33 Data and Governance
33.1 What the Syllabus Covers
Data has become one of the central instruments of governance — informing policy, monitoring service delivery, and creating accountability. The relationship works in two directions: government generates massive datasets, and good governance increasingly depends on how those datasets are managed, shared, and protected.
PYQs reliably ask: (a) name Indian Government data initiatives (OGD, Aadhaar, DigiLocker, UMANG, India Stack), (b) define data governance and its components, (c) identify the DPDP Act 2023 and IT Act 2000, and (d) match a flagship platform with its parent body (NIC, MeitY, UIDAI, RBI, NPCI).
33.2 What Is Data Governance?
Data governance is the system of decision rights and accountabilities for data assets — who can do what, with which data, under what conditions.
- Data quality — accuracy, completeness, timeliness.
- Data security — protection from unauthorised access.
- Data privacy — protecting personal information.
- Data interoperability — standards that let systems exchange data.
- Open access — making non-sensitive data available to public.
- Compliance — adherence to law and ethics.
33.2.1 Data Governance vs Data Management
- Data governance sets policy — what is allowed.
- Data management is the execution — building the systems that enforce policy.
33.3 The Indian Data Ecosystem
33.3.1 India Stack — The Digital Public Infrastructure
- Identity layer: Aadhaar (UIDAI, 2010 onwards) — 12-digit unique ID.
- Payment layer: UPI (Unified Payments Interface) — NPCI, 2016.
- Data layer: Account Aggregator framework, DigiLocker, DEPA (Data Empowerment and Protection Architecture).
- e-Sign layer: Digital signatures using Aadhaar authentication.
33.3.2 Major Digital Initiatives
| Initiative | What it does | Coordinator | Year |
|---|---|---|---|
| Aadhaar | 12-digit unique identification | UIDAI | 2010 |
| DigiLocker | Cloud locker for govt documents | MeitY / NeGD | 2015 |
| UMANG | Unified Mobile App for citizen services | MeitY / NeGD | 2017 |
| UPI | Unified Payments Interface | NPCI / RBI | 2016 |
| CoWIN | Vaccination tracking platform | MoHFW | 2021 |
| ABDM | Ayushman Bharat Digital Mission (health data) | NHA | 2021 |
| NDHM / ABHA | National Digital Health Mission / Account | NHA | 2021 |
| eSanjeevani | Telemedicine platform | MoHFW | 2020 |
| MyGov | Citizen-engagement portal | NIC | 2014 |
| PRAGATI | PM’s monitoring platform | NIC | 2015 |
| API Setu | Government API marketplace | NeGD | 2020 |
| OGD Platform | Open Government Data | NIC / MeitY | 2012 |
| NDEAR | National Digital Education Architecture | MoE | 2021 |
| DIKSHA | Digital Infra for Knowledge Sharing | NCERT / MoE | 2017 |
| GSTN | GST Network | MoF | 2017 |
| DBT | Direct Benefit Transfer | MoF | 2013 |
| JAM Trinity | Jan Dhan + Aadhaar + Mobile | MoF | 2014 |
| PMJDY | Pradhan Mantri Jan Dhan Yojana | DFS, MoF | 2014 |
| ABC | Academic Bank of Credits | UGC / NeGD | 2021 |
| NAD | National Academic Depository | NeGD | 2017 |
| Bhuvan | Geospatial portal | ISRO | 2009 |
| PM-WANI | Wi-Fi access network interface | DoT | 2020 |
| Bharat Net | National rural broadband | DoT | 2011 onwards |
| Smart Cities Mission | 100 smart cities | MoHUA | 2015 |
| Digital India Programme | Umbrella programme | MeitY | 2015 |
| National AI Portal | AI initiatives | NeGD + MeitY | 2020 |
| IndiaAI Mission | National AI mission | MeitY | 2024 |
33.3.3 Key Coordinating Bodies
- MeitY — Ministry of Electronics and Information Technology.
- NIC — National Informatics Centre (1976; under MeitY).
- NeGD — National e-Governance Division (under MeitY).
- UIDAI — Unique Identification Authority of India (2009 onwards).
- NPCI — National Payments Corporation of India (2008; RBI + IBA).
- CERT-In — Indian Computer Emergency Response Team (cybersecurity).
- C-DAC — Centre for Development of Advanced Computing.
- STQC — Standardisation, Testing and Quality Certification.
- NHA — National Health Authority (health data).
- NITI Aayog — Policy think tank.
33.4 Data Protection — Indian Legal Framework
33.4.1 IT Act 2000 and Amendments
- Enacted 2000, substantial amendment 2008.
- Establishes the legal validity of electronic records and digital signatures.
- Section 43A — compensation for failure to protect sensitive personal data.
- Section 66 — computer-related offences.
- Section 66F — cyber terrorism.
- Section 67 — publishing/transmitting obscene material electronically.
- Section 69 — power to intercept, monitor, decrypt.
- Section 70 — protected systems / Critical Information Infrastructure (NCIIPC).
- Section 79 — intermediary liability (“safe harbour”).
- IT Rules 2011 — Sensitive Personal Data or Information rules.
- IT Rules 2021 — Intermediary Guidelines & Digital Media Ethics Code.
33.4.2 DPDP Act 2023 — The Big Recent Law
- Enacted August 2023 (rules being notified in phases).
- Indian counterpart to GDPR (Europe).
- Applies to digital personal data; covers Indian and (some) foreign data fiduciaries.
-
Key terms:
- Data Fiduciary = entity that determines purpose & means of processing (= “data controller” in GDPR).
- Data Principal = individual to whom the data relates (“data subject” in GDPR).
- Data Processor = processes on behalf of fiduciary.
- Significant Data Fiduciary (SDF) = high-risk / large-scale fiduciary, with extra obligations.
- Data Principal rights: access, correction, erasure, grievance redressal, nomination.
- Penalties up to ₹250 crore for data-breach failure (highest tier).
- Data Protection Board of India (DPB) — adjudicating body.
- Consent — explicit, informed, withdrawable.
- Notice in clear language.
- Children’s data — protections for under-18.
- Cross-border data transfer — to “approved” countries (blacklist model).
33.4.3 Other Relevant Laws
- Aadhaar Act 2016 — legal basis for Aadhaar (after K.S. Puttaswamy SC judgment 2017 declared right to privacy a fundamental right under Article 21).
- Right to Information Act, 2005 (RTI) — citizen access to government records.
- Bharatiya Nyaya Sanhita, 2023 (replacing IPC) — touches on data-related offences.
- Telecom Act 2023 — interception, lawful access provisions.
33.5 Open Data and Open Government
- Open Data Charter (2015, G8 origin) — eight principles: Open by default · Timely & Comprehensive · Accessible & Usable · Comparable & Interoperable · For Improved Governance · For Inclusive Development · For Innovation.
- FAIR data: Findable · Accessible · Interoperable · Reusable.
- Tim Berners-Lee’s 5-star scheme: ★ data is online → ★★ machine-readable → ★★★ open format → ★★★★ URI-identifiable → ★★★★★ linked open data.
33.5.1 India’s Open Data Stack
- OGD Platform — data.gov.in (2012) — launched by MeitY, hosted by NIC.
- National Data Sharing and Accessibility Policy (NDSAP, 2012) — frames open data.
- Sectoral portals — NHM dashboard, NSS data, RBI DBIE, COVID data.
- Open APIs — gradually being released through API Setu.
33.6 Data-Driven Policy Initiatives
- DBT (Direct Benefit Transfer, 2013) — Aadhaar-linked direct payments to beneficiaries; estimated savings due to deduplication.
- JAM Trinity (Jan Dhan + Aadhaar + Mobile) — financial inclusion platform.
- GST (2017) — unified indirect tax system using GSTN data flows.
- NIRF (2015 onwards) — institutional rankings based on submitted data.
- AISHE (2010 onwards) — annual HE survey.
- NITI Aayog SDG India Index — state SDG performance.
- Aspirational Districts Programme (2018) — performance-based monitoring of 112 districts.
- National Achievement Survey (NAS) — student-level learning data, NCERT.
- PARAKH (NEP 2020) — holistic assessment regulator at NCERT.
33.7 Cybersecurity, Cyber Crime, and Critical Infrastructure
- CERT-In — Indian Computer Emergency Response Team (under MeitY).
- NCIIPC — National Critical Information Infrastructure Protection Centre (under NTRO).
- NCSC — National Cyber Security Coordinator (PMO).
- Cyber Crime Coordination Centre (I4C) — under MHA.
- NCRB cyber-crime data.
- CCMP — Crisis Management Plan for Cyber Attacks.
- Cyber Surakshit Bharat (capacity building for CISOs).
- National Cyber Security Strategy (under finalisation).
33.8 e-Governance — Models
- G2C — Government to Citizen (e.g., DigiLocker, UMANG, MyGov).
- G2B — Government to Business (e.g., GST portal, MCA21).
- G2E — Government to Employee (HRMS, e-Office).
- G2G — Government to Government (NIC inter-departmental).
- Emerging — basic web presence.
- Enhanced — one-way info flow.
- Interactive — two-way services.
- Transactional — citizens can transact (apply, pay, download).
- Connected / Integrated — seamless across departments.
33.9 Aadhaar — A Closer Look
- 12-digit unique identification number issued by UIDAI (Unique Identification Authority of India).
- UIDAI established 2009; legally backed by Aadhaar Act 2016.
- Voluntary in principle, but mandatory for many subsidies.
- Biometric (10 fingerprints, 2 iris, photo) + demographic.
- Largest biometric ID system globally (1.3 billion+ enrolments).
- K.S. Puttaswamy v Union of India (2017) — SC declared right to privacy a fundamental right; upheld Aadhaar Act (2018) with limitations.
- Aadhaar verification: OTP, biometric, eKYC.
33.10 Data and Education
- UDISE+ (Unified District Information System for Education Plus) — school data.
- AISHE (All India Survey on Higher Education) — annual HE survey.
- NAS (National Achievement Survey) — student learning outcomes.
- DIKSHA — teaching/learning resources platform.
- SWAYAM — MOOC platform.
- PRAGYATA / NETF — NEP 2020 digital frameworks.
- NDEAR — National Digital Education Architecture (2021).
- ABC — Academic Bank of Credits, NAD — National Academic Depository.
- NIRF — Institution rankings.
- VIDWAN — expert database, INFLIBNET.
33.11 Big Data, AI, and the Future of Governance
- Predictive analytics in welfare, policing (PredPol-style; risk of bias).
- AI ethics in governance — bias, transparency, accountability.
- Algorithmic decision-making — explainability.
- Public-sector use of GenAI — drafting, translation, citizen service.
- Data marketplaces — Account Aggregator, DEPA.
- Federated learning for privacy.
- Differential privacy for census-like data.
- AI4Bharat, Bhashini — Indian language tech (under DigitalIndia).
33.12 Theory Anchors and Frameworks
| Concept / Body | Year / Note | What it does |
|---|---|---|
| Aadhaar / UIDAI | 2009 / Act 2016 | Identity layer |
| NPCI | 2008 | UPI, RuPay, IMPS |
| India Stack | 2010s | Identity + Payment + Data + e-Sign |
| IT Act 2000 | 2000, amended 2008 | Foundational digital law |
| DPDP Act | 2023 | Privacy law (GDPR-like) |
| K.S. Puttaswamy v UoI | 2017 | Right to privacy = fundamental right |
| Aadhaar Act | 2016 | Legal basis for Aadhaar |
| OGD Platform | 2012 | data.gov.in |
| FAIR Data Principles | 2016 | Open-data stewardship |
| Open Data Charter | 2015 | 8 principles |
| Tim Berners-Lee 5-star | — | Open-data quality ladder |
| e-Governance maturity (UN) | 5 stages | Emerging → Connected |
| NIC, MeitY, NeGD | various | Coordinating bodies |
| CERT-In | 2004 | Cybersecurity response |
| CIIPC, NCSC, I4C | various | Cybersecurity ecosystem |
| Digital India Programme | 2015 | Umbrella programme |
| IndiaAI Mission | 2024 | National AI mission |
33.13 Practice Questions
"Data governance" is BEST described as:
View solution
Aadhaar is issued by:
View solution
UPI (Unified Payments Interface) is operated by:
View solution
The Digital Personal Data Protection (DPDP) Act of India was enacted in:
View solution
Under the DPDP Act 2023, the individual whose data is being processed is called a:
View solution
The Supreme Court of India declared the right to privacy a fundamental right under Article 21 in:
View solution
India's Open Government Data (OGD) platform is at:
View solution
The four layers of "India Stack" are:
View solution
DigiLocker — cloud-based locker for government-issued documents — is launched under:
View solution
The IT Act, 2000, was substantially amended in:
View solution
The "JAM Trinity" refers to:
View solution
CERT-In, India's cybersecurity response agency, is under:
View solution
DigiLocker and UMANG primarily serve which model of e-Governance?
View solution
The FAIR data principles stand for:
View solution
UDISE+ provides data on:
View solution
The Ayushman Bharat Digital Mission (ABDM / NDHM) creates a:
View solution
The Right to Information Act in India was enacted in:
View solution
Under the DPDP Act 2023, the maximum penalty for a serious data breach (failure of obligations by data fiduciary) is approximately:
View solution
India's National Informatics Centre (NIC) — IT backbone of government — falls under:
View solution
Match each initiative with its parent body:
| (i) | UPI | (a) | UIDAI |
| (ii) | Aadhaar | (b) | NHA |
| (iii) | ABHA | (c) | ISRO |
| (iv) | Bhuvan | (d) | NPCI |
View solution
33.14 Quick Recall
- Data governance = decision rights + accountability for data assets. 6 pillars: Quality · Security · Privacy · Interoperability · Open access · Compliance.
- India Stack 4 layers: Identity (Aadhaar/UIDAI 2010) · Payment (UPI/NPCI 2016) · Data (Account Aggregator, DigiLocker, DEPA) · e-Sign.
- Aadhaar: 12-digit; UIDAI 2009; Aadhaar Act 2016; K.S. Puttaswamy v UoI (2017) — right to privacy as fundamental right (Article 21).
- Indian digital governance flagship initiatives: DigiLocker · UMANG · CoWIN · ABDM/ABHA · MyGov · PRAGATI · API Setu · DBT · JAM Trinity (Jan Dhan + Aadhaar + Mobile) · GSTN · NAD · ABC · UDISE+ · DIKSHA · NDEAR · SWAYAM · Bhuvan · PM-WANI · BharatNet · Smart Cities Mission · Digital India Programme · IndiaAI Mission (2024).
- Coordinating bodies: MeitY (apex) · NIC (since 1976) · NeGD (e-Gov) · UIDAI (Aadhaar) · NPCI (payments, 2008) · CERT-In (cybersecurity, 2004) · C-DAC · STQC · NHA (health data) · NITI Aayog.
- IT Act 2000 (amended 2008): Sec 43A · Sec 66 · Sec 66F · Sec 67 · Sec 69 · Sec 70 · Sec 79 (intermediary safe harbour). IT Rules 2011 (SPDI) · IT Rules 2021 (intermediaries + digital media ethics).
- DPDP Act 2023: India’s GDPR. Terms — Data Principal (subject) · Data Fiduciary (controller) · Data Processor · SDF. Rights: access, correction, erasure, grievance, nomination. Penalty up to ₹250 cr. Data Protection Board (DPB).
- Other laws: Aadhaar Act 2016 · RTI Act 2005 · Bharatiya Nyaya Sanhita 2023 · Telecom Act 2023.
- Open data: OGD Platform data.gov.in (2012, MeitY/NIC) · NDSAP 2012. Open Data Charter (2015): 8 principles. FAIR (2016): Findable · Accessible · Interoperable · Reusable. Tim Berners-Lee 5-star scheme.
- Cybersecurity: CERT-In (MeitY) · NCIIPC (NTRO, critical infra) · NCSC (PMO) · I4C (MHA, cyber crime) · NCRB · CCMP.
- e-Governance models: G2C · G2B · G2E · G2G. 5 UN maturity stages: Emerging · Enhanced · Interactive · Transactional · Connected.
- Frontier: AI in governance · predictive policing · algorithmic accountability · differential privacy · federated learning · IndiaAI Mission 2024 · AI4Bharat · Bhashini.