THE INTERPLAY OF NATIONAL GEOSPATIAL POLICY AND PERSONAL DATA LAWS
Updated: May 2, 2021
This Article has been authored by Akanksha Vashistha, a student at West Bengal National University of Juridical Sciences, Kolkata.
On February 15, 2021, the Department of Science and Technology announced sweeping changes in the country’s Mapping Policy. This comprises a liberalisation in regulations on geospatial data and modern mapping technologies in the country, specifically for Indian companies. The governmental action comes amidst its commitment to the motto of Aatma Nirbhar Bharat with a $5 trillion economy.
The article aims at critiquing these recent amendments made in the National Geo-Spatial Policy. Second, it tries to highlight the possible concerns which might arise as a result of this governmental initiative and intertwine its interaction with other legislations at play. This is followed by an appropriate conclusion in favour of the new rules as per a cost-benefit analysis.
Indian Experience with Geospatial data
Geo Spatial Data refers to “positional data with or without attribute data tagged, whether in the form of images, videos, vector, voxel and/or raster datasets or any other type of geospatial dataset in digitized or non-digitized form or web-services”. It includes locational information whether natural or manmade, imaginary or physical, above the ground or below the ground, points of interest, natural phenomena, mobility data, weather patterns, statistical information etc. The data capturing is possible through ground based survey techniques, unmanned aerial vehicles, mobile mapping system, photogrammetry, RADAR, satellite-based remote sensing etc.
Ability to access location in the digital ecosystem has unlocked various boons and is aiding towards a sustainably developed economy with various environmental, social and economic opportunities. Geospatial technology plays a key role in analysing calamities, offering better solutions in making logistics, e-commerce and related businesses more efficient through availability of accurate locations. Moreover, it also aids in enhancing the efficiency of agricultural, mining, infrastructure and other sectors crucial for the economy.
The present policy is a complete reverse stance from what geospatial data regulation was understood in 2016 after the Pathankot attacks. With the widely available Google mapping technology having aided the terrorists to launch an attack, as a response to the security threat to the nation, the government in 2016 had introduced the Geospatial Information Regulation Bill (GIRB). The Bill, introduced without registering the concerns of stakeholders restricted the geospatial data usage, allowing it only after obtaining a license from the Security Vetting Authority. A violation of the Bill invited severe punitive measures.
Veering away from these concerns and in order to pursue the mission of Atmanirbhar Bharat, the government has given effect to the present policy of liberalising the geospatial mapping policy that would not only invite innovations from almost every sector of the economy but also aid in enhancing the ease of doing business in the country. This availability of information to the public is also a reason for the wide redundancy confidentiality brings when the entire world has moved on to exchanging geospatial data.
National Geospatial Policy, 2021
Applicable to geospatial data, maps, and product solutions offered by government, independent bodies, research and academic institutions, and private organisations or individuals, the latest guidelines remove almost all the formalities associated with accessing the geospatial data. This includes removal of any prior approval requirement, security clearance, licensing procedure or any other restriction or permission that was essential prior to the latest guidelines on “collection, generation, preparation, dissemination, storage, publication, updating and/or digitization”. Entities will have complete freedom in operating, selling, publishing, destructing, and swapping these data, inter alia. As there is cessation of the requirement for any security clearance, the entities are merely required to give a self-certification to convey their adherence to the guidelines.
The guidelines mention the establishment of a Geospatial Data Promotion and Development Committee by the Department of Science and Technology. The Committee would be given the task of producing a negative list on certain sensitive attributes which are to be kept in mind before acquisition of data. However, the guidelines mention that the list would be very specific and efforts will be made to ensure minimum restrictions on data providing as enhancing ease of doing business is the prime focus of the government. This prospective list will not contain any prohibited area but those locations which will not be marked on the data map.
Geospatial Data and Data Protection
Initially, the availability of geospatial information invited debates concerning the security of the nation. However, along with it personal data protection as well has acquired the cynosure in present course of discussion. With the controversial draft GIRB not having been brought into effect, there still lies the scope of reading geospatial data in the Personal Data Protection laws. As per the General Data Protection Regulation in Europe, geospatial data is a part of data protection legislation when the location of natural persons is assessed. With an almost liberalisation of the availability and usage, geospatial data in India has to come under the ambit of data protection. As per §91(1) of the Data Protection Bill, the government can make any policy pertaining to the path of digital economy, provided such policy does not govern personal data. As per the proposition of Justice B.N. Srikrishna Committee, storage of geospatial data also needs to follow the general privacy principles and the same may be counted in critical or sensitive personal data. Concerning commercial or civilian use, the data is to be exchanged and used in a fair and reasonable manner and for the designated purpose. The data protection law provides for the establishment of a Data Protection Authority. Officials consider it an overlap to implement certain functions which the Security Vetting Authority under draft GDRB would have performed.
As notified in the current guidelines, the Geospatial Data Promotion Committee will maintain a negative list that would comprise areas not marked on the maps among other sensitive attributes. While the list perhaps would aim at maintaining the confidentiality of India’s security hotspots learning from the Pathankot attacks, concerns might be on how civilian privacy would be ensured with a wide exchange of data across the network as the negative list will not really prohibit public from accessing locations. The guidelines merely require entities to provide a self-certification before acquiring the data which merely requires a person to provide the reason for acquiring geospatial data. With this least degree of security check and complete no-interference on the part of the government, the probabilities of privacy breach might be at an all-time high.
The liberalisation of National Mapping Policy is certainly a welcome policy which is expected to have resolved a wide range of issues and complications arising out of India’s continuous maintaining of confidentiality concerning geospatial data. This includes the usage of different versions of the territorial map of India by search engines like Google. The guidelines aptly aim towards achieving the target of an Atma Nirbhar Bharat and a sustainable economy. However, legitimate focus may be shifted towards the personal data concerns such a liberalisation might lead to, especially when the government has opted for a no-interference policy. In this light, inclusion of geospatial data within the laws regulating personal data at certain instances might be a plausible approach.