33.11 Big Data, AI, and the Future of Governance

TipFrontier Issues
  • Predictive analytics in welfare, policing (PredPol-style; risk of bias).
  • AI ethics in governance — bias, transparency, accountability.
  • Algorithmic decision-making — explainability.
  • Public-sector use of GenAI — drafting, translation, citizen service.
  • Data marketplaces — Account Aggregator, DEPA.
  • Federated learning for privacy.
  • Differential privacy for census-like data.
  • AI4Bharat, Bhashini — Indian language tech (under DigitalIndia).

33.12 Theory Anchors and Frameworks

TipConcepts and Bodies
Concept / Body Year / Note What it does
Aadhaar / UIDAI 2009 / Act 2016 Identity layer
NPCI 2008 UPI, RuPay, IMPS
India Stack 2010s Identity + Payment + Data + e-Sign
IT Act 2000 2000, amended 2008 Foundational digital law
DPDP Act 2023 Privacy law (GDPR-like)
K.S. Puttaswamy v UoI 2017 Right to privacy = fundamental right
Aadhaar Act 2016 Legal basis for Aadhaar
OGD Platform 2012 data.gov.in
FAIR Data Principles 2016 Open-data stewardship
Open Data Charter 2015 8 principles
Tim Berners-Lee 5-star Open-data quality ladder
e-Governance maturity (UN) 5 stages Emerging → Connected
NIC, MeitY, NeGD various Coordinating bodies
CERT-In 2004 Cybersecurity response
CIIPC, NCSC, I4C various Cybersecurity ecosystem
Digital India Programme 2015 Umbrella programme
IndiaAI Mission 2024 National AI mission

33.13 Practice Questions

Q 01 Definition Easy

"Data governance" is BEST described as:

  • AThe technical operation of databases
  • BThe system of decision rights and accountabilities for data assets
  • CThe collection of statistics from surveys
  • DThe use of data only in elections
View solution
Correct Option: B
Data governance = decision rights + accountabilities. Management = execution.
Q 02 Aadhaar Easy

Aadhaar is issued by:

  • ARBI
  • BUIDAI
  • CNPCI
  • DNIC
View solution
Correct Option: B
UIDAI = Unique Identification Authority of India (2009). Aadhaar Act 2016.
Q 03 UPI Medium

UPI (Unified Payments Interface) is operated by:

  • ANPCI
  • BRBI directly
  • CNIC
  • DSBI
View solution
Correct Option: A
NPCI (National Payments Corporation of India), 2008 (RBI + IBA). UPI launched 2016.
Q 04 DPDP Medium

The Digital Personal Data Protection (DPDP) Act of India was enacted in:

  • A2000
  • B2008
  • C2019
  • D2023
View solution
Correct Option: D
DPDP Act 2023 — India's GDPR-equivalent privacy law.
Q 05 DPDP Terms Hard

Under the DPDP Act 2023, the individual whose data is being processed is called a:

  • AData Fiduciary
  • BData Principal
  • CData Processor
  • DData Subject
View solution
Correct Option: B
Data Principal (GDPR's "data subject"). Data Fiduciary = entity processing (GDPR's "data controller").
Q 06 Privacy Hard

The Supreme Court of India declared the right to privacy a fundamental right under Article 21 in:

  • AKesavananda Bharati 1973
  • BManeka Gandhi 1978
  • CK.S. Puttaswamy v Union of India 2017
  • DVishaka 1997
View solution
Correct Option: C
K.S. Puttaswamy v Union of India (2017) — nine-judge bench. Foundation for DPDP Act.
Q 07 OGD Easy

India's Open Government Data (OGD) platform is at:

  • Adata.gov.in
  • Bmygov.in
  • Cdigiindia.gov.in
  • Dmeity.gov.in
View solution
Correct Option: A
data.gov.in, launched 2012 by MeitY + NIC.
Q 08 India Stack Hard

The four layers of "India Stack" are:

  • AIdentity, Payment, Data, e-Sign
  • BBanking, Insurance, Tax, Telecom
  • CNetwork, Storage, Compute, Apps
  • DAadhaar, GST, UIDAI, NPCI
View solution
Correct Option: A
Identity (Aadhaar), Payment (UPI), Data (Account Aggregator/DigiLocker), e-Sign.
Q 09 DigiLocker Medium

DigiLocker — cloud-based locker for government-issued documents — is launched under:

  • AMeitY / NeGD
  • BUIDAI
  • CRBI
  • DMoHFW
View solution
Correct Option: A
MeitY / NeGD, launched 2015. Authentication via Aadhaar.
Q 10 IT Act Medium

The IT Act, 2000, was substantially amended in:

  • A2005
  • B2008
  • C2017
  • D2021
View solution
Correct Option: B
IT (Amendment) Act, 2008 — added cyber-terror, intermediary liability, data protection provisions.
Q 11 JAM Trinity Medium

The "JAM Trinity" refers to:

  • AJustice + Aadhaar + Money
  • BJan Dhan + Aadhaar + Mobile
  • CJEE + AIIMS + MBA portals
  • DJudiciary + Administration + Ministry
View solution
Correct Option: B
Jan Dhan + Aadhaar + Mobile — financial inclusion platform.
Q 12 CERT-In Hard

CERT-In, India's cybersecurity response agency, is under:

  • AMHA
  • BMeitY
  • CPMO
  • DNTRO
View solution
Correct Option: B
CERT-In = Indian Computer Emergency Response Team, under MeitY (since 2004).
Q 13 e-Gov Models Medium

DigiLocker and UMANG primarily serve which model of e-Governance?

  • AG2G
  • BG2B
  • CG2C
  • DG2E
View solution
Correct Option: C
DigiLocker (citizen docs) and UMANG (citizen services) = G2C.
Q 14 FAIR Medium

The FAIR data principles stand for:

  • AFree, Available, Indexed, Released
  • BFindable, Accessible, Interoperable, Reusable
  • CFair, Auditable, Indexed, Replicable
  • DFindable, Authentic, Indexed, Restricted
View solution
Correct Option: B
FAIR — Wilkinson et al., 2016.
Q 15 UDISE Medium

UDISE+ provides data on:

  • AHigher education
  • BSchools
  • CHealth
  • DLabour
View solution
Correct Option: B
UDISE+ = Unified District Information System for Education Plus — schools. AISHE = higher education.
Q 16 ABDM Medium

The Ayushman Bharat Digital Mission (ABDM / NDHM) creates a:

  • ATax payer health ID
  • BUnique health ID (ABHA) for every citizen
  • CInsurance scheme only
  • DHospital-rating portal
View solution
Correct Option: B
ABHA (Ayushman Bharat Health Account) — 14-digit unique health ID.
Q 17 RTI Easy

The Right to Information Act in India was enacted in:

  • A2000
  • B2005
  • C2010
  • D2016
View solution
Correct Option: B
RTI Act, 2005 — citizen access to government records.
Q 18 DPDP Penalty Hard

Under the DPDP Act 2023, the maximum penalty for a serious data breach (failure of obligations by data fiduciary) is approximately:

  • A₹10 lakh
  • B₹1 crore
  • C₹250 crore
  • D₹1,000 crore
View solution
Correct Option: C
DPDP penalty caps are up to ₹250 crore (highest tier).
Q 19 NIC Medium

India's National Informatics Centre (NIC) — IT backbone of government — falls under:

  • AMeitY
  • BPMO
  • CMHA
  • DRBI
View solution
Correct Option: A
MeitY — Ministry of Electronics and IT. NIC established 1976.
Q 20 Match Hard

Match each initiative with its parent body:

(i) UPI (a) UIDAI
(ii) Aadhaar (b) NHA
(iii) ABHA (c) ISRO
(iv) Bhuvan (d) NPCI
  • A(i)-d, (ii)-a, (iii)-b, (iv)-c
  • B(i)-a, (ii)-b, (iii)-c, (iv)-d
  • C(i)-b, (ii)-c, (iii)-a, (iv)-d
  • D(i)-c, (ii)-d, (iii)-b, (iv)-a
View solution
Correct Option: A
UPI → NPCI; Aadhaar → UIDAI; ABHA → NHA; Bhuvan → ISRO.

33.14 Quick Recall

ImportantQuick recall
  • Data governance = decision rights + accountability for data assets. 6 pillars: Quality · Security · Privacy · Interoperability · Open access · Compliance.
  • India Stack 4 layers: Identity (Aadhaar/UIDAI 2010) · Payment (UPI/NPCI 2016) · Data (Account Aggregator, DigiLocker, DEPA) · e-Sign.
  • Aadhaar: 12-digit; UIDAI 2009; Aadhaar Act 2016; K.S. Puttaswamy v UoI (2017) — right to privacy as fundamental right (Article 21).
  • Indian digital governance flagship initiatives: DigiLocker · UMANG · CoWIN · ABDM/ABHA · MyGov · PRAGATI · API Setu · DBT · JAM Trinity (Jan Dhan + Aadhaar + Mobile) · GSTN · NAD · ABC · UDISE+ · DIKSHA · NDEAR · SWAYAM · Bhuvan · PM-WANI · BharatNet · Smart Cities Mission · Digital India Programme · IndiaAI Mission (2024).
  • Coordinating bodies: MeitY (apex) · NIC (since 1976) · NeGD (e-Gov) · UIDAI (Aadhaar) · NPCI (payments, 2008) · CERT-In (cybersecurity, 2004) · C-DAC · STQC · NHA (health data) · NITI Aayog.
  • IT Act 2000 (amended 2008): Sec 43A · Sec 66 · Sec 66F · Sec 67 · Sec 69 · Sec 70 · Sec 79 (intermediary safe harbour). IT Rules 2011 (SPDI) · IT Rules 2021 (intermediaries + digital media ethics).
  • DPDP Act 2023: India’s GDPR. Terms — Data Principal (subject) · Data Fiduciary (controller) · Data Processor · SDF. Rights: access, correction, erasure, grievance, nomination. Penalty up to ₹250 cr. Data Protection Board (DPB).
  • Other laws: Aadhaar Act 2016 · RTI Act 2005 · Bharatiya Nyaya Sanhita 2023 · Telecom Act 2023.
  • Open data: OGD Platform data.gov.in (2012, MeitY/NIC) · NDSAP 2012. Open Data Charter (2015): 8 principles. FAIR (2016): Findable · Accessible · Interoperable · Reusable. Tim Berners-Lee 5-star scheme.
  • Cybersecurity: CERT-In (MeitY) · NCIIPC (NTRO, critical infra) · NCSC (PMO) · I4C (MHA, cyber crime) · NCRB · CCMP.
  • e-Governance models: G2C · G2B · G2E · G2G. 5 UN maturity stages: Emerging · Enhanced · Interactive · Transactional · Connected.
  • Frontier: AI in governance · predictive policing · algorithmic accountability · differential privacy · federated learning · IndiaAI Mission 2024 · AI4Bharat · Bhashini.