Centre for Internet and Society

Big Data in Governance in India: Case Studies

2017-02-26T16:24:11Z

This research seeks to understand the most effective way of researching Big Data in the Global South. Towards this goal, the research planned for the development of a Global South big data Research Network that identifies the potential opportunities and harms of big data in the Global South and possible policy solutions and interventions.

This work has been made possible by a grant from the John D. and Catherine T. MacArthur Foundation. The conclusions, opinions, or points of view expressed in the report are those of the authors and do not necessarily represent the views of the John D. and Catherine T. MacArthur Foundation.

Introduction

The research was for a duration of 12 months and in form of an exploratory study which sought to understand the potential opportunity and harm of big data as well as to identify best practices and relevant policy recommendations. Each case study has been chosen based on the use of big data in the area and the opportunity that is present for policy recommendation and reform. Each case study will seek to answer a similar set of questions to allow for analysis across case studies.

What is Big Data

Big data has been ascribed a number of definitions and characteristics. Any study of big data must begin with first conceptualizing defining what big data is. Over the past few years, this term has been become a buzzword, used to refer to any number of characteristics of a dataset ranging from size to rate of accumulation to the technology in use.[1]

Many commentators have critiqued the term big data as a misnomer and misleading in its emphasis on size. We have done a survey of various definitions and understandings of big data and we document the significant ones below.

Computational Challenges

The condition of data sets being large and taxing the capacities of main memory, local disk, and remote disk have been seen as problems that big data solves. While this understanding of big data focusses only on one of its features—size, other characteristics posing a computational challenge to existing technologies have also been examined. The (US) National Institute of Science and Technology has defined big data as data which “exceed(s) the capacity or capability of current or conventional methods and systems.” [2]

These challenges are not merely a function of its size. Thomas Davenport provides a cohesive definition of big data in this context. According to him, big data is “data that is too big to fit on a single server, too unstructured to fit into a row-and-column database, or too continuously flowing to fit into a static data warehouse.” [3]

Data Characteristics

The most popular definition of big data was put forth in a report by Meta (now Gartner) in 2001, which looks at it in terms of the three 3V’s—volume[4], velocity and variety. It is high-volume, high-velocity and/or high-variety information assets that demand cost-effective, innovative forms of information processing that enable enhanced insight, decision making, and process automation.[5]

Aside from volume, velocity and variety, other defining characteristics of big data articulated by different commentators are— exhaustiveness,[6] granularity (fine grained and uniquely indexical),[7] scalability,[8] veracity,[9] value[10] and variability.[11] It is highly unlikely that any data-sets satisfy all of the above characteristics. Therefore, it is important to determine what permutation and combination of these gamut of attributes lead us to classifying something as big data.

Qualitative Attributes

Prof. Rob Kitchin has argued that big data is qualitatively different from traditional, small data. Small data has used sampling techniques for collection of data and has been limited in scope, temporality and size, and are “inflexible in their administration and generation.”[12]

In this respect there are two qualitative attributes of big data which distinguish them from traditional data. First, the ability of big data technologies to accommodate unstructured and diverse datasets which hitherto were of no use to data processors is a defining feature. This allows the inclusion of many new forms of data from new and data heavy sources such as social media and digital footprints. The second attribute is the relationality of big data.[13]

This relies on the presence of common fields across datasets which allow for conjoining of different databases. This attribute is usually a feature of not the size but the complexity of data enabling high degree of permutations and interactions within and across data sets.

Patterns and Inferences

Instead of focussing on the ontological attributes or computational challenges of big data, Kenneth Cukier and Viktor Mayer Schöenberger define big data in terms of what it can achieve.[14]

They defined big data as the ability to harness information in novel ways to produce useful insights or goods and services of significant value. Building on this definition, Rohan Samarajiva has categorised big data into non-behavioral big data and behavioral big data. The latter leads to insights about human behavior.[15]

Samarajiva believes that transaction-generated data (commercial as well as non-commercial) in a networked infrastructure is what constitutes behavioral big data. Scope of Research The initial scope arrived at for this case-study on role of big data in governance in India focussed on the UID Project, the Digital India Programme and the Smart Cities Mission. Digital India is a programme launched by the Government of India to ensure that Government services are made available to citizens electronically by improving online infrastructure and by increasing Internet connectivity or by making the country digitally empowered in the field of technology.[16]

The Programme has nine components, two of which focus on e-governance schemes. Read More [PDF, 1948 Kb]

[1]. Thomas Davenport, Big Data at Work: Dispelling the Myths, Uncovering the opportunities, Harvard Business Review Press, Boston, 2014.

[2]. MIT Technology Review, The Big Data Conundrum: How to Define It?, available at https://www. technologyreview.com/s/519851/the-big-data-conundrum-how-to-define-it/

[3]. Supra note 1.

[4]. What constitutes as high volume remains an unresolved matter. Intel defined Big Data volumes are emerging in organizations generating a median of 300 terabytes of data a week.

[5]. http://www.gartner.com/it-glossary/big-data/

[6]. Viktor Mayer Schöenberger and Kenneth Cukier, Big Data: A Revolution that will transform how we live, work and think” John Murray, London, 2013.

[7]. Rob Kitchin, The Data Revolution: Big Data, Open Data, Data Infrastructures and their consequences, Sage, London, 2014.

[8]. Nathan Marz and James Warren, Big Data: Principles and best practices of scalable realtime data systems, Manning Publication, New York, 2015.

[9]. Bernard Marr, Big Data: the 5 Vs everyone should know, available at https://www.linkedin. com/pulse/20140306073407-64875646-big-data-the-5-vs-everyone-must-know.

[10]. Id.

[11]. Eileen McNulty, Understanding Big Data: the 7 Vs, available at http://dataconomy.com/sevenvs-big-data/.

[12]. Supra Note 7.

[13]. Danah Boyd and Kate Crawford, Critical questions for big data. Information, Communication and Society 15(5): 662–679, available at https://www.researchgate.net/publication/281748849_Critical_questions_for_big_data_Provocations_for_a_cultural_technological_and_scholarly_ phenomenon

[14]. Supra Note 6.

[15]. Rohan Samarajiva, What is Big Data, available at http://lirneasia.net/2015/11/what-is-bigdata/.

[16]. http://www.digitalindia.gov.in/content/about-programme

For more details visit https://cis-india.org/internet-governance/blog/big-data-in-governance-in-india-case-studies

Big Data Governance Frameworks for 'Data Revolution for Sustainable Development'

Meera Manoj — 2016-07-05T13:13:32Z

A key component of the process to achieve the Sustainable Development Goals is the call for a global 'data revolution' to better understand, monitor, and implement development interventions. Recently there has been several international proposals to use big data, along with reconfigured national statistical systems, to operationalise this 'data revolution for sustainable development.' This analysis by Meera Manoj highlights the different models of collection, management, sharing, and governance of global development data that are being discussed.

1. What are the Sustainable Development Goals?

2. The Need for a Data Revolution

3. Big Data: Characteristics and Use for Development

3.1. Characteristics of Big Data

3.2. Using Big Data for Development

4. Sustainable Development and Data Rights

5. Governance Frameworks Proposed

5.1. UN Sustainable Development Solutions Network

5.2. The UN DATA Revolution Group

5.3. Organization for Economic Co-Operation and Development

5.4. The Global Partnership for Sustainable Development of Data

5.5. The World Economic Forum (WEF)

5.6. Dr. Julia Lane - A Quadruple Data Helix

5.7. Data Pop Alliance

6. Conclusion

7. Endnotes

8. Author Profile

Speaking on Big Data, Dan Ariely commented that, "Everyone talks about it, nobody really knows how to do it, and everyone thinks everyone else is doing it, so everyone claims they are doing it" [1]. This offers a useful insight into the lack of adequate discourse on the kind of governance and accountability frameworks that are needed to facilitate the developmental, sustainable, and responsible uses of big data.

In light of the recent international proposals to use big data to track the Sustainable Development Goals, this paper highlights the different models of management, sharing, and governance of data that are being discussed, and concurrently, how they conceptualise the various rights around big data and how are they to be protected.

1. What are the Sustainable Development Goals?

The Sustainable Development Goals, otherwise known as the Global Goals, build on the Millennium Development Goals (MDGs). Adopted on 1 January 2016, these universally applicable 17 goals of the 2030 Agenda for Sustainable Development, seek to end all forms of poverty, fight inequalities, tackle climate change and address a range of social needs like education, health, social protection and job opportunities over the next 15 years [2].

Source: UN Data Revolution Group, A World that Counts, 2014, p.12.

2. The Need for a Data Revolution

An overwhelming cause of concern regarding the precursor to the SDGs, the MDGs, is the data unavailability to monitor their progress. For instance, the figure below indicates that there is no five-year period when the availability of MDG related data is more than 70% of what is required. Entire groups of people and key issues remain invisible [3]. Lack of data is not only a problem for global statisticians, but also for people whose needs and demands remain invisible due to lack of quantitative representation of the same. For instance, the incidences of gender related crimes when not recorded could lead to a misconception on the achievement of the MDG of gender equality.

Source: UN, Sustainable Development Goals.

As the new goals (SDGs) cover a wider range of issues it is clear that a far higher level of detail is required. To this effect the High-Level Panel of Eminent Persons on the post-2015 agenda has called for a "data revolution for sustainable development" [4].

The world is experiencing a Data Revolution and a "data deluge." One estimate has it that 90% of the data in the world has been created in the last 2 years. As Eric Schmidt of Google in 2010 famously said, "There were 5 exabytes of information created between the dawn of civilization through 2003, but that much information is now created every 2 days [5].

In its report A World that Counts, the UN Data Revolution Group defines the data revolution as an explosion in the volume of data, the speed with which data are produced, the number of producers of data, the dissemination of data, and the range of things on which there is data, coming from new technologies such as mobile phones and the “internet of things”, and from other sources, such as qualitative data, citizen-generated data and perceptions data [6].

This data revolution in the context of sustainable development has been defined by the UN Secretary General’s Independent Expert Advisory Group (IEAG) as follows:

[T]he integration of data coming from new technologies with traditional data in order to produce relevant high‐quality information with more details and at higher frequencies to foster and monitor sustainable development. This revolution also entails the increase in accessibility to data through much more openness and transparency, and ultimately more empowered people for better policies, better decisions and greater participation and accountability, leading to better outcomes for the people and the planet [7].

The majority of such “data coming from new technologies” is what can be called big data. It is data being generated in real-time, in high velocity and volume, in a variety of forms and formats, and on an increasing range of phenomenon that are being mediated by digital technologies – from governance to human communication. Further, a good part of such big data is not about the content of the phenomenon concerned but about its process – for example, Call Detail Records are generated for each mobile phone call a person makes and it contains data about the process of the call (time, location, duration, recipient, etc.) but not about the content of the call. Big data about various governmental and human processes are becoming a crucial instrument for documenting and monitoring of the same.

3. Big Data: Characteristics and Use for Development

3.1. Characteristics of Big Data

The simplest definition of big data is that it is a dataset of more than 1 petabyte. The US Bureau of Labour Statistics terms it to be non-sampled data, characterized by the creation of databases from electronic sources whose primary purpose is something other than statistical inference [8].

The characteristics which broadly distinguish Big Data are sometimes called the “3 V’s”: more volume, more variety and higher rates of velocity [9]. Big data sources generally share some or all of these features [10]:

Digitally generated,
Passively produced,
Automatically collected,
Geographically or temporally trackable, and
Continuously analysed.

Increasingly, Big Data is recognised as creating "new possibilities for international development" [11]. It could provide faster, cheaper, more granular data and help meet growing and changing demands. It was claimed, for example, that "Google knows or is in a position to know more about France than INSEE" [12], its highly resourceful national statistical agency. To illustrate, Global Pulse gives the example of a hypothetical small household facing soaring commodity prices, particularly food and fuel [13]. They have the options of:

Getting part of their food at a nearby World Food Programme distribution centre,
Reducing mobile usage,
Temporarily taking their children out of school,
Calling a health hotline when children show signs of malnutrition related diseases, and
Venting about their frustration on social media.

Such a systemic shock of food insecurity will prompt thousands of households to react in roughly similar ways. These collective behavioural changes may show up in different digital data sources:

WFP might record that it serves twice as many meals a day,
The local mobile operator may see reduced usage,
UNICEF data may indicate that school attendance has dropped,
Health hotlines might see increased volumes of calls reporting malnutrition, and
Tweets mentioning the difficulty to “afford food” might begin to rise.

Thus the power of real-time, digital data to predict paths for development is immense. Amassing such a large volume of data which tracks practically every aspect of social behavious can revolutionize the field of official statistics and policy making.

Two points to be noted are: 1) all these data sources are not available for comparison in the real-time by default, so one task before using big data in developmental work is to make data from different sources available across agencies and make them comparable, and 2) finding repeating patterns within large data sets, sourced from varied origins, can not only allow for monitoring but also (statistically) predicting future possibilities and implications for development action.

3.2. Using Big Data for Development

There are several international organizations attempting to use such data.

Global Pulse, a United Nations initiative, launched by the Secretary-General in 2009, seeks to leverage innovations in digital data, rapid data collection and analysis to help decision-makers gain a real-time understanding of how crises impact vulnerable populations. To this end, Global Pulse is establishing an integrated, global network of Pulse Labs, anchored in Pulse Lab New York, to pilot the approach at country level [14].

The Global Working Group on Big Data for Official Statistics, created in May 2014, pursuant to Statistical Commission, makes an inventory of ongoing activities and examples regarding the use of big data, addresses concerns related to methodology, human resources, quality and confidentiality, and develops guidelines on classifying various types of big data sources [15].

There have been applications even on a national and individual level. For instance, in 2013, various sources reported that the CIA had admitted to the “full monitoring of Facebook, Twitter, and other social networks” to identify links between events and sequences or paths leading to national security threats, ultimately leading to forecasting future activities and events [16].

In the field of conflict prevention is the emerging applications to map and analyse unstructured data generated by politically active Internet use by academics, activists, civil society organizations, and even general citizens. In reference to Iran’s post-election crisis beginning in 2009, it is possible to detect web-based usage of terms that reflect a general shift from awareness towards mobilization, and eventually action within the population [17].

The "Big Data, Small Credit" report proposes that financial inclusion can be promoted by allowing consumers with mobile phones to access credit formally as customers [18].

At a national level, the biggest challenge for most big data projects is the limited or restricted access the government agencies have to potential big data sets owned by the private sector [19]. The overall consensus is that Big Data to track SDGs must complement traditional data sources [20]. This is because big data may not always be available for the entire population, or include a diverse enough sample of the population. Moreover most big data projects measure development indicators through a correlation which may not always be correct unlike official data. For instance big data might help in predicting lowered household income through reducing mobile bills while traditional data directly collects income statistics.

In a survey by the Global Working Group on Big Data for Official Statistics [21], it was found that only a few countries have developed a long-term vision for the use of big data, while many are formulating a big data strategy. Most countries have not yet defined business processes for integrating big data sources and results into their work and do not have a defined structure for managing big data projects.

Thus there exists a need to identify a governance framework for big data for sustainable development, not only at national level, but also at the international level.

4. Sustainable Development and Data Rights

Any discussion on governance frameworks would be incomplete without defining the kind of data rights they must seek to protect.

In the famous parable of the six blind men and the elephant they conclude that the elephant is like a wall, snake, spear, tree, fan or rope, depending upon where they touch. Similarly Internet experiences of individual users (what they touch) often contrast drastically with different views (what they conclude) on what would constitute data rights.

The IEAG in its report has identified the following set of data related rights, but has not defined any actual framework or process for ensuring them (yet) [22]:

Right to be counted,
Right to an identity,
Right to privacy and to ownership of personal data,
Right to due process (for example when data is used as evidence in proceedings, or in administrative decisions),
Freedom of expression,
Right to participation,
Right to non-discrimination and equality, and
Principles of consent.

Personal data is broadly defined as "any information relating to an identified or identifiable individual" [23]. Often primary data producers (users of services and devices generating data) are unaware of individual privacy infringements [24].

A survey by the Global Working Group on Big Data for Official Statistics found that only a few countries have a specific privacy framework for big data, while most apply the privacy framework for traditional statistics to big data as well [25].

Conventionally, safeguards against the re-use of big data to protect data rights have involved the “anonymization” or “de-identification” of data, to conceal individual identities. Global Pulse, for instance, is putting forth the concept of Data Philanthropy, whereby "corporations take the initiative to anonymize (strip out all personal information) their data sets and provide this data to social innovators to mine the data for insights, patterns and trends in real-time or near real-time" [26]. There however exists a debate on whether data can actually be anonymized effectively. Several state that data can never be effectively de-anonymized due to technological challenges [27]. For instance, when the New York City government released de-anonymised data sets of New York cab drivers were made re-identifiable by approaching a separate method. Within less than 2 hours work, researchers knew which driver drove every single trip in this entire dataset. It would be even be easy to calculate drivers’ gross income, or infer where they live [28].

Even the OECD opines that the current model of limiting identifiability of individuals is unsustainable. It recommends moving towards one where the focus is on transparency around how data is being used, rather than preventing specific types of use, stating that - "research funding agencies and data protection authorities should collaborate to develop an internationally recognized framework code of conduct covering the use of new forms of personal data, particularly those generated via network communication. This framework, built on best practice procedures for consent from data subjects, data sharing and re-use, anonymization methods, etc., could be adapted as necessary for specific national circumstances" [29].

Thus, there is a push for the arguement that the historical approaches to protecting privacy and confidentiality — namely, informed consent and anonymity — no longer hold [30]. Some have even suggested using big data itself to keep track of user permissions for each piece of data to act as a legal contract [31].

There is an overall consensus that any legal or regulatory mechanisms set up to mobilise the 'data revolution for sustainable development' should protect the data rights of the people [32], without any clear agreement on what these rights may be.

5. Governance Frameworks Proposed

A largely unanswered question that is posed in light of the emerging consensus on the use of Big Data for monitoring SDGs is within what sort of governance frameworks these data collection and analysis methods will operate. Methods of collection and the key actors involved in data analysis, management, storage and coordination. The role of NGOs and CSOs, if any, within these systems must be delineated. Certain key global organizations and eminent researchers have suggested the following models.

5.1. UN Sustainable Development Solutions Network

In 2012, the UN Secretary-General launched the UN Sustainable Development Solutions Network (SDSN) to mobilize global scientific and technological expertise to promote practical problem solving for sustainable development, including the design and implementation of the Sustainable Development Goals (SDGs) [33]. It has proposed the following.

Collection

The Inter-Agency and Expert Group on Sustainable Development Goal Indicators (IAEGSDG) and the United Nations Statistical Commission are to establish roadmaps for strengthening specific data collection tools that enable the monitoring of SDG indicators.

Analysis

Based on discussions with a large number of statistical offices, including Eurostat, BPS Indonesia, the OECD, the Philippines, the UK, and many others, 100 is recommended to be the maximum number of global indicators to analyse data for which NSOs can report and communicate effectively in a harmonized manner. This conclusion was strongly endorsed during the 46th UN Statistical Commission and the Expert Group Meeting on SDG indicators [34].

Specialist indicators developed by thematic communities must be used for data analysis as they include input and process metrics that are helpful complements to official indicators, which tend to be more outcome-focused. For example, the UN Inter-Agency Group on Child Mortality Estimation has developed a specialist hub responsible for analysing, checking, and improving mortality estimation. This is a leading source for child morality information for both governments and non-governmental actors [35].

Research arms of private companies such as Microsoft Research, IBM research, SAS, and R&D arms of telecom companies could directly partner with official statistical systems to share sophisticated analysing techniques [36].

Management

Four levels of monitoring, national, regional, global, and thematic, should be "organized in an integrated architecture" [37].

Countries must decide individually whether official data must be complemented with non-official indicators from big data which can add richness to the monitoring of the SDGs.

Where possible, regional monitoring should build on existing regional mechanisms, such as the Regional Economic Commissions, the Africa Peer Review Mechanism, or the Asia-Pacific Forum on Sustainable Development [38].

To coordinate thematic monitoring under the SDGs, each thematic initiative may have one or more lead specialist agencies or “custodians” as per the IAEG-MDG monitoring processes. Lead agencies would be responsible for convening multi-stakeholder groups, compiling detailed thematic reports, and encouraging ongoing dialogues on innovation. These thematic groups can become testing grounds in launching a data revolution for the SDGs, trialling new measurements and metrics that in time can feed into the global monitoring process with annual reports [39].

Schematic illustration with explanation of the indicators for national, regional, global, and thematic monitoring.
Source: UN Sustainable Development Solutions Network, Indicators and a Monitoring Framework for the Sustainable Development Goals: Launching a Data Revolution for the SDGs, 2015, p.3.

Role of NSOs

Monitoring the SDG agenda will require substantive improvements in national statistical capacity. Assessments of existing capacity to fulfil SDG monitoring expectations must be undertaken and needs be integrated into National Strategies for the Development of Statistics (NSDSs) [40].

Coordination

A Global Partnership for Sustainable Development Data must be established and a World Forum on Sustainable Development Data be convened in 2016 to create mechanisms for ongoing collaboration and innovation.

A high-level, powerful group of businesses and states must convene the various data and transparency sustainable development initiatives under one umbrella.

To ensure comparability, Global Monitoring Indicators must be harmonized across countries by one lead technical or specialist agency which will additionally coordinate data standards and collection and provide technical support.

The following table indicates the suggested Lead Agencies for individual SDGs [41].

Number	Sustainable Development Goal	Lead Agencies
1.	No Poverty	World Bank, UNDP, UNSD, UNICEF, ILO, FAO, UN-Habitat, UNISDR, WHO, CRED, UNFPA, and UN Population Division
2.	No Hunger	FAO, WHO, UNICEF, and Internal Fertilizer Industry Associaton (IFA)
3.	Good Health	WHO, UN Population Division, UNICEF, World Bank, GAVI, UN AIDS, and UN-Habitat
4.	Quality Education	UNESCO, UNICEF, and World Bank
5.	Gender Equality	UNICEF, UN Women, WHO, UNSD, ILO, UN Population Division, and UNFPA
6.	Clean Water and Sanitation	WHO/UNICEF Joint Monitoring Programme (JMP), FAO, UN Water, and UNEP
7.	Renewable Energy	Sustainable Energy for All, IEA, WHO, World Bank, and UNFCC
8.	Good Jobs and Economic Growth	IMF, World Bank, UNSD, and ILO
9.	Innovation and Infrastructure	World Bank, OECD, UNIDO, UNFCC, UNESCO, and ITU
10.	Reduced Inequalities	UNSD, World Bank, and OECD
11.	Sustainable Cities and Communities	UN-Habitat, Global City Indicators Facility, WHO, CRED, UNISDR, FAO, and UNEP
12.	Responsible Consumption	EITI, UNCTAD, UN Global Compact, FAO, UNEP Ozone Secretariat, WBCSD, GRI, IIRC, and Global Compact
13.	Climate Action	OECD DAC, UNFCCC, and IEA
14.	Life below Water	UNEP-WCMC, IUCN, and FMC
15.	Life on Land	FAO, UNEP, IUCN, and UNEP- WCMC
16.	Peace and Justice	UNODC, WHO, UNOCHA, UNCHR, IOM, OCHA, OECD, UN Global Compact, EITI, UNCTAD, UNICEF, UNESCO, and Transparency International
17.	Partnership for the Goals	BIS, IASB, IFRS, IMF, WIPO, WTO, UNSD, OECD, World Bank, OECD DAC, and SDSN

5.2. The UN DATA Revolution Group

The group constituted by the UN Secretary-General Ban Ki-moon in August 2014, is an Independent Expert Advisory Group with the aim of making concrete recommendations on bringing about a 'data revolution for sustainable development' [42]. In its report, A World that Counts, it makes the following recommendations [43].

Collection

Clear standards on data collection methods must be developed based on the UN Fundamental Principles of Official Statistics. Periodic audits must be conducted by professional and independent third parties to ensure data quality.

Governments, civil society, academia and the philanthropic sector must work together strengthening statistical literacy so that all people have capacity to input into and evaluate the quality of data.

Social entrepreneurs, private sector, academia, media, civil society and other individuals and institutions must be engaged globally with incentives (prizes, data challenges) to encourage data sharing.

Analysis

A SDGs Analysis and Visualisation Platform is to be set up for fostering private-public partnerships and community-led peer-production efforts for data analysis.

A dashboard on ”the state of the world” will engage the UN, think-tanks, academics and NGOs in analysing, and auditing data.

Academics and scientists are to analyse data to provide long-term perspectives, knowledge and data resources at all levels.

The “Global Forum of SDG-Data Users” will ensure feedback loops between data producers, processors and users to improve the usefulness of data and information produced.

A “SDGs data lab” to support the development of a first wave of SDG indicators is to be established mobilizing key public, private and civil society data providers, academics and stakeholders working with the Sustainable Development Solutions Network.

Storage

A “world statistics cloud” will store data and metadata produced by different institutions but according to common standards, rules and specifications.

Role of NSOs

Civil society organisations must share data and processing methods with private and public counterparts on the basis of agreements. They must hold governments and companies accountable using evidence on the impact of their actions, provide feedback to data producers, develop data literacy and help communities and individuals generate and use data.

NSOs are the central players of the Data Revolution. Their autonomy must be strengthened to maintain data quality. They must abandon expensive and cumbersome production processes, incorporate new data sources like big data that is human and machine-readable, compatible with geospatial information systems and available quickly enough to ensure that the data cycle matches the decision cycle. Collaborations with the private sector can boost technical and financial investments.

Coordination

Key stakeholders must create a “Global Consensus on Data”, to adopt principles concerning legal, technical, privacy, geospatial and statistical standards. Best practices related to public data such as the Open Government Partnership (OGP) and the G8 Open Data Charter are recommended foundations for such principles.

A UN-led “Global Partnership for Sustainable Development Data” is proposed, to coordinate and broker key global public-private partnerships for data sharing [44].

A “World Forum on Sustainable Development Data” and “Network of Data Innovation Networks” will be a converging point for the data ecosystem to share ideas and experiences for improvements, innovation and technology transfer.

5.3. Organization for Economic Co-Operation and Development (OECD)

The Organisation for Economic Co-operation and Development (OECD) is an inter-governmental organization that seeks to promote policies that will improve the economic and social well-being of people globally. It has made the following proposals [45].

Collection

Data is to be collected from National statistical agencies, national and international researchers and international organisations.

Role of NSOs

By leveraging the expertise of telecommunications companies and software developers, for instance, national statistical systems could potentially reduce costs and improve the availability of data to monitor development goals [46].

Coordination

National Data Forums for Social Science Data must be created for the development of social science data for improved coordination between social scientists, data producers (national statistical agencies, government departments, large private sector businesses and sources undertaking academic direction), and data curators.

Social science research communities must contribute to national plans of action after a needs assessment [47]. Research funding agencies must collaborate at the international level for a common system for referencing datasets in research publications [48].

5.4. The Global Partnership for Sustainable Development of Data

The partnership is a global network of governments, NGOs, and businesses working to strengthen the inclusivity, trust, and innovation in the way that data is used to address the world’s sustainable development efforts [49].

Analysis

There must be a common framework for information processing. At minimum, a simple lexicon must tag each datum specifying:

What: i.e. the type of information contained in the data,
Who: the observer or reporter,
How: the channel through which the data was acquired,
How much: whether the data is quantitative or qualitative, and
Where and when: the spatio-temporal granularity of the data.

Analysis of data involves filtering relevant information, summarising keywords and categorising into indicators. This intensive mining of socioeconomic data, known as “reality mining,” can be done by: (1) Continuous analysis of real time streaming data, (2) Digestion of semi-structured and unstructured data to determine perceptions, needs and wants. (3) Real-time correlation of streaming data with slowly accessible historical data repositories.

Use of big data for developmental goals can draw upon all three techniques to various degrees depending on availability of data and the specific needs.

Role of NSOs

NSOs have a pivotal part to play in the data revolution. Countries and organizations believe that big data cannot replace traditional official statistical data as it is based more on perception than facts. To quote Winston Churchill, "Do not trust any statistics that you did not fake yourself."

For instance, a study found that Google Flu Trends, to detect influenza epidemics, predicted nonspecific flu-like respiratory illnesses well but not actual flu. The mismatch was due to popular misconceptions on influenza symptoms. This has important policy implications. Doctors using Google Flu Trends may overstock on flu vaccines or be overly inclined to diagnose normal respiratory illnesses as influenza [50].

However Big Data if understood correctly, can inform where further targeted investigation is necessary and give immediate responses to favourably change outcomes.

5.5. The World Economic Forum (WEF)

The WEF is an International Organization for Public-Private Cooperation. It engages the foremost political, business and other leaders of society to shape global, regional and industry agendas [51]. In the report titled Big Data, Big Impact: New Possibilities for International Development, it makes the following recommendations [52].

Collection

Data production and development actors include individuals, public sector and the private sector. Each produce different kinds of data that have unique requirements. The private sector maintains vast troves of transactional data, much of which is "data exhaust," or data created as a by-product of other transactions. The public sector maintains enormous datasets in the form of census data, health indicators, and tax and expenditure information. The following figure highlights the different kinds of data that each sector collects and what incentives they have to share the data along with requirements to maintain such data.

World Economic Forum - Diagram on Data Commons.
Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.4.

Business models must be created to provide the appropriate incentives for private-sector actors to share data. Such models already exist in the Internet environment. For instance companies in search and social networking profit from products they offer at no charge to end users because the usage data these products generate is valuable to other ecosystem actors. Similar models could be created in garnering Big Data for SDGs. The following flowchart illustrates how different sectors must work together to incentivise data collection and sharing.

World Economic Forum - Diagram on Global Coordination.
Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.7.

5.6. Dr. Julia Lane - A Quadruple Data Helix

Dr. Julia Lane is a Professor in the Wagner School of Public Policy at New York University; and also a Provostial Fellow in Innovation Analytics and a Professor in the Center for Urban Science and Policy [53]. She has done extensive research on the uses of big data. In her paper titled "Big Data for Public Policy: A Quadruple Data Helix," she makes the following suggestions [54].

Collection

In the future there will exist a model of a quadruple data helix for data collection which will have four strands — state and city agencies, universities, private data providers, and federal agencies.i

A new set of institution, city/university data facilities, must be established. These institutions should form the backbone of the quadruple helix, with direct connections to the private sector and to the federal statistical agencies.

Analysis

There is a need for graduate training for non-traditional students, who need to understand how to use data science tools as part of their regular employment. They must identify and capture the appropriate data, understand how data science models and tools can be applied, and determine how associated errors and limitations can be identified from a social science perspective.i

Universities can act as a trusted independent third party to process, store, analyze, and disseminate data. ii

Management

The new infrastructure must ensure that data from disparate sources are collected managed and used in a manner that is informed by end users. There are many technical challenges: disparate data sets must be ingested, their provenance determined, and metadata documented. Researchers must be able to query data sets to know what data are available and how they can be used. And if data sets are to be joined, they must be joined in a scientific manner, which means that workflows need to be traced and managed in such a way that the research can be replicated.

Coordination

The role of State and City agencies is to address immediate policy issues, rather than to build long-term data infrastructures as their mandate is to work with city data than the full spectrum of available data.

5.7. Data-Pop Alliance

Data-Pop Alliance is a global coalition on Big Data and development created by the Harvard Humanitarian Initiative, MIT Media Lab, and Overseas Development Institute that brings together researchers, experts, practitioners, and activists to promote a people-centred big data revolution through collaborative research, capacity building, and community engagement [55]. It makes the following suggestions.

Collection

The idea of shared responsibility between the public and private sector is a proposed operational principles to create a deliberative space. Mechanisms and legal frameworks must be devised for private companies to share their big data under formalized and stable arrangements instead of being compelled by ad hoc requests from researchers and policymakers.

The media too, could avoid publishing statistical data collected by unexplained methodologies by employing "statistical editors" and disseminate verified information.

Role of NSOs

For official statistics, engaging with Big Data is not a technical consideration but a political obligation. In a two tier system of official and non-official statistics, the public and investors tend to distrust official figures. For instance, the results of the 2010 census in the UK are being disputed on the basis of sewage data.

It is imperative for NSOs to retain, or regain, their primary role as the legitimate custodian of knowledge and creator of a deliberative public space to democratically drive human development [56].

6. Conclusion

The Big data frameworks provide some useful insights on monitoring mechanisms though some questions remain unanswered in each model. Key actors that have been proposed include city and state agencies like NSOs, private companies, social scientists, private individuals and international research agencies. Data analysis can be through public-private collaborations, data philanthropy, and using indicators by thematic communities.

Collection

There appears consensus across models that collection must be effected through public private partnerships while providing incentives.

Analysis

While several methods of analysis have been proposed by the Global Partnership it is unclear on who will be conducting the analysis. The UNSDSN has suggested that it be conducted by academics and scientists with Julia Lane stating it must be through public private partnerships which appear more feasible and transparent.

Role of NSOs

All frameworks agree on the pivotal role of NSOs and acknowledge them as the key players and coordinators at the national level. They must be strengthened financially, technologically and politically. Most frameworks seek to empower national agencies which will coordinate collaborations with the private sector through incentives while protecting personal data.

Coordination

Several international fora have been proposed to enable coordination while there is consensus that the NSOs. A Global Partnership for Sustainable Development Data, a Global Consensus on Data and a World Forum on Sustainable Development Data have been suggested. UN organizations appear to be suggesting more responsibility for those in the UN framework with UNSDSN giving an extensive list of lead agencies (UNDP, UN Women, Who etc) while the WEF emphasises on the private sector, Data Pop Alliance on NSOs, and Prof. Lane on State and City agencies.

On an international level countries can opt to join international organization that are being setup for the purpose. It remains to be seen whether all countries globally can achieve such a feat in a coordinated manner without infringing on data rights when unanswerable to any set international organization. The burden appears to fall on civil society and market forces within the private sector to regulate this process. For instance when a private sector company starts providing large un-anonymized data sets for government use, the privacy concerns of civil society that result in them opting for the company’s competitor’s more privacy friendly products will result in a regulation through market forces. However these forces may have disparate strengths in different contexts and countries depending on market practices and information asymmetry resulting in the lack of a uniform accountability mechanism.

7. Endnotes

[1] Dan Ariely, Facebook, January 06, 2013, https://www.facebook.com/dan.ariely/posts/904383595868.

[2] United Nations Organizations, 'Sustainable Development Goals' (United Nations Sustainable Development, 26 September 2015), http://www.un.org/sustainabledevelopment/sustainable-development-goals/, accessed 6 June 2016.

[3] Data Revolution Group, 'A World that Counts: Mobilising the Data Revolution for Sustainable Development' (November 2014), http://www.undatarevolution.org/wp-content/uploads/2014/12/A-World-That-Counts2.pdf, accessed 8 June 2016.

[4] High level panel on the post-2015 development agenda , 'A New Global Partnership: Eradicate Poverty and Transform Economies through Sustainable Development'(Post2015hlp,0rg, July 2012), http://www.post2015hlp.org/, accessed 8 June 2016.

[5] Gary King, 'Ensuring the Data-Rich Future of the Social Sciences' [2011] 3(2) Science, http://gking.harvard.edu/files/datarich.pdf, accessed 8 June 2016.

[6] See [3].

[7] Ibid.

[8] Michael Horrigan, 'Big Data: A Perspective from the BLS' (Amstatorg, 1 January 2013) http://magazine.amstat.org/blog/2013/01/01/sci-policy-jan2013/, accessed 4 June 2016.

[9] UN Global Pulse, 'Big Data for Development: Challenges & Opportunities' (6 May 2012) http://www.unglobalpulse.org/sites/default/files/BigDataforDevelopment-UNGlobalPulseJune2012.pdf, accessed 5 June 2016.

[10] Emmanuel Letouzé and Johannes Jütting, 'Official Statistics, Big Data and Human Development: Towards a New Conceptual and Operational Approach' (2014) 12(3), Data-Pop Alliance White papers Series, https://www.odi.org/sites/odi.org.uk/files/odi-assets/events-documents/5161.pdf, accessed 4 June 2016.

[11] See [9].

[12] See [10].

[13] See [9].

[14] UN Global Pulse, 'About: United Nations Global Pulse' (2016) http://www.unglobalpulse.org/about-new, accessed 7 June 2016.

[15] UN Stats, 'Global Working Group' (2014) http://unstats.un.org/unsd/bigdata/, accessed 8 June 2016.

[16] New York City Press Release, ‘Mayor Bloomberg, Police Commissioner Kelly and Microsoft Unveil New, State-of-the-Art Law Enforcement Technology that Aggregates and Analyzes Existing Public Safety Data in Real Time to Provide a Comprehensive View of Potential Threats and Criminal Activity’ (New York City, 8 August 2012), http://www1.nyc.gov/office-of-the-mayor/news/291-12/mayor-bloomberg-police-commissioner-kelly-microsoft-new-state-of-the-art-law, accessed 2 July 2016.

[17] Francesco Mancini, 'New Technology and the Prevention of Violence and Conflict' (Reliefwebint, April 2013), http://reliefweb.int/sites/reliefweb.int/files/resources/ipi-e-pub-nw-technology-conflict-prevention-advance.pdf, accessed 2 July 2016.

[18] Arjuna Costa, Anamitra Deb, and Michael Kubzansky, 'Big Data, Small Credit: The Digital Revolution and Its Impact on Emerging Market Consumers,' (Omidyar, 3 March 2013) https://www.omidyar.com/sites/default/files/file_archive/insights/Big%20Data,%20Small%20Credit%20Report%202015/BDSC_Digital%20Final_RV.pdf, accessed 2 July 2016.

[19] United Nations Economic and Social Council, 'Report of the Global Working Group on Big Data for Official Statistics' (UN Stats, 3 March 2015), http://unstats.un.org/unsd/statcom/doc15/2015-4-BigData-E.pdf, accessed 8 June 2016.

[20] Ibid.

[21] Ibid.

[22] See [3].

[23] OECD, 'OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data' (23 September 1980), http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm, accessed 29 May 2016.

[24] Amir Efrati, ''Like' Button Follows Web Users' (WSJ, 18 May 2011) http://www.wsj.com/articles/SB10001424052748704281504576329441432995616, accessed 23 May 2016.

[25] See [15].

[26] Robert Kirkpatrick, 'Data Philanthropy: Public and Private Sector Data Sharing for Global Resilience' (UN Global Pulse, 16 September 2011), http://www.unglobalpulse.org/blog/data-philanthropy-public-private-sector-data-sharing-global-resilience, accessed 4 June 2016.

[27] Ibid.

[28] Arvind Narayanan, 'No silver bullet: De-identification still doesn't work' (1 April 2016), http://randomwalker.info/publications/no-silver-bullet-de-identification.pdf, accessed 3 July 2016.

[29] OECD Global Science Forum, 'New Data for Understanding the Human Condition: International Perspectives,' (February 2013) http://www.oecd.org/sti/sci-tech/new-data-for-understanding-the-human-condition.pdf, accessed 2 June 2016.

[30] S. Barocas, 'The Limits of Anonymity and Consent in the Big Data Age,' in Privacy, Big Data, and the public good: Frameworks for Engagement (Cambridge University Press, 2014).

[31] A. Pentland, 'Institutional Controls: The New Deal on Data,' in Privacy, Big Data, and the public good: Frameworks for Engagement (Cambridge University Press, 2014).

[32] See [3].

[33] UN Sustainable Development Solutions Network, 'About Us: Vision and Organization' (2012) http://unsdsn.org/about-us/vision-and-organization/, accessed 2 June 2016.

[34] UN Sustainable Development Solutions Network, 'Indicators and a Monitoring Framework for the Sustainable Development Goals: Launching a data revolution for the SDGs' (12 June 2015) http://unsdsn.org/wp-content/uploads/2015/05/150612-FINAL-SDSN-Indicator-Report1.pdf, accessed 4 June 2016.

[35] UNICEF, 'CME Info - Child Mortality Estimates' (2014) http://www.childmortality.org/, accessed 1 June 2016.

[36] See [10].

[37] UNESCO, 'Technical report by the Bureau of the United Nations Statistical Commission (UNSC) on the process of the development of an indicator framework for the goals and targets of the post-2015 development agenda' (6 March 2015) http://www.uis.unesco.org/ScienceTechnology/Documents/unsc-post-2015-draft-indicators.pdf, accessed 3 June 2016.

[38] UN, 'The Road to Dignity by 2030: Ending Poverty, Transforming All Lives and Protecting the Planet ' (4 December 2014) http://www.un.org/disabilities/documents/reports/SG_Synthesis_Report_Road_to_Dignity_by_2030.pdf, accessed 7 June 2016.

[39] Ibid.

[40] UN Sustainable Development Solutions Network, 'Data for Development: An Action Plan to Finance the Data Revolution for Sustainable Development' (10 July 2015) http://unsdsn.org/wp-content/uploads/2015/04/Data-For-Development-An-Action-Plan-July-2015.pdf, accessed 3 June 2016.

[41] See [34].

[42] UN Data Revolution Group, 'About the Independent Expert Advisory Group' (6 November 2014) http://www.undatarevolution.org/about-ieag/, accessed 4 June 2016.

[43] See [3].

[44] The Partnership has already been established, and it is developing a further framework.

[45] Organisation for Economic Co-Operation and Development), 'The Organisation for Economic Co-operation and Development (OECD): About' (2016) http://www.oecd.org/about/, accessed 2 June 2016.

[46] Organisation for Economic Co-Operation and Development, 'Strengthening National Statistical Systems to Monitor Global Goals' (2015) http://www.oecd.org/dac/POST-2015%20P21.pdf, accessed 1 June 2016.

[47] Ibid.

[48] OECD Global Science Forum, 'New Data for Understanding the Human Condition: International Perspectives' (February 2013) http://www.oecd.org/sti/sci-tech/new-data-for-understanding-the-human-condition.pdf, accessed 2 June 2016.

[49] The Global Partnership On Sustainable Development Data, 'Who We Are: The Data Ecosystem and the Global Partnership' (2016) http://www.data4sdgs.org/who-we-are/, accessed 5 June 2016.

[50] World Economic Forum, 'Big Data, Big Impact: New Possibilities for International Development' (22 January 2012) http://www3.weforum.org/docs/WEF_TC_MFS_BigDataBigImpact_Briefing_2012.pdf, accessed 8 June 2016.

[51] World Economic Forum, 'Our Mission: The World Economic Forum' (12 January 2016) https://www.weforum.org/about/world-economic-forum/, accessed 7 June 2016.

[52] See [50].

[53] Julia Lane, Homepage, http://www.julialane.org/.

[54] Julia Lane, 'Big Data for Public Policy: The Quadruple Helix' (2016) 8(1) Journal of Policy Analysis and Management, DOI:10.1002/pam.21921, accessed 1 June 2016.

[55] Data-Pop Alliance, 'Data-Pop Alliance: Our Mission' (May 2014) http://datapopalliance.org/, accessed 1 June 2016.

[56] See [10].

8. Author Profile

Meera Manoj is a law student at the Gujarat National Law University, Gandhinagar and has completed her first year. She is passionate about civil rights, feminism, economics in law and anything involving paneer. She aspires to travel the world and build up a vast library, with unparalleled sections on International Law and Archie comics.

For more details visit https://cis-india.org/internet-governance/blog/big-data-governance-frameworks-for-data-revolution-for-sustainable-development

Big Data for governance

Admin — 2017-11-08T01:42:18Z

Recent times have witnessed an explosion of data as users started leaving a huge data footprint everywhere they go. Interestingly, this period has seen a phenomenal increase in computing power couple by a drop in costs of storage.

The article by Alekhya Hanumanthu was published in Telangana Today on November 4, 2017.

India is now sitting on the data so generated and subjecting it to data analytics for uses in various sectors like insurance, education, healthcare, governance, so on and so forth.

According to Centre for Internet and Society (CIS), in 2015, the Government of Narendra Modi launched Digital India Programme to ensure availability of government services to citizens electronically by improving online infrastructure and Internet connectivity.

Amongst other things, e-Governance and e-Kranti intend to reform governance through technology and enable electronic delivery of services. Needless to say, it will involve large scale digitisation, electronic collection of data from residents and processing. The Big data so created will help policy making evolve into a data backed, action oriented initiative with accountability asserted where it is due.

Let’s take a look at some Big Data based initiatives underway according to analyticsindiamag:

Project insight: Undertaken up by Indian tax agencies, Project Insight is an advanced analytical tool that is a comprehensive platform that encourages compliance of tax while at the same time it prevents non-compliance. Significantly, it will be used to detect fraud, support investigations and provide insights for policy making. For instance, it will detect the social media activity of a person to glean their spending and check if it is commensurate with the tax they have paid during that year. Needless to say, this will also unearth sources of black money.

Economic Development Board in Andhra: CORE-CM Office Realtime Executive Dashboard is an integrated dashboard established to monitor category-wise key performance indicators of various departments/schemes in real time. Users can check key performance indicators of various departments, schemes, initiatives, programmes, etc. With a panoply of services information ranging from Women and Child Welfare to Street lights monitoring, it has become an exemplary role model of governance.

Geo-tagging of assets under Mahatma Gandhi National Rural Employment Guarantee Act (MGNREGA): Under the guidance of Narendra Modi, online monitoring of assets to check leakages Ministry of Rural development was started. To achieve this, they were tied up with ISRO and National Informatics Centre to geo tag MGNREGA assets. According to India Today, the assets created range from plantations, rural infrastructure, water harvesting structures, flood control measures such as check dams etc. To do this, a junior engineer takes a photo of an asset and uploads it on the Bhuvan web portal run by ISRO’s National Remote Sensing Centre via a mobile app. Once a photo is uploaded, time and location gets encrypted automatically. Thus, the Government hopes to hold an ironclad control of the resources thus disseminated.

CAG’s centre for Data Management and Analytics: According to Comptroller and Auditor General of India, The CAG’s Centre for Data Management and Analytics (CDMA) is going to play a catalytic role to synthesise and integrate relevant data into auditing process. According to an announcement on National Informatics Centre (NIC), it aims to build up capacity in the Indian Audit and Accounts Department in Big Data Analytics to explore the data rich environment at the Union and State levels. What’s more, this initiative of CAG of India, puts it amongst the pioneers in institutionalising data analytics in government audit in the international community.

Task Force to spruce up Employment Data: The data provided by Labour Bureau is limited and not timely enough for policymakers to assess the need for job creation. To address this gap, the Government has set up a committee tasked to fill the employment data gap and ensure the timely availability of reliable information regarding job creation. Thus the top line of Government has a direct view of where the employment gaps are so that it can facilitate creation of appropriate jobs.

What’s the big picture?

Policy making and governance by Indian government have traditionally been rife with red tape, bureaucracy and corruption. Lack of accountability on part of Government workforce not only impacted the quantity and quality of work delivered but also invited corrupt practices and leakages. So, Big data is a welcome change in direction.

For more details visit https://cis-india.org/internet-governance/news/telangana-today-november-8-2017-alekhya-hanumanthu-big-data-for-governance

Big Data and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011

elonnai — 2015-08-11T07:01:12Z

Experts and regulators across jurisdictions are examining the impact of Big Data practices on traditional data protection standards and principles. This will be a useful and pertinent exercise for India to undertake as the government and the private and public sectors begin to incorporate and rely on the use of Big Data in decision making processes and organizational operations.This blog provides an initial evaluation of how Big Data could impact India's current data protection standards.

Experts and regulators across the globe are examining the impact of Big Data practices on traditional data protection standards and principles. This will be a useful and pertinent exercise for India to undertake as the government and the private and public sectors begin to incorporate and rely on the use of Big Data in decision making processes and organizational operations.

Below is an initial evaluation of how Big Data could impact India's current data protection standards.

India currently does not have comprehensive privacy legislation - but the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules 2011 formed under section 43A of the Information Technology Act 2000[1] define a data protection framework for the processing of digital data by Body Corporate. Big Data practices will impact a number of the provisions found in the Rules:

Scope of Rules: Currently the Rules apply to Body Corporate and digital data. As per the IT Act, Body Corporate is defined as "Any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities."

The present scope of the Rules excludes from its purview a number of actors that do or could have access to Big Data or use Big Data practices. The Rules would not apply to government bodies or individuals collecting and using Big Data. Yet, with technologies such as IoT and the rise of Smart Cities across India – a range of government, public, and private organizations and actors could have access to Big Data.

Definition of personal and sensitive personal data: Rule 2(i) defines personal information as "information that relates to a natural person which either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person."

Rule 3 defines sensitive personal information as:

Password,
Financial information,
Physical/physiological/mental health condition,
Sexual orientation,
Medical records and history,
Biometric information

The present definition of personal data hinges on the factor of identification (data that is capable of identifying a person). Yet this definition does not encompass information that is associated to an already identified individual - such as habits, location, or activity.

The definition of personal data also addresses only the identification of 'such person' and does not address data that is related to a particular person but that also reveals identifying information about another person - either directly - or when combined with other data points.

By listing specific categories of sensitive personal information, the Rules do not account for additional types of sensitive personal information that might be generated or correlated through the use of Big Data analytics.

Importantly, the definitions of sensitive personal information or personal information do not address how personal or sensitive personal information - when anonymized or aggregated – should be treated.

Consent: Rule 5(1) requires that Body Corporate must, prior to collection, obtain consent in writing through letter or fax or email from the provider of sensitive personal data regarding the use of that data.

In a context where services are delivered with little or no human interaction, data is collected through sensors, data is collected on a real time and regular basis, and data is used and re-used for multiple and differing purposes - it is not practical, and often not possible, for consent to be obtained through writing, letter, fax, or email for each instance of data collection and for each use.

Notice of Collection: Rule 5(3) requires Body Corporate to provide the individual with a notice during collection of information that details the fact that information is being collected, the purpose for which the information is being collected, the intended recipients of the information, the name and address of the agency that is collecting the information and the agency that will retain the information. Furthermore body corporate should not retain information for longer than is required to meet lawful purposes.

Though this provision acts as an important element of transparency, in the context of Big Data, communicating the purpose for which data is collected, the intended recipients of the information, the name and address of the agency that is collecting the information and the agency that will retain the information could prove to be difficult to communicate as they are likely to encompass numerous agencies and change depending upon the analysis being done.

Access and correction: Rule 5(6) provides individuals with the ability to access sensitive personal information held by the body corporate and correct any inaccurate information.

This provision would be difficult to implement effectively in the context of Big Data as vast amounts of data are being generated and collected on an ongoing and real time basis and often without the knowledge of the individual.

Purpose Limitation: Rule 5(5) requires that body corporate should use information only of the purpose which it has been collected.

In the context of Big Data this provision would overlook the re-use of data that is inherent in such practices.

Security: Rule 8 states that any Body Corporate or person on its behalf will be understood to have complied with reasonable security practices and procedures if they have implemented such practices and have in place codes that address managerial, technical, operational and physical security control measures. These codes could follow the IS/ISO/IEC 27001 standard or another government approved and audited standard.

This provision importantly requires that data controllers collecting and processing data have in place strong security practices. In the context of Big Data – the security of devices that might be generating or collecting data and algorithms processing and analysing data is critical. Once generated, it might be challenging to ensure the data is being transferred to or being analysed by organisations that comply with such security practices as listed.

Data Breach : Rule 8 requires that if a data breach occurs, Body Corporate would have to be able to demonstrate that they have implemented their documented information security codes.

Though this provision holds a company accountable for the implementation of security practices, it does not address how a company should be held accountable for a large scale data breach as in the context of Big Data the scope and impact of a data breach is on a much larger scale.

Opt in and out and ability to withdraw consent : Rule 5(7) requires Body Corporate or any person on its behalf, prior to the collection of information - including sensitive personal information - must give the individual the option of not providing information and must give the individual the option of withdrawing consent. Such withdrawal must be sent in writing to the body corporate.

The feasibility of such a provision in the context of Big Data is unclear, especially in light of the fact that Big Data practices draw upon large amounts of data, generated often in real time, and from a variety of sources.

Disclosure of Information: Rule 6 maintains that disclosure of sensitive personal data can only take place with permission from the provider of such information or as agreed to through a lawful contract.

This provision addresses disclosure and does not take into account the “sharing” of information that is enabled through networked devices, as well as the increasing practice of companies to share anonymized or aggregated data.

Privacy Policy : Rule 4 requires that body corporate have in place a privacy policy on their website that provides clear and accessible statements of its practices and policies, type of personal or sensitive personal information that is being collected, purpose of the collection, usage of the information, disclosure of the information, and the reasonable security practices and procedures that have been put in place to secure the information.

In the context of Big Data where data from a variety of sources is being collected, used, and re-used it is important for policies to 'follow data' and appear in a contextualized manner. The current requirement of having Body Corporate post a single overarching privacy policy on its website could prove to be inadequate.

Remedy : Section 43A of the Act holds that if a body corporate is negligent in implementing and maintain reasonable security practices and procedures which results in wrongful loss or wrongful gain to any person, the body corporate can be held liable to pay compensation to the affected person.

This provision will provide limited remedy for an affected individual in the context of Big Data. Though important to help prevent data breaches resulting from negligent data practices, implementation of reasonable security practices and procedures cannot be the only hinging point for determining liability of a Body Corporate for violations and many of the harms possible through Big Data are not in the form of wrongful loss or wrongful gain to another person. Indeed many harms possible through Big Data are non-economic in nature – including physical invasion of privacy, and discriminatory practices that can arise from decisions based on Big Data analytics. Nor does the provision address the potential for future damage that can result from a 'Big Data data breach'.

The safeguards noted in the above section are not the only legal provisions that speak to privacy in India. There are over fifty sectoral legislation that have provisions addressing privacy - for example provisions addressing confidentiality of health and banking information. The government of India is also in the process of drafting a privacy legislation. In 2012 the Report of the Group of Experts on Privacy provided recommendations for a privacy framework in India. The Report envisioned a framework of co-regulation - with sector level self regulatory organization developing privacy codes (that are not lower than the defined national privacy principles) and that are enforced by a privacy commissioner.[2] Perhaps this method would be optimal for the regulation of Big Data- allowing for the needed flexibility and specificity in standards and device development. Though the Report notes that individuals can seek remedy from the court and the Privacy Commissioner can issue fines for a violation, the development of privacy legislation in India has yet to clearly integrate the importance of due process and remedy. With the onset of Big Data - this will become more important than ever.

Conclusion

The use and generation of Big Data in India is growing. Plans such as free wifi zones in cities[3], city wide CCTV networks with facial recognition capabilities[4], and the implementation of an identity/authentication platform for public and private services[5], are indicators towards a move of data generation that is networked and centralized, and where the line between public and private is blurred through the vast amount of data that is collected.

In such developments and innovations what is privacy and what role does privacy play? Is it the archaic inhibitor - limiting the sharing and use of data for new and innovative purposes? Will it be defined purely by legislative norms or through device/platform design as well? Is it a notion that makes consumers think twice about using a product or service or is it a practice that enables consumer and citizen uptake and trust and allows for the growth and adoption of these services?

How privacy will be regulated and how it will be perceived is still evolving across jurisdictions, technologies, and cultures - but it is clear that privacy is not being and cannot be overlooked. Governments across the world are reforming and considering current and future privacy regulation targeted towards life in a quantified society. As the Indian government begins to roll out initiatives that create a "Digital India" indeed a "quantified India", taking privacy into consideration could facilitate the uptake, expansion, and success of these practices and services. As the Indian government pursues the opportunities possible through Big Data it will be useful to review existing privacy protections and deliberate on if, and in what form, future protections for privacy and other rights will be needed.

[1]Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules 2011). Available at: http://deity.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf

[2]Group of Experts on Privacy. (2012). Report of the Group of Experts on Privacy. New Delhi: Planning Commission, Government of India. Retrieved May 20, 2015, from http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[3] NDTV. “Free Public Wi-Fi Facility in Delhi to Have Daily Data Limit. NDTV, May 25^th 2015, Available at: http://gadgets.ndtv.com/internet/news/free-public-wi-fi-facility-in-delhi-to-have-daily-data-limit-695857. Accessed: July 2^nd 2015.

[4]FindBiometrics Global Identity Management. “Surat Police Get NEC Facial Recognition CCTV System”. July 21^st 2015. Available at: http://findbiometrics.com/surat-police-nec-facial-recognition-27214/

[5]UIDAI Official Website. Available at: https://uidai.gov.in/

For more details visit https://cis-india.org/internet-governance/blog/big-data-and-information-technology-rules-2011

Big Data and Reproductive Health in India: A Case Study of the Mother and Child Tracking System

ambika — 2019-12-06T04:57:55Z

In this case study undertaken as part of the Big Data for Development (BD4D) network, Ambika Tandon evaluates the Mother and Child Tracking System (MCTS) as data-driven initiative in reproductive health at the national level in India. The study also assesses the potential of MCTS to contribute towards the big data landscape on reproductive health in the country, as the Indian state’s imagination of health informatics moves towards big data.

Case study: Download (PDF)

Introduction

The reproductive health information ecosystem in India comprises of a range of different databases across state and national levels. These collect data through a combination of manual and digital tools. Two national-level databases have been launched by the Ministry of Health and Family Welfare - the Health Management Information System (HMIS) in 2008, and the MCTS in 2009. 4 The MCTS focuses on collecting data on maternal and child health. It was instituted due to reported gaps in the HMIS, which records monthly data across health programmes including reproductive health. There are several other state-level initiatives on reproductive health data that have either been subsumed into, or run in parallel with, the MCTS.

With this case study, we aim to evaluate the MCTS as data-driven initiative in reproductive health at the national level. It will also assess its potential to contribute towards the big data landscape on reproductive health in the country, as the Indian state’s imagination of health informatics moves towards big data. The methodology for the case study involved a desk-based review of existing literature on the use of health information systems globally, as well as analysis of government reports, journal articles, media coverage, policy documents, and other material on the MCTS.

The first section of this report details the theoretical framing of the case study, drawing on the feminist critique of reproductive data systems. The second section maps the current landscape of reproductive health data produced by the state in India, with a focus on data flows, and barriers to data collection and analysis at the local and national level. The case of abortion data is used to further the argument of flawed data collection systems at the national level. Section three briefly discusses the state’s imagination of reproductive health policy and the role of data systems through a discussion on the National Health Policy, 2017 and the National Health Stack, 2018. Finally, we make some policy recommendations and identify directions for future research, taking into account the ongoing shift towards big data globally to democratise reproductive healthcare.

For more details visit https://cis-india.org/raw/big-data-reproductive-health-india-mcts

Big Data and Positive Social Change in the Developing World: A White Paper for Practitioners and Researchers

nishant — 2014-10-01T03:52:35Z

I was a part of a working group writing a white paper on big data and social change, over the last six months. This white paper was produced by a group of activists, researchers and data experts who met at the Rockefeller Foundation’s Bellagio Centre to discuss the question of whether, and how, big data is becoming a resource for positive social change in low- and middle-income countries (LMICs).

Bellagio Big Data Workshop Participants. (2014). “Big data and positive social change in the developing world: A white paper for practitioners and researchers.” Oxford: Oxford Internet Institute. Available online: http://ssrn.com/abstract=2491555.

Summary

Our working definition of big data includes, but is not limited to, sources such as social media, mobile phone use, digitally mediated transactions, the online news media, and administrative records. It can be categorised as data that is provided explicitly (e.g. social media feedback); data that is observed (e.g. mobile phone call records); and data that is inferred and derived by algorithms (for example social network structure or inflation rates). We defined four main areas where big data has potential for those interested in promoting positive social change: advocating and facilitating; describing and predicting; facilitating information exchange and promoting accountability and transparency.

In terms of advocating and facilitating, we discussed ways in which volunteered data may help organisations to open up new public spaces for discussion and awareness-building; how both aggregating data and working across different databases can be tools for building awareness, and howthe digital data commons can also configure new communities and actions (sometimes serendipitously) through data science and aggregation. Finally, we also looked at the problem of overexposure and howactivists and organisations can protect themselves and hide their digital footprints. The challenges we identified in this area were how to interpret data correctly when supplementary information may be lacking; organisational capacity constraints around processing and storing data, and issues around data dissemination, i.e. the possible negative consequences of inadvertently identifying groups or individuals.

Next, we looked at the way big data can help describe and predict, functions which are particularly important in the academic, development and humanitarian areas of work where researchers can combine data into new dynamic, high-resolution datasets to detect new correlations and surface new questions. With data such as mobile phone data and Twitter analytics, understanding the data’s comprehensiveness, meaning and bias are the main challenges, accompanied by the problem of developing new and more comprehensive ethical systems to protect data subjects where data is observed rather than volunteered.

The next group of activities discussed was facilitating information exchange. We looked at mobile-based information services, where it is possible for a platform created around a particular aim (e.g. agricultural knowledge-building) to incorporate multiple feedback loops which feed into both research and action. The pitfalls include the technical challenge of developing a platform which is lean yet multifaceted in terms of its uses, and particularly making it reliably available to low-income users. This kind of platform, addressed by big data analytics, also offers new insights through data discovery and allows the provider to steer service provision according to users’ revealed needs and priorities.

Our last category for big data use was accountability and transparency, where organisations are using crowdsourcing methods to aggregate and analyse information in real time to establish new spaces for critical discussion, awareness and action. Flows of digital information can be managed to prioritise participation and feedback, provide a safe space to engage with policy decisions and expose abuse. The main challenges are how to keep sensitive information (and informants) safe while also exposing data and making authorities accountable; how to make the work sustainable without selling data, and how to establish feedback loops so that users remain involved in the work beyond an initial posting. In the crowdsourcing context, new challenges are also arising in terms of how to verify and moderate real-time flows of information, and how to make this process itself transparent.

Finally, we also discussed the relationship between big and open data. Open data can be seen as a system of governance and a knowledge commons, whereas big data does not by its nature involve the idea of the commons, so we leaned toward the term ‘opening data’, i.e. processes which could apply to commercially generated as much as public-sector datasets. It is also important to understand where to prioritise opening, and where this may exclude people who are not using the ‘right’ technologies: for example, analogue methods (e.g. nailing a local authority budget to a town hall door every month) may be more open than ‘open’ digital data that’s available online.

Our discussion surfaced many questions to do with representation and meaning: must datasets be interpreted by people with local knowledge? For researchers to get access to data that is fully representative, do we need a data commons? How are data proprietors engaging with the power dynamics and inequalities in the research field, and how can civil society engage with the private sector on its own terms if data access is skewed towards elites? We also looked at issues of privacy and risk: do we need a contextual risk perspective rather than a single set of standards? What is the role of local knowledge in protecting data subjects, and what kinds of institutions and practices are necessary? We concluded that there is a case to be made for building a data commons for private/public data, and for setting up new and more appropriate ethical guidelines to deal with big data, since aggregating, linking and merging data present new kinds of privacy risk. In particular, organisations advocating for opening datasets must admit the limitations of anonymisation, which is currently being ascribed more power to protect data subjects than it merits in the era of big data.

Our analysis makes a strong case that it is time for civil society groups in particular to become part of the conversation about the power of data. These groups are the connectors between individuals and governments, corporations and governance institutions, and have the potential to promote big data analysis that is locally driven and rooted. Civil society groups are also crucially important but currently underrepresented in debates about privacy and the rights of technology users, and civil society as a whole has a responsibility for building critical awareness of the ways big data is being used to sort, categorise and intervene in LMICs by corporations, governments and other actors. Big data is shaping up to be one of the key battlefields of our era, incorporating many of the issues civil society activists worldwide have been working on for decades. We hope that this paper can inform organisations and
individuals as to where their particular interests may gain traction in the debate, and what their contribution may look like.

Click to download the full white paper here. (PDF, 1.95 Mb)

For more details visit https://cis-india.org/internet-governance/blog/big-data-and-positive-social-change-in-developing-world

Big Data and Governance in India

praskrishna — 2016-01-17T01:57:45Z

The Centre for Internet & Society (CIS) is happy to invite you to a discussion on the role of Big Data in governance in India with a focus on Digital India, UID Scheme and Smart Cities Mission in India on January 23, 2016 at CIS office in Bangalore from 11 a.m. to 4 p.m.

Background Note

The roundtable discussion intends to delve deeper into various issues around the role of big data in Government schemes and projects like the Digital India, the UID Scheme and the 100 Smart Cities Mission. Some of the topics would include:

Use/Assumptions about use of Big Data.
The public dialogue in the context of Big Data, rights, and governance.
Status and Role of India's data protection standards impacted by Big Data.
Legal hurdles posed by Big Data.

We look forward to making this a forum for knowledge exchange and a learning opportunity for our friends and colleagues attending the discussion.

Contact:

Vanya Rakesh vanya@cis-india.org +919586572707
Amber Sinha amber@cis-india.org +919620180343

Agenda

Introduction 11:00 am - 11.30 am	Introduction about “Big Data in the Global South: Mitigating Harms” and “Big Data in Indian Governance”.
Digital India 11.30 am - 1:00 pm	Discussion Schemes under Digital India and how Big Data pertains to them Scale and nature of data being collected Actors involved Research Methodology and coding “Cradle to grave” identity Need for privacy legislation/data protection policies
1:00 pm- 2:00 pm	Lunch
Big Data and Smart Cities 2:00 pm - 3:30pm	Discussion Use/Assumptions about use of Big Data in Smart cities. Organisations/companies driving the use of Big Data in Governance in India The public dialogue around the scheme in the context of big data, rights, and governance Impact of Big Data on India's Data Protection Standards Impact of Big Data on other legislation/policy besides privacy . What type of 'legal hurdles' could Big Data pose? Need for creating regulatory/legal framework
3:30pm-4:00pm	Tea/Coffee

Detailed Agenda

Digital India

Scope of schemes under Digital India and how Big Data pertains to them

What are the ways in which Big Data is defined?
What aspects of Digital India initiatives pertain to Big Data?
What could be the harms/benefits of Big Data for Digital India?

Scale and nature of data being collected

What do the schemes intend to quantify?

Actors involved

What kinds of issue arise in PPP model?
Questions about ownership of data, access-control and security
Application of Section 43A rules to private parties involved

Research Methodology and coding

What the relevant questions that need to be asked in mapping each scheme?
How do we view e-governance initiatives vis-a-vis privacy principles?
What are the rights of citizens, and how are they impacted?

“Cradle to grave” identity

What does ‘cradle to grave’ digital identity mean?
What is the impact of using the Aadhaar number?

Need for privacy legislation/data protection policies

What aspects of the right to privacy pertain to the schemes?
Extending the Section 43A rules to government agencies
Justice Shah committee’s nine privacy principles.

Big Data and Smart Cities

Use/Assumptions about use of Big Data in Smart cities

What can be termed as big data in the context of smart cities.
What would be the role of big data.
Where do we see use/potential use of big data in the smart cities.

What bodies/companies are driving the use of Big Data in Governance in India?

Identifying actors involved.
Defining the role of: Government bodies, Private companies like IT Companies, consultants, etc. in use of big data. Clarity on ownership, storage, use, re-use, deletion of data. Question of accountability in case of breach/misuse.

What has been the public dialogue around a scheme in the context of big data, rights, and governance?

Weighing promises of big data.
Weighing challenges of big data.
Concerns around big data- data security, privacy, digital resilience of infrastructure, risks of identity management, Circumvention of democracy, social exclusion, right to equality, right to access, etc.
Issue of governance and implementation: role of SPVs.

How are India's data protection standards impacted by Big Data?

Need for developing standards.
Drawing from existing international standards.

Are there other legislation/policy besides privacy impacted by Big Data? what type of 'legal hurdles' could Big Data pose?

Legal landscaping: impact on current laws/policies/provisions.

Need for creating regulatory/legal framework?

For more details visit https://cis-india.org/internet-governance/events/big-data-governance-india

Benefits, Harms, Rights and Regulation: A Survey of Literature on Big Data

Amber Sinha, Vanya Rakesh, Vidushi Marda and Geethanjali Jujjavarapu — 2017-03-23T02:17:56Z

This survey draws upon a range of literature including news articles, academic articles, and presentations and seeks to disaggregate the potential benefits and harms of big data, organising them into several broad categories that reflect the existing scholarly literature. The survey also recognises the non-technical big data regulatory options which are in place as well as those which have been proposed by various governments, civil society groups and academics.

The survey was edited by Sunil Abraham, Elonnai Hickok and Leilah Elmokadem

Introduction

In 2011, it was estimated that the quantity of data produced globally surpassed 1.8 zettabyte.By 2013 it had increased to 4 zettabytes. With the nascent development of the so-called ‘Internet of Things’ gathering pace, these trends are likely to continue. This expansion in the volume, velocity, and variety of data available, together with the development of innovative forms of statistical analytics, is generally referred to as “Big Data”; though there is no single agreed upon definition of the term. Although still in its initial stages, big data promises to provide new insights and solutions across a wide range of sectors, many of which would have been unimaginable even a decade ago.

Despite enormous optimism about the scope and variety of big data’s potential applications, many remain concerned about its widespread adoption, with some scholars suggesting it could generate as many harms as benefits. Most notably are the concerns about the inevitable threats to privacy associated with the generation, collection and use of large quantities of data. Concerns have also been raised regarding, for example, the lack of transparency around the design of algorithms used to process the data, over-reliance on big data analytics as opposed to traditional forms of analysis and the creation of new digital divides. The existing literature on big data is vast. However, many of the benefits and harms identified by researchers tend to focus on sector specific applications of Big Data analytics, such as predictive policing, or targeted marketing. Whilst these examples can be useful in demonstrating the diversity of big data’s possible applications, they do not offer a holistic perspective of the broader impacts of Big Data.

Click to read the full survey here

For more details visit https://cis-india.org/internet-governance/blog/benefits-harms-rights-and-regulation-survey-of-literature-on-big-data

Benefits and Harms of "Big Data"

Scott Mason — 2015-12-30T02:48:08Z

Today the quantity of data being generated is expanding at an exponential rate. From smartphones and televisions, trains and airplanes, sensor-equipped buildings and even the infrastructures of our cities, data now streams constantly from almost every sector and function of daily life.

Introduction

In 2011 it was estimated that the quantity of data produced globally would surpass 1.8 zettabyte[1]. By 2013 that had grown to 4 zettabytes[2], and with the nascent development of the so-called 'Internet of Things' gathering pace, these trends are likely to continue. This expansion in the volume, velocity, and variety of data available[3] , together with the development of innovative forms of statistical analytics, is generally referred to as "Big Data"; though there is no single agreed upon definition of the term. Although still in its initial stages, Big Data promises to provide new insights and solutions across a wide range of sectors, many of which would have been unimaginable even 10 years ago.

Despite enormous optimism about the scope and variety of Big Data's potential applications however, many remain concerned about its widespread adoption, with some scholars suggesting it could generate as many harms as benefits[4]. Most notably these have included concerns about the inevitable threats to privacy associated with the generation, collection and use of large quantities of data [5]. However, concerns have also been raised regarding, for example, the lack of transparency around the design of algorithms used to process the data, over-reliance on Big Data analytics as opposed to traditional forms of analysis and the creation of new digital divides to just name a few.

The existing literature on Big Data is vast, however many of the benefits and harms identified by researchers tend to relate to sector specific applications of Big Data analytics, such as predictive policing, or targeted marketing. Whilst these examples can be useful in demonstrating the diversity of Big Data's possible applications, it can nevertheless be difficult to gain an overall perspective of the broader impacts of Big Data as a whole. As such this article will seek to disaggregate the potential benefits and harms of Big Data, organising them into several broad categories, which are reflective of the existing scholarly literature.

What are the potential benefits of Big Data?

From politicians to business leaders, recent years have seen Big Data confidently proclaimed as a potential solution to a diverse range of problems from, world hunger and diseases, to government budget deficits and corruption. But if we look beyond the hyperbole and headlines, what do we really know about the advantages of Big Data? Given the current buzz surrounding it, the existing literature on Big Data is perhaps unsurprisingly vast, providing innumerable examples of the potential applications of Big Data from agriculture to policing. However, rather than try (and fail) to list the many possible applications of Big Data analytics across all sectors and industries, for the purposes of this article we have instead attempted to distil the various advantages of Big Data discussed within literature into the following five broad categories; Decision-Making, Efficiency & Productivity, Research & Development, Personalisation and Transparency, each of which will be discussed separately below.

Decision-Making

Whilst data analytics have always been used to improve the quality and efficiency of decision-making processes, the advent of Big Data means that the areas of our lives in which data driven decision- making plays a role is expanding dramatically; as businesses and governments become better able to exploit new data flows. Furthermore, the real-time and predictive nature of decision-making made possible by Big Data, are increasingly allowing these decisions to be automated. As a result, Big Data is providing governments and business with unprecedented opportunities to create new insights and solutions; becoming more responsive to new opportunities and better able to act quickly - and in some cases preemptively - to deal with emerging threats.

This ability of Big Data to speed up and improve decision-making processes can be applied across all sectors from transport to healthcare and is often cited within the literature as one of the key advantages of Big Data. Joh, for example, highlights the increased use of data driven predictive analysis by police forces to help them to forecast the times and geographical locations in which crimes are most likely to occur. This allows the force to redistribute their officers and resources according to anticipated need, and in certain cities has been highly effective in reducing crime rates [6]. Raghupathi meanwhile cites the case of healthcare, where predictive modelling driven by big data is being used to proactively identify patients who could benefit from preventative care or lifestyle changes[7].

One area in particular where the decision-making capabilities of Big Data are having a significant impact is in the field of risk management [8]. For instance, Big Data can allow companies to map their entire data landscape to help detect sensitive information, such as 16 digit numbers - potentially credit card data - which are not being stored according to regulatory requirements and intervene accordingly. Similarly, detailed analysis of data held about suppliers and customers can help companies to identify those in financial trouble, allowing them to act quickly to minimize their exposure to any potential default[9].

Efficiency and Productivity

In an era when many governments and businesses are facing enormous pressures on their budgets, the desire to reduce waste and inefficiency has never been greater. By providing the information and analysis needed for organisations to better manage and coordinate their operations, Big Data can help to alleviate such problems, leading to the better utilization of scarce resources and a more productive workforce [10].

Within the literature such efficiency savings are most commonly discussed in relation to reductions in energy consumption [11]. For example, a report published by Cisco notes how the city of Olso has managed to reduce the energy consumption of street-lighting by 62 percent through the use of smart solutions driven by Big Data[12]. Increasingly, however, statistical models generated by Big Data analytics are also being utilized to identify potential efficiencies in sourcing, scheduling and routing in a wide range of sectors from agriculture to transport. For example, Newell observes how many local governments are generating large databases of scanned license plates through the use of automated license plate recognition systems (ALPR), which government agencies can then use to help improve local traffic management and ease congestion[13].

Commonly these efficiency savings are only made possible by the often counter-intuitive insights generated by the Big Data models. For example, whilst a human analyst planning a truck route would always tend to avoid 'drive-bys' - bypassing one stop to reach a third before doubling back - Big Data insights can sometimes show such routes to be more efficient. In such cases efficiency saving of this kind would in all likelihood have gone unrecognised by a human analyst, not trained to look for such patterns[14].

Research, Development, and Innovation

Perhaps one of the most intriguing benefits of Big Data is its potential use in the research and development of new products and services. As is highlighted throughout the literature, Big Data can help businesses to gain an understanding of how others perceive their products or identify customer demand and adapt their marketing or indeed the design of their products accordingly[15]. Analysis of social media data, for instance, can provide valuable insights into customers' sentiments towards existing products as well as discover demands for new products and services, allowing businesses to respond more quickly to changes in customer behaviour[16].

In addition to market research, Big Data can also be used during the design and development stage of new products; for example by helping to test thousands of different variations of computer-aided designs in an expedient and cost-effective manner. In doing so, business and designers are able to better assess how minor changes to a products design may affect its cost and performance, thereby improving the cost-effectiveness of the production process and increasing profitability.

Personalisation

For many consumers, perhaps the most familiar application of Big Data is its ability to help tailor products and services to meet their individual preferences. This phenomena is most immediately noticeable on many online services such as Netflix; where data about users activities and preferences is collated and analysed to provide a personalised service, for example by suggesting films or television shows the user may enjoy based upon their previous viewing history[17]. By enabling companies to generate in-depth profiles of their customers, Big Data allows businesses to move past the 'one size fits all' approach to product and services design and instead quickly and cost-effectively adapt their services to better meet customer demand.

In addition to service personalisation, similar profiling techniques are increasingly being utilized in sectors such as healthcare. Here data about a patient's medical history, lifestyle, and even their gene expression patterns are collated, generating a detailed medical profile which can then be used to tailor treatments to meet their specific needs[18]. Targeted care of this sort can not only help to reduce costs for example by helping to avoid over-prescriptions, but may also help to improve the effectiveness of treatments and so ultimately their outcome.

Transparency

If 'knowledge is power', then, - so say Big Data enthusiasts - advances in data analytics and the quantity of data available can give consumers and citizens the knowledge to hold governments and businesses to account, as well as make more informed choices about the products and services they use. Nevertheless, data (even lots of it) does not necessarily equal knowledge. In order for citizens and consumers to be able to fully utilize the vast quantities of data available to them, they must first have some way to make sense of it. For some, Big Data analytics provides just such a solution, allowing users to easily search, compare and analyze available data, thereby helping to challenge existing information asymmetries and make business and government more transparent[19].

In the private sector, Big Data enthusiasts have claimed that Big Data holds the potential to ensure complete transparency of supply chains, enabling concerned consumers to trace the source of their products, for example to ensure that they have been sourced ethically [20]. Furthermore, Big Data is now making accessible information which was previously unavailable to average consumers and challenging companies whose business models rely on the maintenance of information asymmetries.The real-estate industry, for example, relies heavily upon its ability to acquire and control proprietary information, such as transaction data as a competitive asset. In recent years, however, many online services have allowed consumers to effectively bypass agents, by providing alternative sources of real-estate data and enabling prospective buyers and sellers to communicate directly with each other[21]. Therefore, providing consumers with access to large quantities of actionable data . Big Data can help to eliminate established information asymmetries, allowing them to make better and more informed decisions about the products they buy and the services they enlist.

This potential to harness the power of Big Data to improve transparency and accountability can also be seen in the public sector, with many scholars suggesting that greater access to government data could help to stem corruption and make politics more accountable. This view was recently endorsed by the UN who highlighted the potential uses of Big Data to improve policymaking and accountability in a report published by the Independent Expert Advisory Group on the "Data Revolution for Sustainable Development". In the report experts emphasize the potential of what they term the 'data revolution', to help achieve sustainable development goals by for example helping civil society groups and individuals to 'develop data literacy and help communities and individuals to generate and use data, to ensure accountability and make better decisions for themselves' [22].

What are the potential harms of Big Data?

Whilst it is often easy to be seduced by the utopian visions of Big Data evangelists, in order to ensure that Big Data can deliver the types of far-reaching benefits its proponents promise, it is vital that we are also sensitive to its potential harms. Within the existing literature, discussions about the potential harms of Big Data are perhaps understandably dominated by concerns about privacy. Yet as Big Data has begun to play an increasingly central role in our daily lives, a broad range of new threats have begun to emerge including issues related to security and scientific epistemology, as well as problems of marginalisation, discrimination and transparency; each of which will be discussed separately below.

Privacy

By far the biggest concern raised by researchers in relation to Big Data is its risk to privacy. Given that by its very nature Big Data requires extensive and unprecedented access to large quantities of data; it is hardly surprising that many of the benefits outlined above in one way or another exist in tension with considerations of privacy. Although many scholars have called for a broader debate on the effects of Big Data on ethical best practice ^{^[23]}, a comprehensive exploration into the complex debates surrounding the ethical implications of Big Data go far beyond the scope of this article. Instead we will simply attempt to highlight some of the major areas of concern expressed in the literature, including its effects on established principles of privacy and the implication of Big Data on the suitability of existing regulatory frameworks governing privacy and data protection.

1. Re-identification

Traditionally many Big Data enthusiasts have used de-identification - the process of anonymising data by removing personally identifiable information (PII) - as a way of justifying mass collection and use of personal data. By claiming that such measures are sufficient to ensure the privacy of users, data brokers, companies and governments have sought to deflect concerns about the privacy implications of Big Data, and suggest that it can be compliant with existing regulatory and legal frameworks on data protection.

However, many scholars remain concerned about the limits of anonymisation. As Tene and Polonetsky observe 'Once data-such as a clickstream or a cookie number-are linked to an identified individual, they become difficult to disentangle'[24]. They cite the example of University of Texas researchers Narayanan and Shmatikov, who were able to successfully re-identify anonymised Netflix user data by cross referencing it with data stored in a publicly accessible online database. As Narayanan and Shmatikov themselves explained, 'once any piece of data has been linked to a person's real identity, any association between this data and a virtual identity breaks anonymity of the latter' [25]. The quantity and variety of datasets which Big Data analytics has made associable with individuals is therefore expanding the scope of the types of data that can be considered PII, as well as undermining claims that de-identification alone is sufficient to ensure privacy for users.

2. Privacy Frameworks Obsolete?

In recent decades privacy and data protection frameworks based upon a number of so-called 'privacy principles' have formed the basis of most attempts to encourage greater consideration of privacy issues online[26]. For many however, the emergence of Big Data has raised question about the extent to which these 'principles of privacy' are workable in an era of ubiquitous data collection.

Collection Limitation and Data Minimization : Big Data by its very nature requires the collection and processing of very large and very diverse data sets. Unlike other forms scientific research and analysis which utilize various sampling techniques to identify and target the types of data most useful to the research questions, Big Data instead seeks to gather as much data as possible, in order to achieve full resolution of the phenomenon being studied, a task made much easier in recent years as a result of the proliferation of internet enabled devices and the growth of the Internet of Things. This goal of attaining comprehensive coverage exists in tension however with the key privacy principles of collection limitation and data minimization which seek to limit both the quantity and variety of data collected about an individual to the absolute minimum[27].

Purpose Limitation: Since the utility of a given dataset is often not easily identifiable at the time of collection, datasets are increasingly being processed several times for a variety of different purposes. Such practices have significant implications for the principle of purpose limitation, which aims to ensure that organizations are open about their reasons for collecting data, and that they use and process the data for no other purpose than those initially specified [28].

Notice and Consent: The principles of notice and consent have formed the cornerstones of attempts to protect privacy for decades. Nevertheless in an era of ubiquitous data collection, the notion that an individual must be required to provide their explicit consent to allow for the collection and processing of their data seems increasingly antiquated, a relic of an age when it was possible to keep track of your personal data relationships and transactions. Today as data streams become more complex, some have begun to question suitability of consent as a mechanism to protect privacy. In particular commentators have noted how given the complexity of data flows in the digital ecosystem most individuals are not well placed to make truly informed decisions about the management of their data[29]. In one study, researchers demonstrated how by creating the perceptions of control, users were more likely to share their personal information, regardless of whether or not the users had actually gained control [30]. As such, for many, the garnering of consent is increasingly becoming a symbolic box-ticking exercise which achieves little more than to irritate and inconvenience customers whilst providing a burden for companies and a hindrance to growth and innovation [31].

Access and Correction: The principle of 'access and correction' refers to the rights of individuals to obtain personal information being held about them as well as the right to erase, rectify, complete or otherwise amend that data. Aside from the well documented problems with privacy self-management, for many the real-time nature of data generation and analysis in an era of Big Data poses a number of structural challenges to this principle of privacy. As x comments, 'a good amount of data is not pre-processed in a similar fashion as traditional data warehouses. This creates a number of potential compliance problems such as difficulty erasing, retrieving or correcting data. A typical big data system is not built for interactivity, but for batch processing. This also makes the application of changes on a (presumably) static data set difficult'[32].

Opt In-Out: The notion that the provision of data should be a matter of personal choice on the part of the individual and that the individual can, if they chose decide to 'opt-out' of data collection, for example by ceasing use of a particular service, is an important component of privacy and data protection frameworks. The proliferation of internet-enabled devices, their integration into the built environment and the real-time nature of data collection and analysis however are beginning to undermine this concept. For many critics of Big Data the ubiquity of data collection points as well as the compulsory provision of data as a prerequisite for the access and use of many key online services is making opting-out of data collection not only impractical but in some cases impossible. [33]

3. "Chilling Effects"

For many scholars the normalization of large scale data collection is steadily producing a widespread perception of ubiquitous surveillance amongst users. Drawing upon Foucault's analysis of Jeremy Bentham's panopticon and the disciplinary effects of surveillance, they argue that this perception of permanent visibility can cause users to sub-consciously 'discipline' and self- regulate of their own behavior, fearful of being targeted or identified as 'abnormal' [34]. As a result, the pervasive nature of Big Data risks generating a 'chilling effect' on user behavior and free speech.

Although the notion of "chilling effects" is quite prevalent throughout the academic literature on surveillance and security, the difficulty of quantifying the perception and effects of surveillance on online behavior and practices means that there have only been a limited number of empirical studies of this phenomena, and none directly related to the chilling effects of Big Data. One study, conducted by researchers at MIT however, sought to assess the impact of Edward Snowden's revelations about NSA surveillance programs on Google search trends. Nearly 6,000 participants were asked to individually rate certain keywords for their perceived degree of privacy sensitivity along multiple dimensions. Using Google's own publicly available search data, the researchers then analyzed search patterns for these terms before and after the Snowden revelations. In doing so they were able to demonstrate a reduction of around 2.2% in searchers for those terms deemed to be most sensitive in nature. According to the researchers themselves, the results 'suggest that there is a chilling effect on search behaviour from government surveillance on the Internet'[35]. Although this study focussed on the effects on government surveillance, for many privacy advocates the growing pervasiveness of Big Data risks generating similar results. [36]

4. Dignitary Harms of Predictive Decision-Making

In addition to its potentially chilling effects on free speech, the automated nature of Big Data analytics also possess the potential to inflict so-called 'dignitary harms' on individuals, by revealing insights about themselves that they would have preferred to keep private [37].

In an infamous example, following a shopping trip to the retail chain Target, a young girl began to receive mail at her father's house advertising products for babies including, diapers, clothing, and cribs. In response, her father complained to the management of the company, incensed by what he perceived to be the company's attempts to "encourage" pregnancy in teens. A few days later however, the father was forced to contact the store again to apologies, after his daughter had confessed to him that she was indeed pregnant. It was later revealed that Target regularly analyzed the sale of key products such as supplements or unscented lotions in order to generate "pregnancy prediction" scores, which could be used to assess the likelihood that a customer was pregnant and to therefore target them with relevant offers[38]. Such cases, though anecdotal illustrate how Big Data if not adopted sensitively can lead to potential embarrassing information about users being made public.

Security

In relation to cybersecurity Big Data can be viewed to a certain extent as a double-edged sword. On the one hand, the unique capabilities of Big Data analytics can provide organizations with new and innovative methods of enhancing their cybersecurity systems. On the other however, the sheer quantity and diversity of data emanating from a variety of sources creates its own security risks.

5. "Honey-Pot"

The larger the quantities of confidential information stored by companies on their databases the more attractive those databases may appear to potential hackers.

6. Data Redundancy and Dispersion

Inherent to Big Data systems is the duplication of data to many locations in order to optimize query processing. Data is dispersed across a wide range of data repositories in different servers, in different parts of the world. As a result it may be difficult for organizations to accurately locate and secure all items of personal information.

Epistemological and Methodological Implications

In 2008 Chris Anderson infamously proclaimed the 'end of theory'. Writing for Wired Magazine, Anderson predicted that the coming age of Big Data would create a 'deluge of data' so large that the scientific methods of hypothesis, sampling and testing would be rendered 'obsolete' [39]. 'There is now a better way' Anderson insisted, 'Petabytes allow us to say: "Correlation is enough." We can stop looking for models. We can analyze the data without hypotheses about what it might show. We can throw the numbers into the biggest computing clusters the world has ever seen and let statistical algorithms find patterns where science cannot'[40].

In spite of these bold claims however, many theorists remain skeptical of Big Data's methodological benefits and have expressed concern about its potential implications for conventional scientific epistemologies. For them the increased prominence of Big Data analytics in science does not signal a paradigmatic transition to a more enlightened data-driven age, but a hollowing out of the scientific method and an abandonment of casual knowledge in favor of shallow correlative analysis[41].

7. Obfuscation

Although Big Data analytics can be utilized to study almost any phenomena where enough data exists, many theorists have warned that simply because Big Data analytics can be used does not necessarily mean that they should be used[42]. Bigger is not always better and indeed the sheer quantity of data made available to users may in fact act to obscure certain insights. Whereas traditional scientific methods use sampling techniques to identify the most important and relevant data, Big Data by contrast encourages the collection and use of as much data as possible, in an attempt to attain full resolution of the phenomena being studied. However, not all data is equally useful and simply inputting as much data as possible into an algorithm is unlikely to produce accurate results and may instead obscure key insights.

Indeed, whilst the promise of automation is central to a large part of Big Data's appeal, researchers observe that most Big Data analysis still requires an element of human judgement to filter out the 'good' data from the 'bad', and to decide what aspects of the data are relevant to the research objectives. As Boyd and Crawford observe, 'in the case of social media data, there is a 'data cleaning' process: making decisions about what attributes and variables will be counted, and which will be ignored. This process is inherently subjective"^{^[43]}.

Google's Flu Trend project provides an illustrative example of how Big Data's tendency to try to maximise data inputs can produce misleading results. Designed to accurately track flu outbreaks based upon data collected from Google searches, the project was initially proclaimed to be a great success. Gradually however it became apparent that the results being produced were not reflective of the reality on the ground. Later it was discovered that the algorithms used by the project to interpret search terms were insufficiently accurate to filter out anomalies in searches, such as those related to the 2009 H1N1 flu pandemic. As such, despite the great promise of Big Data, scholars insist it remains critical to be mindful of its limitations, remain selective about the types of data included in the analysis and exercise caution and intuition whenever interpreting its results ^{^[44]}.

8. "Apophenia"

In complete contrast to the problem of obfuscation, Boyd and Crawford observe how Big Data may also lead to the practice of 'apophenia', a phenomena whereby analysts interpret patterns where none exist, 'simply because enormous quantities of data can offer connections that radiate in all directions" ^{^[45]}. David Leinweber for example demonstrated that data mining techniques could show strong but ultimately spurious correlations between changes in the S&P 500 stock index and butter production in Bangladesh [46]. Such spurious correlation between disparate and unconnected phenomena are a common feature of Big Data analytics and risks leading to unfounded conclusions being draw from the data.

Although Leinweber's primary focus of analysis was the use of Data-Mining technologies, his observations are equally applicable to Big Data. Indeed the tendency amongst Big Data analysts to marginalise the types of domain specific expertise capable of differentiating between relevant and irrelevant correlations in favour of algorithmic automation can in many ways be seen to exacerbate many of the problems Leinweber identified.

9. From Causation to Correlation

Closely related to the problem of Aphonenia is the concern that Big Data's emphasis on correlative analysis risks leading to an abandonment of the pursuit of causal knowledge in favour of shallow descriptive accounts of scientific phenomena[47].

For many, Big Data enthusiasts 'correlation is enough', producing inherently meaningful results interpretable by anyone without the need for pre-existing theory or hypothesis. Whilst proponents of Big Data claim that such an approach allows them to produce objective knowledge, by cleansing the data of any kind of philosophical or ideological commitment, for others by neglecting the knowledge of domain experts, Big Data risks generating a shallow type of analysis, since it fails to adequately embed observations within a pre-existing body of knowledge.

This commitment to an empiricist epistemology and methodological monism is particularly problematic in the context of studies of human behaviour, where actions cannot be calculated and anticipated using quantifiable data alone. In such instances, a certain degree of qualitative analysis of social, historical and cultural variables may be required in order to make the data meaningful by embedding it within a broader body of knowledge. The abstract and intangible nature of these variables requires a great deal of expert knowledge and interpretive skill to comprehend. It is therefore vital that the knowledge of domain specific experts is properly utilized to help 'evaluate the inputs, guide the process, and evaluate the end products within the context of value and validity'[48].

As such, although Big Data can provide unrivalled accounts of "what" people do, it fundamentally fails to deliver robust explanations of "why" people do it. This problem is especially critical in the case of public policy-making since without any indication of the motivations of individuals, policy-makers can have no basis upon which to intervene to incentivise more positive outcomes.

Digital Divides and Marginalisation

Today data is a highly valuable commodity. The market for data in and of itself has been steadily growing in recent years with the business models of many online services now formulated around the strategy of harvesting data from users^{^[49]}. As with the commodification of anything however, inequalities can easily emerge between the haves and have not's. Whilst the quantity of data currently generated on a daily basis is many times greater than at any other point in human history, the vast majority of this data is owned and tightly controlled by a very small number of technology companies and data brokers. Although in some instances limited access to data may be granted to university researchers or to those willing and able to pay a fee, in many cases data remains jealously guarded by data brokers, who view it as an important competitive asset. As a result these data brokers and companies risk becoming the gatekeepers of the Big Data revolution, adjudicating not only over who can benefit from Big Data, but also in what context and under what terms. For many such inconsistencies and inequalities in access to data raises serious doubts about just how widely distributed the benefits of Big Data will be. Others go even further claiming that far from helping to alleviate inequalities, the advent of Big Data risks exacerbating already significant digital divides that exist as well as creating new ones ^{^[50]}.

10. Anti-Competitive Practices

As a result of the reluctance of large companies to share their data, there increasingly exists a divide in access between small start-ups companies and their larger and more established competitors. Thus, new entrants to the marketplace may be at a competitive disadvantage in relation to large and well established enterprises, being as they are unable to harness the analytical power of the vast quantities of data available to large companies by virtue of their privileged market position. Since the performance of many online services are today often intimately connected with the collation and use of users data, some researchers have suggested that this inequity in access to data could lead to a reduction in competition in the online marketplace, and ultimately therefore to less innovation and choice for consumers[51].

As a result researchers including Nathan Newman of New York University have called for a reassessment and reorientation of anti-trust investigations and regulatory approaches more generally to 'to focus on how control of personal data by corporations can entrench monopoly power and harm consumer welfare in an economy shaped increasingly by the power of "big data"'[52]. Similarly a report produced by the European Data Protection Supervisor concluded that, 'The scope for abuse of market dominance and harm to the consumer through refusal of access to personal information and opaque or misleading privacy policies may justify a new concept of consumer harm for competition enforcement in digital economy' [53].

11. Research

From a research perspective barriers to access to data caused by proprietary control of datasets are problematic, since certain types of research could become restricted to those privileged enough to be granted access to data. Meanwhile those denied access are left not only incapable of conducting similar research projects, but also unable to test, verify or reproduce the findings of those who do. The existence of such gatekeepers may also lead to reluctance on the part of researchers to undertake research critical of the companies, upon whom they rely for access, leading to a chilling effect on the types of research conducted[54].

12. Inequality

Whilst bold claims are regularly made about the potential of Big Data to deliver economic development and generate new innovations, some critics of remain concerned about how equally the benefits of Big Data will be distributed and the effects this could have on already established digital divides [55].

Firstly, whilst the power of Big Data is already being utilized effectively by most economically developed nations, the same cannot necessarily be said for many developing countries. A combination of lower levels of connectivity, poor information infrastructure, underinvestment in information technologies and a lack of skills and trained personnel make it far more difficult for the developing world to fully reap the rewards of Big Data. As a consequence the Big Data revolution risks deepening global economic inequality as developing countries find themselves unable to compete with data rich nations whose governments can more easily exploit the vast quantities of information generated by their technically literate and connected citizens.

Likewise, to the extent that the Big Data analytics is playing a greater role in public policy-making, the capacity of individuals to generate large quantities of data, could potentially impact upon the extent to which they can provide inputs into the policy-making process. In a country such as India for example, where there exist high levels of inequality in access to information and communication technologies and the internet, there remain large discrepancies in the quantities of data produced by individuals. As a result there is a risk that those who lack access to the means of producing data will be disenfranchised, as policy-making processes become configured to accommodate the needs and interests of a privilege minority [56].

Discrimination

13. Injudicious or Discriminatory Outcomes

Big Data presents the opportunity for governments, businesses and individuals to make better, more informed decisions at a much faster pace. Whilst this can evidently provide innumerable opportunities to increase efficiency and mitigate risk, by removing human intervention and oversight from the decision-making process Big Data analysts run the risk of becoming blind to unfair or injudicious results generated by skewed or discriminatory programming of the algorithms.

There currently exists a large number of automated decision-making algorithms in operation across a broad range of sectors including most notably perhaps those used to asses an individual's suitability for insurance or credit. In either of these cases faults in the programming or discriminatory assessment criteria can have potentially damaging implications for the individual, who may as a result be unable to attain credit or insurance. This concern with the potentially discriminatory aspects of Big Data is prevalent throughout the literature and real life examples have been identified by researchers in a large number of major sectors in which Big Data is currently being used[57].

Yu for instance, cites the case of the insurance company Progressive, which required its customers to install 'Snapsnot' - a small monitoring device - into their cars in order to receive their best rates. The device tracked and reported the customers driving habits, and offered discounts to those drivers who drove infrequently, broke smoothly, and avoided driving at night - behaviors that correlate with a lower risk of future accidents. Although this form of price differentiation provided incentives for customers to drive more carefully, it also had the unintended consequence of unfairly penalizing late-night shift workers. As Yu observes, 'for late night shift-workers, who are disproportionately poorer and from minority groups, this differential pricing provides no benefit at all. It categorizes them as similar to late-night party-goers, forcing them to carry more of the cost of the intoxicated and other irresponsible driving that happens disproportionately at night'[58].

In another example, it is noted how Big Data is increasingly being used to evaluate applicants for entry-level service jobs. One method of evaluating applicants is by the length of their commute - the rationale being that employees with shorter commutes are statistically more likely to remain in the job longer. However, since most service jobs are typically located in town centers and since poorer neighborhoods tend to be those on the outskirts of town, such criteria can have the effect of unfairly disadvantaging those living in economically deprived areas. Consequently such metrics of evaluation can therefore also unintentionally act to reinforce existing social inequalities by making it more difficult for economically disadvantaged communities to work their way out of poverty[59].

14. Lack of Algorithmic Transparency.

If data is indeed the 'oil of the 21^st century'[60] then algorithms are very much the engines which are driving innovation and economic development. For many companies the quality of their algorithms is often a crucial factor in providing them with a market advantage over their competitor. Given their importance, the secrets behind the programming of algorithms are often closely guarded by companies, and are typically classified as trade secrets and as such are protected by intellectual property rights. Whilst companies may claim that such secrecy is necessary to encourage market competition and innovation, many scholars are becoming increasingly concerned about the lack of transparency surrounding the design of these most crucial tools.

In particular there is a growing sentiment common amongst many researchers that there currently exists a chronic lack of accountability and transparency in terms of how Big Data algorithms are programmed and what criteria are used to determine outcomes ^{^[61]}. As Frank Pasquale observed,

' hidden algorithms can make (or ruin) reputations, decide the destiny of entrepreneurs, or even devastate an entire economy. Shrouded in secrecy and complexity, decisions at major Silicon Valley and Wall Street firms were long assumed to be neutral and technical. But leaks, whistleblowers, and legal disputes have shed new light on automated judgment. Self-serving and reckless behavior is surprisingly common, and easy to hide in code protected by legal and real secrecy'[62].

As such, without increased transparency in algorithmic design, instances of Big Data discrimination may go unnoticed as analyst are unable to access the information necessary to identify them.

Conclusion

Today Big Data presents us with as many challenges as it does benefits. Whilst Big Data analytics can offer incredible opportunities to reduce inefficiency, improve decision-making, and increase transparency, concerns remain about the effects of these new technologies on issues such as privacy, equality and discrimination. Although the tensions between the competing demands of Big Data advocates and their critics may appear irreconcilable; only by highlighting these points of contestation can we hope to begin to ask the types of important and difficult questions necessary to do so, including; how can we reconcile Big Data's need for massive inputs of personal information with core principles of privacy such as data minimization and collection limitation? What processes and procedures need to be put in place during the design and implementation of Big Data models and algorithms to provide sufficient transparency and accountability so as to avoid instances of discrimination? What measures can be used to help close digital divides and ensure that the benefits of Big Data are shared equitably? Questions such as these are today only just beginning to be addressed; each however, will require careful consideration and reasoned debate, if Big Data is to deliver on its promises and truly fulfil its 'revolutionary' potential.

[1] Gantz, J., &Reinsel, D. Extracting Value from Chaos, IDC, (2011), available at: http://www.emc.com/collateral/analyst-reports/idc-extracting-value-from-chaos-ar.pdf

[2] Meeker, M. & Yu, L. Internet Trends, Kleiner Perkins Caulfield Byers, (2013), http://www.slideshare.net/kleinerperkins/kpcb-internet-trends-2013 .

[3] Douglas, L. "3D Data Management: Controlling Data Volume, Velocity and Variety" . Gartner, (2001)

[4] Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society,Vol 15, Issue 5, (2012) http://www.tandfonline.com/doi/abs/10.1080/1369118X.2012.678878, Tene, O., &Polonetsky, J. Big Data for All: Privacy and User Control in the Age of Analytics, 11 Nw. J. Tech. &Intell. Prop. 239 (2013) http://scholarlycommons.law.northwestern.edu/njtip/vol11/iss5/1

[5] Ibid.,

[6] Joh. E, 'Policing by Numbers: Big Data and the Fourth Amendment', Washington Law Review, Vol. 85: 35, (2014) https://digital.law.washington.edu/dspace-law/bitstream/handle/1773.1/1319/89WLR0035.pdf?sequence=1

[7] Raghupathi, W., &Raghupathi, V. Big data analytics in healthcare: promise and potential. Health Information Science and Systems, (2014)

[8] Anderson, R., & Roberts, D. 'Big Data: Strategic Risks and Opportunities, Crowe Horwarth Global Risk Consulting Limited, (2012) https://www.crowehorwath.net/uploadedfiles/crowe-horwath-global/tabbed_content/big%20data%20strategic%20risks%20and%20opportunities%20white%20paper_risk13905.pdf

[9] Ibid.

[10] Kshetri. N, 'The Emerging role of Big Data in Key development issues: Opportunities, challenges, and concerns'. Big Data & Society (2014)http://bds.sagepub.com/content/1/2/2053951714564227.abstract,

[11] Tene, O., &Polonetsky, J. Big Data for All: Privacy and User Control in the Age of Analytics, 11 Nw. J. Tech. &Intell. Prop. 239 (2013) http://scholarlycommons.law.northwestern.edu/njtip/vol11/iss5/1

[12] Cisco, 'IoE-Driven Smart Street Lighting Project Allows Oslo to Reduce Costs, Save Energy, Provide Better Service', Cisco, (2014) Available at: http://www.cisco.com/c/dam/m/en_us/ioe/public_sector/pdfs/jurisdictions/Oslo_Jurisdiction_Profile_051214REV.pdf

[13] Newell, B, C. Local Law Enforcement Jumps on the Big Data Bandwagon: Automated License Plate Recognition Systems, Information Privacy, and Access to Government Information. University of Washington - the Information School, (2013) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2341182

[14] Morris, D. Big data could improve supply chain efficiency-if companies would let it, Fortune, August 5 2015, http://fortune.com/2015/08/05/big-data-supply-chain/

[15] Tucker, Darren S., & Wellford, Hill B., Big Mistakes Regarding Big Data, Antitrust Source, American Bar Association, (2014). Available at SSRN: http://ssrn.com/abstract=2549044

[16] Davenport, T., Barth., Bean, R. How is Big Data Different, MITSloan Management Review, Fall (2012), Available at, http://sloanreview.mit.edu/article/how-big-data-is-different/

[17] Tucker, Darren S., & Wellford, Hill B., Big Mistakes Regarding Big Data, Antitrust Source, American Bar Association, (2014). Available at SSRN: http://ssrn.com/abstract=2549044

[18] Raghupathi, W., &Raghupathi, V. Big data analytics in healthcare: promise and potential. Health Information Science and Systems, (2014)

[19] Brown, B., Chui, M., Manyika, J. 'Are you Ready for the Era of Big Data?', McKinsey Quarterly, (2011), Available at, http://www.t-systems.com/solutions/download-mckinsey-quarterly-/1148544_1/blobBinary/Study-McKinsey-Big-data.pdf ; Benady, D., 'Radical transparency will be unlocked by technology and big data', Guardian (2014) Available at: http://www.theguardian.com/sustainable-business/radical-transparency-unlocked-technology-big-data

[20] Ibid.

[21] Ibid.

[22] United Nations, A World That Counts: Mobilising the Data Revolution for Sustainable Development, Report prepared at the request of the United Nations Secretary-General,by the Independent Expert Advisory Group on a Data Revolutionfor Sustainable Development. (2014), pg. 18, see also, Hilbert, M. Big Data for Development: From Information- to Knowledge Societies (2013). Available at SSRN: http://ssrn.com/abstract=2205145

[23] Greenleaf, G. Abandon All Hope? Foreword for Issue 37(2) of the UNSW Law Journal on 'Communications Surveillance, Big Data, and the Law' ,(2014) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2490425##, Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society, Vol. 15, Issue 5, (2012) http://www.tandfonline.com/doi/abs/10.1080/1369118X.2012.678878

[24] Tene, O., &Polonetsky, J. Big Data for All: Privacy and User Control in the Age of Analytics, 11 Nw. J. Tech. &Intell. Prop. 239 (2013) http://scholarlycommons.law.northwestern.edu/njtip/vol11/iss5/1

[25] Narayanan and Shmatikov quoted in Ibid.,

[26] OECD, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, The Organization for Economic Co-Operation and Development, (1999); The European Parliament and the Council of the European Union, EU Data Protection Directive, "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data," (1995)

[27] Barocas, S., &Selbst, A, D., Big Data's Disparate Impact,California Law Review, Vol. 104, (2015). Available at SSRN: http://ssrn.com/abstract=2477899

[28] Article 29 Working Group., Opinion 03/2013 on purpose limitation, Article 29 Data Protection Working Party, (2013) available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf

[29] Solove, D, J. Privacy Self-Management and the Consent Dilemma, 126 Harv. L. Rev. 1880 (2013), Available at: http://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2093&context=faculty_publications

[30] Brandimarte, L., Acquisti, A., & Loewenstein, G., Misplaced Confidences:

Privacy and the Control Paradox, Ninth Annual Workshop on the Economics of Information Security (WEIS) June 7-8 2010, Harvard University, Cambridge, MA, (2010), available at: https://fpf.org/wp-content/uploads/2010/07/Misplaced-Confidences-acquisti-FPF.pdf

[31] Solove, D, J., Privacy Self-Management and the Consent Dilemma, 126 Harv. L. Rev. 1880 (2013), Available at: http://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2093&context=faculty_publications

[32] Yu, W, E., Data., Privacy and Big Data-Compliance Issues and Considerations, ISACA Journal, Vol. 3 2014 (2014), available at: http://www.isaca.org/Journal/archives/2014/Volume-3/Pages/Data-Privacy-and-Big-Data-Compliance-Issues-and-Considerations.aspx

[33] Ramirez, E., Brill, J., Ohlhausen, M., Wright, J., & McSweeny, T., Data Brokers: A Call for Transparency and Accountability, Federal Trade Commission (2014) https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf

[34] Michel Foucault, Discipline and Punish: The Birth of the Prison. Translated by Alan Sheridan, London: Allen Lane, Penguin, (1977)

[35] Marthews, A., & Tucker, C., Government Surveillance and Internet Search Behavior (2015), available at SSRN: http://ssrn.com/abstract=2412564

[36] Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society, Vol. 15, Issue 5, (2012)

[37] Hirsch, D., That's Unfair! Or is it? Big Data, Discrimination and the FTC's Unfairness Authority, Kentucky Law Journal, Vol. 103, available at: http://www.kentuckylawjournal.org/wp-content/uploads/2015/02/103KyLJ345.pdf

[38] Hill, K., How Target Figured Out A Teen Girl Was Pregnant Before Her Father Didhttp://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/

[39] Anderson, C (2008) "The End of Theory: The Data Deluge Makes the Scientific Method Obsolete", WIRED, June 23 2008, www.wired.com/2008/06/pb-theory/

[40] Ibid.,

[41] Kitchen, R (2014) Big Data, new epistemologies and paradigm shifts, Big Data & Society, April-June 2014: 1-12

[42] Boyd D and Crawford K (2012) Critical questions for big data. Information, Communication and Society 15(5): 662-679

[43] Ibid

[44] Lazer, D., Kennedy, R., King, G., &Vespignani, A. " The Parable of Google Flu: Traps in Big Data Analysis ." Science 343 (2014): 1203-1205. Copy at http://j.mp/1ii4ETo

[45] Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society,Vol 15, Issue 5, (2012) http://www.tandfonline.com/doi/abs/10.1080/1369118X.2012.678878

[46] Leinweber, D. (2007) 'Stupid data miner tricks: overfitting the S&P 500', The Journal of Investing, vol. 16, no. 1, pp. 15-22. http://m.shookrun.com/documents/stupidmining.pdf

[47] Boyd D and Crawford K (2012) Critical questions for big data. Information, Communication and Society 15(5): 662-679

[48] McCue, C., Data Mining and Predictive Analysis: Intelligence Gathering and Crime Analysis, Butterworth-Heinemann, (2014)

[49] De Zwart, M. J., Humphreys, S., & Van Dissel, B. Surveillance, big data and democracy: lessons for Australia from the US and UK. Http://www.unswlawjournal.unsw.edu.au/issue/volume-37-No-2. (2014) Retrieved from https://digital.library.adelaide.edu.au/dspace/handle/2440/90048

[50] Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society,Vol 15, Issue 5, (2012) http://www.tandfonline.com/doi/abs/10.1080/1369118X.2012.678878; Newman, N., Search, Antitrust and the Economics of the Control of User Data, 31 YALE J. ON REG. 401 (2014)

[51] Newman, N., The Cost of Lost Privacy: Search, Antitrust and the Economics of the Control of User Data (2013). Available at SSRN: http://ssrn.com/abstract=2265026, Newman, N. ,Search, Antitrust and the Economics of the Control of User Data, 31 YALE J. ON REG. 401 (2014)

[52] Ibid.,

[53] European Data Protection Supervisor, Privacy and competitiveness in the age of big data:

The interplay between data protection, competition law and consumer protection in the Digital Economy, (2014), available at: https://secure.edps.europa.eu/EDPSWEB/webdav/shared/Documents/Consultation/Opinions/2014/14-03-26_competitition_law_big_data_EN.pdf

[54] Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society,Vol 15, Issue 5, (2012) http://www.tandfonline.com/doi/abs/10.1080/1369118X.2012.678878

[55] Schradie, J., Big Data Not Big Enough? How the Digital Divide Leaves People Out, MediaShift, 31 July 2013, (2013), available at: http://mediashift.org/2013/07/big-data-not-big-enough-how-digital-divide-leaves-people-out/

[56] Crawford, K., The Hidden Biases in Big Data, Harvard Business Review, 1 April 2013 (2013), available at: https://hbr.org/2013/04/the-hidden-biases-in-big-data

[57] Robinson, D., Yu, H., Civil Rights, Big Data, and Our Algorithmic Future, (2014) http://bigdata.fairness.io/introduction/

[58] Ibid.

[59] Ibid

[60] Rotellla, P., Is Data The New Oil? Forbes, 2 April 2012, (2012), available at: http://www.forbes.com/sites/perryrotella/2012/04/02/is-data-the-new-oil/

[61] Barocas, S., &Selbst, A, D., Big Data's Disparate Impact,California Law Review, Vol. 104, (2015). Available at SSRN: http://ssrn.com/abstract=2477899; Kshetri. N, 'The Emerging role of Big Data in Key development issues: Opportunities, challenges, and concerns'. Big Data & Society(2014) http://bds.sagepub.com/content/1/2/2053951714564227.abstract

[62] Pasquale, F., The Black Box Society: The Secret Algorithms That Control Money and Information, Harvard University Press , (2015)

For more details visit https://cis-india.org/internet-governance/blog/benefits-and-harms-of-big-data

Analysis of Aadhaar Act in the Context of A.P. Shah Committee Principles

Vipul Kharbanda — 2016-03-17T19:43:53Z

Whilst there are a number of controversies relating to the Aadhaar Act including the fact that it was introduced in a manner so as to circumvent the majority of the opposition in the upper house of the Parliament and that it was rushed through the Lok Sabha in a mere eight days, in this paper we shall discuss the substantial aspects of the Act in relation to privacy concerns which have been raised by a number of experts. In October 2012, the Group of Experts on Privacy constituted by the Planning Commission under the chairmanship of Justice AP Shah Committee submitted its report which listed nine principles of privacy which all legislations, especially those dealing with personal should adhere to. In this paper, we shall discuss how the Aadhaar Act fares vis-à-vis these nine principles.

Introduction

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the “Aadhaar Act”) was introduced in the Lok Sabha (lower house of the Parliament) by Minister of Finance, Mr. Arun Jaitley, in on March 3, 2016, and was passed by the Lok Sabha on March 11, 2016. It was sent back by the Rajya Sabha with suggestions but the Lok Sabha rejected those suggestions, which means that the Act is now deemed to have been passed by both houses as it was originally introduced as a Money Bill. Whilst there are a number of controversies relating to the Aadhaar Act including the fact that it was introduced in a manner so as to circumvent the majority of the opposition in the upper house of the Parliament and that it was rushed through the Lok Sabha in a mere eight days, in this paper we shall discuss the substantial aspects of the Act in relation to privacy concerns which have been raised by a number of experts. In October 2012, the Group of Experts on Privacy constituted by the Planning Commission under the chairmanship of Justice AP Shah Committee submitted its report which listed nine principles of privacy which all legislations, especially those dealing with personal should adhere to. In this paper, we shall discuss how the Aadhaar Act fares vis-à-vis these nine principles.

In order for the reader to better understand the frame of reference on which we shall analyse the Aadhaar Act, the nine principles contained in the report of the Group of Experts on Privacy are explained in brief below:

Principle 1: Notice - Does the legislation/regulation require that entities governed by the Act give simple to understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them.
Principle 2: Choice and Consent - Does the legislation/regulation require that entities governed under the Act provide the individual with the option to opt in/opt out of providing their personal information.
Principle 3: Collection Limitation - Does the legislation/regulation require that entities governed under the Act collect personal information from individuals only as is necessary for a purpose identified.
Principle 4: Purpose Limitation - Does the legislation/regulation require that personal data collected and processed by entities governed by the Act be adequate and relevant to the purposes for which they are processed.
Principle 5: Access and Correction - Does the legislation/regulation allow individuals: access to personal information about them held by an entity governed by the Act; the ability to seek correction, amendments, or deletion of such information where it is inaccurate, etc.
Principle 6: Disclosure - Does the legislation ensure that information is only disclosed to third parties after notice and informed consent is obtained. Is disclosure allowed for law enforcement purposes done in accordance with laws in force.
Principle 7: Security - Does the legislation/regulation ensure that information that is collected and processed under that Act, is done so in a manner that protects against loss, unauthorized access, destruction, etc.
Principle 8: Openness - Does the legislation/regulation require that any entity processing data take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data that is collected and processed and is this information made available to all individuals in an intelligible form, using clear and plain language?
Principle 9: Accountability - Does the legislation/regulation provide for measures that ensure compliance of the privacy principles? This would include measures such as mechanisms to implement privacy policies; including tools, training, and education; and external and internal audits.

Analysis of the Aadhaar Act

The Aadhaar Act has been brought about to give legislative backing to the most ambitious individual identity programme in the world which aims to provide a unique identity number to the entire population of India. The rationale behind this scheme is to correctly identify the beneficiaries of government schemes and subsidies so that leakages in government subsidies may be reduced. In furtherance of this rationale the Aadhaar Act gives the Unique Identification Authority of India (“UIDAI”) the power to enroll individuals by collecting their demographic and biometric information and issuing an Aadhaar number to them. Below is an analysis of the Act based on the privacy principles enumerated I the A.P. Shah Committee Report.

Collection Limitation

Collection of Biometric and Demographic Information: The Aadhaar Act entitles every “resident” [1] to obtain an Aadhaar number by submitting his/her biometric (photograph, finger print, Iris scan) and demographic information (name, date of birth, address [2]) [3]. It must be noted that the Act leaves scope for further information to be included in the collection process if so specified by regulations. It must be noted that although the Act specifically provides what information can be collected, it does not specifically prohibit the collection of further information. This becomes relevant because it makes it possible for enrolling agencies to collect extra information relating to individuals without any legal implications of such act.

Authentication Records: The UIDAI is mandated to maintain authentication records for a period which is yet to be specified (and shall be specified in the regulations) but it cannot collect or keep any information regarding the purpose for which the authentication request was made [4].

Unauthorized Collection: Any person who in not authorized to collect information under the Act, and pretends that he is authorized to do so, shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to Rs. 10,000/- or both. In case of companies the maximum fine amount would be increased to Rs. 10,00,000/- [5]. It must be noted that the section, as it is currently worded seems to criminalize the act of impersonation of authorized individuals and the actual collection of information is not required to complete this offence. It is not clear if this section will apply if a person who is authorized to collect information under the Act in general, collects some information that he/she is not authorized to collect.

Notice

Notice during Collection: The Aadhaar Act requires that the agencies enrolling people for distribution of Aadhaar numbers should give people notice regarding: (a) the manner in which the information shall be used; (b) the nature of recipients with whom the information is intended to be shared during authentication; and (c) the existence of a right to access information, the procedure for making requests for such access, and details of the person or department in-charge to whom such requests can be made [6]. A failure to comply with this requirement will make the agency liable for imprisonment of upto 3 years or a fine of Rs. 10,000/- or both. In case of companies the maximum fine amount would be increased to Rs. 10,00,000/- [7]. It must be noted that the Act leaves the manner of giving such notice in the realm of regulations and does not specify how this notice is to be provided, which leaves important specifics to the realm of the executive.

Notice during Authentication: The Aadhaar Act requires that authenticating agencies shall give information to the individuals whose information is to be authenticated regarding (a) the nature of information that may be shared upon authentication; (b) the uses to which the information received during authentication may be put by the requesting entity; and (c) alternatives to submission of identity information to the requesting entity [8]. A failure to comply with this requirement will make the agency liable for imprisonment of upto 3 years or a fine of Rs. 10,000/- or both. In case of companies the maximum fine amount would be increased to Rs. 10,00,000/- [9]. Just as in the case of notice during collection, the manner in which the notice is required to be given is left to regulations leaving an unclear picture as to how comprehensive, accessible, and frequent this notice must be.

Access and Correction

Updating Information: The Aadhaar Act give the UIDAI the power to require residents to update their demographic and biometric information from time to time so as to maintain its accuracy [10].

Access to Information: The Aadhaar Act provides that Aadhaar number holders may request the UIDAI to provide access to their identity information expect their core biometric information [11]. It is not clear why access to the core biometric information [12] is not provided to an individual. Further, since section 6 seems to place the responsibility of updation and accuracy of biometric information on the individual, it is not clear how a person is supposed to know that the biometric information contained in the database has changed if he/she does not have access to the same. It may also be noted that the Aadhaar Act provides only for a request to the UIDAI for access to the information and does not make access to the information a right of the individual, this would mean that it would be entirely upon the discretion of the UIDAI to refuse to grant access to the information once a request has been made.

Alteration of Information: The Aadhaar Act gives individuals the right to request the UIDAI to alter their demographic if the same is incorrect or has changed and biometric information if it is lost or has changed. Upon receipt of such a request, if the UIDAI is satisfied, then it may make the necessary alteration and inform the individual accordingly. The Act also provides that no identity information in the Central database shall be altered except as provided in the regulations [13]. This section provides for alteration of identity information but only in the circumstances given in the section, for example demographic information cannot be changed if it has been lost, similarly biometric information cannot be changed if it is inaccurate. Further, the section does not give a right to the individual to get the information altered but only entitles him/her to request the UIDAI to make a change and the final decision is left to the “satisfaction” of the UIDAI.

Access to Authentication Record: Every individual is given the right to obtain his/her authentication record in a manner to be specified by regulations. [14]

Disclosure

Sharing during Authentication: The UIDAI is entitled to reply to any authentication query with a positive, negative or any other response which may be appropriate and may share identity information except core biometric information with the requesting entity [15]. The language in this provision is ambiguous and it is unclear what 'identity information' may be shared and why it would be necessary to share such information as Aadhaar is meant to be only a means of authentication so as to remove duplication.

Potential Disclosure during Maintenance of CIDR: The UIDAI has been given the power to appoint any one or more entities to establish and maintain the Central Identities Data Repository (CIDR) [16]. If a private entity is involved in the maintenance and establishment of the CIDR it can be presumed that there is the possibilty that they would, to some degree, have access to the information stored in the CIDR, yet there are no clear standards in the Act regarding this potential access. And the process for appointing such entities. The fact that the UIDAI has been given the freedom to appoint an outside entity to maintain a sensitive asset such as the CIDR raises security concerns.

Restriction on Sharing Information: The Aadhaar Act creates a blanket prohibition on the usage of core biometric information for any purpose other than generation of Aadhaar numbers and also prohibits its sharing for any reason whatsoever [17]. Other identity information is allowed to be shared in the manner specified under the Act or as may be specified in the regulations [18]. The Act further provides that the requesting entities shall not disclose the identity information except with the prior consent of the individual to whom the information relates [19]. There is also a prohibition on publicly displaying Aadhaar number or core biometric information except as specified by regulations [20]. Officers or the UIDAI or the employees of the agencies employed to maintain the CIDR are prohibited from revealing the information stored in the CIDR or authentication record to anyone [21]. It is not clear why an exception has been carved out and what circumstances would require publicly displaying Aadhaar numbers and core biometric information, especially since the reasons for which such important information may be displayed has been left up to regulations which have relatively less oversight. The section also provides the requesting entities with an option to further disclose information if they take consent of the individuals. This may lead to a situation where a requesting entity, perhaps the of an essential service, may take the consent of the individual to disclose his/her information in a standard form contract, without the option of saying no to such a request. It may lead to situations where the option is between giving consent to disclosure or denial or service altogether. For this reason it is necessary that there should be an opt in and opt out provision wherever a requesting entity has the power to ask for disclosure of information, so that people are not coerced into giving consent.

Disclosure in Specific Cases: The prohibition on disclosure of information (except for core biometric information) does not apply in case of any disclosure made pursuant to an order of a court not below that of a District Judge [22]. There is another exception to the prohibition on disclosure of information (including core biometric information) in the interest of national security if so directed by an officer not below the rank of a Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government. Before any such direction can take effect, it will be reviewed by an oversight committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology. Any such direction shall be valid for a period of three months and may be extended by another three months after the review by the Oversight Committee [23]. Although this provision has been criticized, and rightly so, for the lack of accountability since the entire process is being handled within the executive and there is no independent oversight, however it must be mentioned that the level of oversight provided here is similar to that provided to interception requests, which involve a much graver if not the same level of invasion of privacy.

Penalty for Disclosure: Any person who intentionally and in an unauthorized manner discloses, transmits, copies or otherwise disseminates any identity information collected in the course of enrolment or authentication shall be punishable with imprisonment of upto 3 years or a fine of Rs. 10,000/- or both. In case of companies the maximum fine amount would be increased to Rs. 10,00,000/ [24]. Further any person who intentionally and in an unathorised manner, accesses information in the CIDR [25], downloads, copies or extracts any data from the CIDR [26], or reveals or shares or distributes any identity information, shall be punishable with imprisonment of upto 3 years and a fine of not less than Rs. 10,00,000/-.

Consent

Consent for Authentication: A requesting entity has to take the consent of the individual before collecting his/her identity information for the purposes of authentication and also has to inform the individual of the alternatives to submission of the identity information [27]. Although this provision requires entities to take consent from the individuals before collecting information for authentication, however how useful this requirement of consent would be, still remains to be seen. There may be instances where a requesting entity may take the consent of the individual in a standard form contract, without the individual realizing what he/she is consenting to.

Note: The Aadhaar Act provides no requirement or standard for the form of consent that must be taken during enrollment. This is significant as it is the point at which individuals are providing raw biometric material and during previous enrollment, has been a point of weakness as the consent taken is an enabler to function creep as it allows the UIDAI to share information with engaged in delivery of welfare services [28].

Purpose

Use of Information: The authenticating entities are allowed to use the identity information only for the purpose of submission to the CIDR for authentication [29]. Further, the Act specifies that identity information available with a requesting entity shall not be used for any purpose other than that specified to the individual at the time of submitting the information for authentication [30]. The Act also provides that any authentication entity which uses the information for any purpose not already specified will be liable to punishment of imprisonment of upto 3 years or a fine of Rs. 10,000/- or both. In case of companies the maximum fine amount would be increased to Rs. 10,00,000/ [31].

Security

Security and Confidentiality of Information: It is the responsibility of the UIDAI to ensure the security and confidentiality of the identity and authentication information and it is required to take all necessary action to ensure that the information in the CIDR is protected against unauthorized access, use or disclosure and against accidental or intentional destruction, loss or damage [32]. The UIDAI is required to adopt and implement appropriate technical and organisational security measures and also ensure that its contractors do the same [33]. It is also required to ensure that the agreements entered into with its contractors impose the same conditions as are imposed on the UIDAI under the Act and that they shall act only upon the instructions of the UIDAI [34].

Biometric Information to be Electronic Record: The biometric information collected by the UIDAI has been deemed to be an “electronic record” as well as “sensitive personal data or information”, which would mean that in addition to the provisions of the Aadhaar Act, the provisions contained in the Information Technology Act, 2000 will also apply to such information [35]. It must be noted that while the Act lays down the principle that UIDAI is required to ensure the saecurity of the information, it does not lay down any guidelines as to the minimum security standards to be implemented by the Authority. However, through this section the legislature has linked the security standards contained in the IT Act to the information contained in this Act. While this is a clean way of dealing with the issue, some people may argue that the extremely sensitive nature of the information contained in the CIDR requires the standards for security to be much stricter than those provided in the IT Act. However, a perusal of Rule 8 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 shows that the Rules themselves provide that the standard of security must be commensurate with the information assets being protected. It would thus seem that the Act provides enough room to protect such important information, but perhaps leaves too much room for interpretation for such an important issue.

Penalty for Unauthorised Access: Apart from the security provisions included in the legislation, the Aadhaar Act also provides for punishment of imprisonment of upto 3 years and a fine which shall not be less than Rs. 10,00,000/-, in case of the following offences:

introduction of any virus or other computer contaminant in the CIDR [36];
causing damage to the data in the CIDR [37];
disruption of access to the CIDR [38];
denial of access to any person who is authorised to access the CIDR [39];
destruction, deletion or alteration of any information stored in any removable storage media or in the CIDR or diminishing its value or utility or affecting it injuriously by any means [40];
stealing, concealing, destroying or altering any computer source code used by the Authority with an intention to cause damage [41].

Further, unauthorized usage or tampering with the data in the CIDR or in any removable storage medium with the intent of modifying information relating to Aadhaar number holder or discovering any information thereof, is also punishable with imprisonment for a term which may extend to 3 years and also a fine which may extend to Rs. 10,000/- [42].

Accountability

Inspections and Audits: One of the functions listed in the powers and functions of the UIDAI is the power to call for information and records, conduct inspections, inquiries and audit of the operations of the CIDR, Registrars, enrolling agencies and other agencies appointed under the Aadhaar Act [43].

Grievance Redressal: Another function of the UIDAI is to set up facilitation centres and grievance redressal mechanisms for redressal of grievances of individuals, Registrars, enrolling agencies and other service providers [44]. It must be said here that considering the importance that the government has given to and intends to give to Aadhaar in the future, an essential task such as grievance redressal should not be left entirely to the discretion of the UIDAI and some grievance redressal mechanism should be incorporated into the Act itself.

Openness

There does not seem to be any provision in the Aadhaar Act which requires the UIDAI to make its privacy policies and procedure available to the public in general even though the UIDAI has the responsibility to maintain the security and confidentiality of the information.

Endnotes

[1] A resident is defined as any person who has resided in India for a period of atleasy 182 days in the previous 12 months.

[2] It has been specified that demographic information will not include race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history.

[3] Section 3(1) of the Aadhaar Act.

[4] Section 32(1) and 32(3) of the Aadhaar Act.

[5] Section 36 of the Aadhaar Act.

[6] Section 3(2) of the Aadhaar Act.

[7] Section 41 of the Aadhaar Act.

[8] Section 8(3) of the Aadhaar Act.

[9] Section 41 of the Aadhaar Act.

[10] Section 6 of the Aadhaar Act.

[11] Section 28, proviso of the Aadhaar Act.

[12] Core biometric information is defined as fingerprints, iris scan or other biological attributes which may be specified by regulations.

[13] Section 31 of the Aadhaar Act.

[14] Section 32(2) of the Aadhaar Act.

[15] Section 8(4) of the Aadhaar Act.

[16] Section 10 of the Aadhaar Act.

[17] Section 29(1) of the Aadhaar Act.

[18] Section 29(2) of the Aadhaar Act.

[19] Section 29(3)(b) of the Aadhaar Act.

[20] Section 29(4) of the Aadhaar Act.

[21] Section 28(5) of the Aadhaar Act.

[22] Section 33(1) of the Aadhaar Act.

[23] Section 33(2) of the Aadhaar Act.

[24] Section 37 of the Aadhaar Act.

[25] Section 38(a) of the Aadhaar Act.

[26] Section 38(b) of the Aadhaar Act.

[27] Section 8(2)(a) and (c) of the Aadhaar Act.

[28] For example, see: http://www.karnataka.gov.in/aadhaar/Downloads /Application%20form%20-%20English.pdf.

[29] Section 8(2)(b) of the Aadhaar Act.

[30] Section 29(3)(a) of the Aadhaar Act.

[31] Section 37 of the Aadhaar Act.

[32] Section 28(1), (2) and (3) of the Aadhaar Act.

[33] Section 28(4)(a) and (b) of the Aadhaar Act.

[34] Section 28(4)(c) of the Aadhaar Act.

[35] Section 30 of the Aadhaar Act.

[36] Section 38(c) of the Aadhaar Act.

[37] Section 38(d) of the Aadhaar Act.

[38] Section 38(e) of the Aadhaar Act.

[39] Section 38(f) of the Aadhaar Act.

[40] Section 38(h) of the Aadhaar Act.

[41] Section 38(i) of the Aadhaar Act.

[42] Section 39 of the Aadhaar Act.

[43] Section 23(2)(l) of the Aadhaar Act.

[44] Section 23(2)(s) of the Aadhaar Act.

For more details visit https://cis-india.org/internet-governance/blog/analysis-of-aadhaar-act-in-context-of-shah-committee-principles

An Urgent Need for the Right to Privacy

sumandro — 2016-03-17T07:40:12Z

Along with a group of individuals and organisations from academia and civil society, we have drafted and are signatories to an open letter addressed to the Union government and urging the same to "urgently take steps to uphold the constitutional basis to the right to privacy and fulfil it’s constitutional and international obligations." Here we publish the text of the open letter. Please follow the link below to support it by joining the signatories.

Read and sign the open letter.

Text of the Open Letter

As our everyday lives are conducted increasingly through electronic communications the necessity for privacy protections has also increased. While several countries across the globe have recognised this by furthering the right to privacy of their citizens the Union Government has adopted a regressive attitude towards this core civil liberty. We urge the Union Government to take urgent measures to safeguard the right to privacy in India.

Our concerns are based on a continuing pattern of disregard for the right to privacy by several governments in the past. This trend has increased as can be plainly viewed from the following developments.

In 2015, the Attorney General in the case of *K.S. Puttaswamy v. Union of India*, argued before the Hon’ble Supreme Court that there is no right to privacy under the Constitution of India. The Hon'ble Court was persuaded to re-examine the basis of the right to privacy upsetting 45 years of judicial precedent. This has thrown the constitutional right to privacy in doubt and the several judgements that have been given under it. This includes the 1997 PUCL Telephone Tapping judgement as well. We urge the Union Government to take whatever steps are necessary and urge the Supreme Court to hold that a right to privacy exists under the Constitution of India.

Recently Mr. Arun Jaitley, Minister for Finance introduced the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016. This bill was passed on March 11, 2016 in the middle of budget discussion on a short notice as a money bill in the Lok Sabha when only 73 of 545 members were present. Its timing and introduction as a money bill prevents necessary scrutiny given the large privacy risks that arise under it. This version of the bill was never put up for public consultation and is being rushed through without adequate discussion. Even substantively it fails to give accountable privacy safeguards while making Aadhaar mandatory for availing any government subsidy, benefit, or service.

We urge the Union Government to urgently take steps to uphold the constitutional basis to the right to privacy and fulfil it’s constitutional and international obligations. We encourage the Government to have extensive public discussions on the Aadhaar Bill before notifying it. We further call upon them to constitute a drafting committee with members of civil society to draft a comprehensive statute as suggested by the Justice A.P. Shah Committee Report of 2012.

Signatories:

Amber Sinha, the Centre for Internet and Society
Japreet Grewal, the Centre for Internet and Society
Joshita Pai, Centre for Communication Governance, National Law University
Raman Jit Singh Chima, Access Now
Sarvjeet Singh, Centre for Communication Governance, National Law University
Sumandro Chattapadhyay, the Centre for Internet and Society
Sunil Abraham, the Centre for Internet and Society
Vanya Rakesh, the Centre for Internet and Society

For more details visit https://cis-india.org/internet-governance/blog/an-urgent-need-for-the-right-to-privacy

Adoption of Standards in Smart Cities - Way Forward for India

vanya — 2016-04-11T03:04:46Z

With a paradigm shift towards the concept of “Smart Cities’ globally, as well as India, such cities have been defined by several international standardization bodies and countries, however, there is no uniform definition adopted globally. The glue that allows infrastructures to link and operate efficiently is standards as they make technologies interoperable and efficient.

Click here to download the full file

Globally, the pace of urbanization is increasing exponentially. The world’s urban population is projected to rise from 3.6 billion to 6.3 billion between 2011 and 2050. A solution for the same has been development of sustainable cities by improving efficiency and integrating infrastructure and services [1]. It has been estimated that during the next 20 years, 30 Indians will leave rural India for urban areas every minute, necessitating smart and sustainable cities to accommodate them [2]. The Smart Cities Mission of the Ministry of Urban Development was announced in the year 2014, followed by selection of 100 cities in the year 2015 and 20 of them being selected for the first Phase of the project in the year 2016. The Mission [3] lists the “core infrastructural elements” that a smart city would incorporate like adequate water supply, assured electricity, sanitation, efficient public transport, affordable housing (especially for the poor), robust IT connectivity and digitisation, e-governance and citizen participation, sustainable environment, safety and security for citizens, health and education.

With a paradigm shift towards the concept of “Smart Cities’ globally, as well as India, such cities have been defined by several international standardization bodies and countries, however, there is no uniform definition adopted globally. The envisioned modern and smart city promises delivery of high quality services to the citizens and will harness data capture and communication management technologies. The performance of such cities would be monitored on the basis of physical as well as the social structure comprising of smart approaches and solution to utilities and transport.

The glue that allows infrastructures to link and operate efficiently is standards as they make technologies interoperable and efficient. Interoperability is essential and to ensure smart integration of various systems in a smart city, internationally agreed standards that include technical specifications and classifications must be adhered to. Development of international standards ensure seamless interaction between components from different suppliers and technologies [4].

Standardized indicators within standards benefit smart cities in the following ways:

Effective governance and efficient delivery of services.
International and Local targets, benchmarking and planning.
Informed decision making and policy formulation.
Leverage for funding and recognition in international entities.
Transparency and open data for investment attractiveness.
A reliable foundation for use of big data and the information explosion to assist cities in building core knowledge for city decision-making, and enable comparative insight.

The adoption of standards for smart cities has been advocated across the world as they are perceived to be an effective tool to foster development of the cities. The Director of the ITU Telecommunication Standardization Bureau Chaesub Lee is of the view that “Smart cities will employ an abundance of technologies in the family of the Internet of Things (IoT) and standards will assist the harmonized implementation of IoT data and applications , contributing to effective horizontal integration of a city’s subsystems” [5].

Smart Cities standards in India

National Association of Software and Services Companies (NASSCOM) partnered with Accenture [6] to prepare a report called ‘Integrated ICT and Geospatial Technologies Framework for 100 Smart Cities Mission’ [7] to explore the role of ICT in developing smart cities [8], after the announcement of the Mission by Indian Government. The report, released in May 2015, lists down 55 global standards, keeping in view several city sub-systems like urban planning, transport, governance, energy, climate and pollution management, etc which could be applicable to the smart cities in India.

Though NASSCOM is working closely with the Ministry of Urban Development to create a sustainable model for smart cities [9], due to lack of regulatory standards for smart cities, the Bureau of Indian Standards (BIS) in India has undertaken the task to formulate standardised guidelines for central and state authorities in planning, design and construction of smart cities by setting up a technical committee under the Civil engineering department of the Bureau. However, adoption of the standards by implementing agencies would be voluntary and intends to complement internationally available documents in this area [10].

Developing national standards in line with these international standards would enable interoperability (i.e. devices and systems working together) and provide a roadmap to address key issues like data protection, privacy and other inherent risks in the digital delivery and use of public services in the envisioned smart cities, which call for comprehensive data management standards in India to instill public confidence and trust [11].

Key International Smart Cities Standards

Following are the key internationally accepted and recognized Smart Cities standards developed by leading organisations and the national standardization bodies of several countries that India could adopt or develop national standards in line with these.

The International Organization for Standardization (ISO) - Smart Cities Standards

ISO is an instrumental body advocating and developing for smart cities to safeguard rights of the people against a liveable and sustainable environment. The ISO Smart Cities Strategic Advisory Group uses the following working definition: A ‘Smart City’ is one that dramatically increases the pace at which it improves its social, economic and environmental (sustainability) outcomes, responding to challenges such as climate change, rapid population growth, and political and economic instability by fundamentally improving how it engages society, how it applies collaborative leadership methods, how it works across disciplines and city systems, and how it uses data information and modern technologies in order to transform services and quality of life for those in and involved with the city (residents, businesses, visitors), now and for the foreseeable future, without unfair disadvantage of others or degradation of the natural environment. [For details see ISO/TMB Smart Cities Strategic Advisory Group Final Report, September 2015 ( ISO Definition, June 2015)].

The ISO Technical Committee 268 works on standardization in the field of Sustainable Development in Communities [12] to encourage the development and implementation of holistic, cross-sector and area-based approaches to sustainable development in communities. The Committee comprises of 3 Working Groups [13]:

Working Group 1: System Management ISO 37101- This standard sets requirements, guidance and supporting techniques for sustainable development in communities. It is designed to help all kinds of communities manage their sustainability, smartness and resilience to improve the contribution of communities to sustainable development and assess their performance in this area [14].
Working Group 2 : City Indicators- The key Smart Cities Standards developed by ISO TC 268 WG 2 (City Indicators) are:

ISO 37120 Sustainable Development of Communities — Indicators for City Services and Quality of Life

One of the key standards and an important step in this regard was ISO 37120:2014 under the ISO’s Technical Committee 268 (See Working on Standardization in the field of Sustainable Development in Communities) providing clearly defined city performance indicators (divided into core and supporting indicators) as a benchmark for city services and quality of life, along with a standard approach for measuring each for city leaders and citizens [15]. The standard is global in scope and can help cities prioritize city budgets, improve operational transparency, support open data and applications [16]. It follows the principles [17] set out and can be used in conjunction with ISO 37101.

ISO 37120 was the first ISO Standard on Global City Indicators published in the year 2014, developed on the basis of a set of indicators developed and extensively tested by the Global City Indicators Facility (a project by University of Toronto) and its 250+ member cities globally. GCIF is committed to build standardized city indicators for performance management including a database of comparable statistics that allow cities to track their effectiveness on everything from planning and economic growth to transportation, safety and education [18].

The World Council on City Data (WCCD) [19] - a sister organization of the GCI/GCIF - was established in the year 2014 to operationalize ISO 37120 across cities globally. The standards encompasses 100 indicators developed around 17 themes to support city services and quality of life, and is accessible through the WCCD Open City Data Portal which allows for cutting-edge visualizations and comparisons. Indian cities are not yet listed with WCCD [20].

The indicators are listed under the following heads [21]:

Economy
Education
Environment
Energy
Finance
Fire and Emergency Responses
Governance
Health
Safety
Shelter
Recreation
Solid Waste
Telecommunication and innovation
Transportation
Urban Planning
Waste water
Water and Sanitation

This International Standard is applicable to any city, municipality or local government that undertakes to measure its performance in a comparable and verifiable manner, irrespective of size and location or level of development. City indicators have the potential to be used as critical tools for city managers, politicians, researchers, business leaders, planners, designers and other professionals [22]. The WCCD forum highlights need for cities to have a set of globally standardized indicators to [23]:

Manage and make informed decisions through data analysis
Benchmark and target
Leverage Funding with senior levels of government
Plan and establish new frameworks for sustainable urban development
Evaluate the impact of infrastructure projects on the overall performance of a city.

ISO/DTR 37121- Inventory and Review of Existing Indicators on Sustainable Development and Resilience in Cities

The second standard under ISO TC 268 WG 2 is ISO 37121, which defines additional indicators related to sustainable development and resilience in cities. Some of the indicators include: Smart Cities, Smart Grid, Economic Resilience, Green Buildings, Political Resilience, Protection of biodiversity, etc. The complete list can be viewed on the Resilient Cities website [24].

Working Group 3: Terminology - There are no publicly available documents so far, giving details about the status of the activities of this group. The ISO Technical Committee 268 also includes Sub Committee 1 (Smart Community Infrastructure) [25], comprising of the following Working Groups: 1) WG 1 Infrastructure metrics, and 2) WG 2 Smart Community Infrastructure.

The key Smart Cities Standards developed by ISO under this are:

ISO 37151:2015 Smart community infrastructures — Principles and Requirements for Performance Metrics
In the year 2015, a new ISO technical specification for smart cities- 37151:2015 for Principles and requirements for performance metrics was released. The purpose of standardization in the field of smart community infrastructures such as energy, water, transportation, waste, information and communications technology (ICT), etc. is to promote the international trade of community infrastructure products and services and improve sustainability in communities by establishing harmonized product standards [26]. The metrics in this standard will support city and community managers in planning and measuring performance, and also compare and select procurement proposals for products and services geared at improving community infrastructures [27].
This Technical Specification gives principles and specifies requirements for the definition,identification, optimization, and harmonization of community infrastructure performance metrics, and gives recommendations for analysis, regarding interoperability, safety, security of community infrastructures [28]. This new Technical Specification supports the use of the ISO 37120 [29].
ISO/TR 37150:2014 Smart Community Infrastructures - Review of Existing Activities Relevant to Metrics
This standard addresses community infrastructures such as energy, water, transportation, waste and information and communications technology (ICT). Smart community infrastructures take into consideration environmental impact, economic efficiency and quality of life by using information and communications technology (ICT) and renewable energies to achieve integrated management and optimized control of infrastructures. Integrating smart community infrastructures for a community helps improve the lifestyles of its citizens by, for example: reducing costs, increasing mobility and accessibility, and reducing environmental pollutants.
ISO/TR 37150 reviews relevant metrics for smart community infrastructures and provides stakeholders with a better understanding of the smart community infrastructures available around the world to help promote international trade of community infrastructure products and give information about leading-edge technologies to improve sustainability in communities [30]. This standard, along with the above mentioned standards [31] supports the multi-billion dollar smart cities technology industry.

Several other ISO Working Groups developing standards applicable to smart and sustainable cities have been listed in our website [32].

The International Telecommunications Union (ITU)

The ITU is another global body working on development of standards regarding smart cities.

A study group was formed in the year 2015 to tackle standardization requirements for the Internet of Things, with an initial focus on IoT applications in smart cities to address urban development challenges [33], to enable the coordinated development of IoT technologies, including machine-to-machine communications and ubiquitous sensor networks. The group is titled “ITU-T Study Group 20: IoT and its applications, including smart cities and communities”, established to develop standards that leverage IoT technologies to address urban-development challenges and the mechanisms for the interoperability of IoT applications and datasets employed by various vertically oriented industry sectors [34].

ITU-T also concluded a focused study group looking at smart sustainable cities in May 2015, acting as an open platform for smart city stakeholders to exchange knowledge in the interests of identifying the standardized frameworks needed to support the integration of ICT services in smart cities. Its parent group is ITU-T Study Group 5, which has agreed on the following definition of a Smart Sustainable City:
"A smart sustainable city is an innovative city that uses information and communication technologies (ICTs) and other means to improve quality of life, efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social, environmental as well as cultural aspects".

UK - British Standards Institution

Apart from the global standards setting organisations, many countries have been looking at developing standards to address the growth of smart cities across the globe. In the UK, the British Standards Institution (BSI) has been commissioned by the UK Department of Business, Innovation and Skills (BIS) to conceive a Smart Cities Standards Strategy to identify vectors of smart city development where standards are needed. The standards would be developed through a consensus-driven process under the BSI to ensure good practise is shared between all the actors. The BIS launched the City's Standards Institute to bring together cities and key industry leaders and innovators to work together in identifying the challenges facing cities, providing solutions to common problems and defining the future of smart city standards [35].

PAS 181 Smart city framework- Guide to establishing strategies for smart cities and communities establishes a good practice framework for city leaders to develop, agree and deliver smart city strategies that can help transform their city’s ability to meet challenges faced in the future and meet the goals. The smart city framework (SCF) does not intend to describe a one-size-fits-all model for the future of UK cities but focuses on the enabling processes by which the innovative use of technology and data, together with organizational change, can help deliver the diverse visions for future UK cities in more efficient, effective and sustainable ways [36].
PD 8101 Smart cities- Guide to the role of the planning and development process gives guidance regarding planning for new development for smart city plans and provides an overview of the key issues to be considered and prioritized. The document is for use by local authority planning and regeneration officers to identify good practice in a UK context, and what tools they could use to implement this good practice. This aims to enable new developments to be built in a way that will support smart city aspirations at minimal cost [37].
PAS 182 Smart city concept model. Guide to establishing a model for data establishes an interoperability framework and data-sharing between agencies for smart cities for the following purposes:
1. To have a city where information can be shared and understood between organizations and people at each level
2. The derivation of data in each layer can be linked back to data in the previous layer
3. The impact of a decision can be observed back in operational data. The smart city concept model (SCCM) provides a framework that can normalize and classify information from many sources so that data sets can be discovered and combined to gain a better picture of the needs and behaviours of a city’s citizens (residents and businesses) to help identify issues and devise solutions. PAS 182 is aimed at organizations that provide services to communities in cities, and manage the resulting data, as well as decision-makers and policy developers in cities [38].
PAS 180 Smart cities Vocabulary helps build a strong foundation for future standardization and good practices by providing an industry-agreed understanding of smart city terms and definitions to be used in the UK. It provides a working definition of a Smart City- “Smart Cities” is a term denoting the effective integration of physical, digital and human systems in the built environment to deliver a sustainable, prosperous and inclusive future for its citizens [39]. This aims to help improve communication and understanding of smart cities by providing a common language for developers, designers, manufacturers and clients. The standard also defines smart city concepts across different infrastructure and systems’ elements used across all service delivery channels and is intended for city authorities and planners, buyers of smart city services and solutions [40], as well as product and service providers.

Endnotes

[1] See: http://www.iec.ch/whitepaper/pdf/iecWP-smartcities-LR-en.pdf.

[2] See: http://www.ibm.com/smarterplanet/in/en/sustainable_cities/ideas/.

[3] See: http://www.thehindubusinessline.com/economy/smart-cities-mission-welcome-to-tomorrows-world/article8163690.ece.

[4] See: http://www.iec.ch/whitepaper/pdf/iecWP-smartcities-LR-en.pdf.

[5] See: http://www.iso.org/iso/news.htm?refid=Ref2042.

[6] See: http://www.livemint.com/Companies/5Twmf8dUutLsJceegZ7I9K/Nasscom-partners-Accenture-to-form-ICT-framework-for-smart-c.html.

[7] See: http://www.nasscom.in/integrated-ict-and-geospatial-technologies-framework-100-smart-cities-mission.

[8] See: http://www.cxotoday.com/story/nasscom-creates-framework-for-smart-cities-project/.

[9] See: http://www.livemint.com/Companies/5Twmf8dUutLsJceegZ7I9K/Nasscom-partners-Accenture-to-form-ICT-framework-for-smart-c.html.

[10] See: http://www.business-standard.com/article/economy-policy/in-a-first-bis-to-come-up-with-standards-for-smart-cities-115060400931_1.html.

[11] See: http://www.longfinance.net/groups7/viewdiscussion/72-financing-financing-tomorrow-s-cities-how-standards-can-support-the-development-of-smart-cities.html?groupid=3.

[12] See: http://www.iso.org/iso/iso_technical_committee?commid=656906.

[13] See: http://cityminded.org/wp-content/uploads/2014/11/Patricia_McCarney_PDF.pdf.

[14] See: http://www.iso.org/iso/news.htm?refid=Ref1877.

[15] See: http://smartcitiescouncil.com/article/new-iso-standard-gives-cities-common-performance-yardstick.

[16] See: http://smartcitiescouncil.com/article/dissecting-iso-37120-why-new-smart-city-standard-good-news-cities.

[17] See: http://www.iso.org/iso/catalogue_detail?csnumber=62436.

[18] See: http://www.cityindicators.org/.

[19] See: http://www.dataforcities.org/.

[20] See: http://news.dataforcities.org/2015/12/world-council-on-city-data-and-hatch.html.

[21] See: http://news.dataforcities.org/2015/12/world-council-on-city-data-and-hatch.html.

[22] See: http://www.iso.org/iso/37120_briefing_note.pdf.

[23] See: http://www.dataforcities.org/wccd/.

[24] See: http://resilient-cities.iclei.org/fileadmin/sites/resilient-cities/files/Webinar_Series/HERNANDEZ_-_ICLEI_Resilient_Cities_Webinar__FINAL_.pdf.

[25] See: http://www.iso.org/iso/iso_technical_committee?commid=656967.

[26] See: https://www.iso.org/obp/ui/#iso:std:iso:ts:37151:ed-1:v1:en.

[27] See: http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref2001&utm_medium=email&utm_campaign=ISO+Newsletter+November&utm_content=ISO+Newsletter+November+CID_4182720c31ca2e71fa93d7c1f1e66e2f&utm_source=Email%20marketing%20software&utm_term=Read%20more.

[28] See: http://www.iso.org/iso/37120_briefing_note.pdf.

[29] See: http://standardsforum.com/isots-37151-smart-cities-metrics/.

[30] See: http://www.iso.org/iso/executive_summary_iso_37150.pdf.

[31] See: http://standardsforum.com/isots-37151-smart-cities-metrics/.

[32] See: http://cis-india.org/internet-governance/blog/database-on-big-data-and-smart-cities-international-standards.

[33] See: http://smartcitiescouncil.com/article/itu-takes-internet-things-standards-smart-cities.

[34] See: https://www.itu.int/net/pressoffice/press_releases/2015/22.aspx.

[35] See: http://www.bsigroup.com/en-GB/smart-cities/.

[36] See: http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-181-smart-cities-framework/.

[37] See: http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PD-8101-smart-cities-planning-guidelines/.

[38] See: http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-182-smart-cities-data-concept-model/.

[39] See: http://www.iso.org/iso/smart_cities_report-jtc1.pdf.

[40] See: http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-180-smart-cities-terminology/.

For more details visit https://cis-india.org/internet-governance/blog/adoption-of-standards-in-smart-cities-way-forward-for-india

Aadhaar Bill 2016 Evaluated against the National Privacy Principles

Pooja Saxena and Amber Sinha — 2016-03-21T08:38:34Z

In this infographic, we evaluate the privacy provisions of the Aadhaar Bill 2016 against the national privacy principles developed by the Group of Experts on Privacy led by the Former Chief Justice A.P. Shah in 2012. The infographic is based on Vipul Kharbanda’s article 'Analysis of Aadhaar Act in the Context of A.P. Shah Committee Principles,' and is designed by Pooja Saxena, with inputs from Amber Sinha.

Download the infographic: PDF and PNG.

License: It is shared under Creative Commons Attribution 4.0 International License.

For more details visit https://cis-india.org/internet-governance/aadhaar-bill-2016-evaluated-against-the-national-privacy-principles

Aadhaar Bill 2016 & NIAI Bill 2010 - Comparing the Texts

sumandro — 2016-03-09T11:25:01Z

This is a quick comparison of the texts of the Aadhaar Bill 2016 and the National Identification Authority of India Bill 2010. The new sections in the former are highlighed, and the deleted sections (that were part of the latter) are struck out.

Source: http://cis-india.github.io/aadhaar-bill-2016/

For more details visit https://cis-india.org/internet-governance/blog/aadhaar-bill-2016-niai-bill-2010-text-comparison

A Review of the Policy Debate around Big Data and Internet of Things

elonnai — 2015-08-17T08:36:18Z

This blog post seeks to review and understand how regulators and experts across jurisdictions are reacting to Big Data and Internet of Things (IoT) from a policy perspective.

Defining and Connecting Big Data and Internet of Things

The Internet of Things is a term that refers to networked objects and systems that can connect to the internet and can transmit and receive data. Characteristics of IoT include the gathering of information through sensors, the automation of functions, and analysis of collected data.[1] For IoT devices, because of the velocity at which data is generated, the volume of data that is generated, and the variety of data generated by different sources [2] - IoT devices can be understood as generating Big Data and/or relying on Big Data analytics. In this way IoT devices and Big Data are intrinsically interconnected.

General Implications of Big Data and Internet of Things

Big Data paradigms are being adopted across countries, governments, and business sectors because of the potential insights and change that it can bring. From improving an organizations business model, facilitating urban development, allowing for targeted and individualized services, and enabling the prediction of certain events or actions - the application of Big Data has been recognized as having the potential to bring about dramatic and large scale changes.

At the same time, experts have identified risks to the individual that can be associated with the generation, analysis, and use of Big Data. In May 2014, the White House of the United States completed a ninety day study of how big data will change everyday life. The Report highlights the potential of Big Data as well as identifying a number of concerns associated with Big Data. For example: the selling of personal data, identification or re-identification of individuals, profiling of individuals, creation and exacerbation of information asymmetries, unfair, discriminating, biased, and incorrect decisions based on Big Data analytics, and lack of or misinformed user consent.[3] Errors in Big Data analytics that experts have identified include statistical fallacies, human bias, translation errors, and data errors.[4] Experts have also discussed fundamental changes that Big Data can bring about. For example, Danah Boyd and Kate Crawford in the article "Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon" propose that Big Data can change the definition of knowledge and shape the reality it measures.[5] Similarly, a BSC/Oxford Internet Institute conference report titled " The Societal Impact of the Internet of Things" points out that often users of Big Data assume that information and conclusions based on digital data is reliable and in turn replace other forms of information with digital data.[6]

Concerns that have been voiced by the Article 29 Working Party and others specifically about IoT devices have included insufficient security features built into devices such as encryption, the reliance of the devices on wireless communications, data loss from infection by malware or hacking, unauthorized access and use of personal data, function creep resulting from multiple IoT devices being used together, and unlawful surveillance.[7]

Regulation of Big Data and Internet of Things

The regulation of Big Data and IoT is currently being debated in contexts such as the US and the EU. Academics, civil society, and regulators are exploring questions around the adequacy of present regulation and overseeing frameworks to address changes brought about Big Data, and if not - what forms of or changes in regulation are needed? For example, Kate Crawford and Jason Shultz in the article "Big Data and Due Process: Towards a Framework to Redress Predictive Privacy Harms"stress the importance of bringing in 'data due process rights' i.e ensuring fairness in the analytics of Big Data and how personal information is used.[8] While Solon Barocas and Andrew Selbst in the article "Big Data's Disparate Impact" explore if present anti-discrimination legislation and jurisprudence in the US is adequate to protect against discrimination arising from Big Data practices - specifically data mining.[9]

The Impact of Big Data and IoT on Data Protection Principles

In the context of data protection, various government bodies, including the Article 29 Data Protection Working Party set up under the Directive 95/46/EC of the European Parliament, the Council of Europe, the European Commission, and the Federal Trade Commission, as well as experts and academics in the field, have called out at least ten different data protection principles and concepts that Big Data impacts:

Collection Limitation: As a result of the generation of Big Data as enabled by networked devices, increased capabilities to analyze Big Data, and the prevalent use of networked systems - the principle of collection limitation is changing.[10]
Consent: As a result of the use of data from a wide variety of sources and the re-use of data which is inherent in Big Data practices - notions of informed consent (initial and secondary) are changing.[11]
Data Minimization: As a result of Big Data practices inherently utilizing all data possible - the principle of data minimization is changing/obsolete.[12]
Notice: As a result of Big Data practices relying on vast amounts of data from numerous sources and the re-use of that data - the principle of notice is changing.[13]
Purpose Limitation: As a result of Big Data practices re-using data for multiple purposes - the principle of purpose limitation is changing/obsolete.[14]
Necessity: As a result of Big Data practices re-using data, the new use or re-analysis of data may not be pertinent to the purpose that was initially specified- thus the principle of necessity is changing.[15]
Access and Correction: As a result of Big Data being generated (and sometimes published) at scale and in real time - the principle of user access and correction is changing.[16]
Opt In and Opt Out Choices: Particularly in the context of smart cities and IoT which collect data on a real time basis, often without the knowledge of the individual, and for the provision of a service - it may not be easy or possible for individuals to opt in or out of the collection of their data.[17]
PI: As a result of Big Data analytics using and analyzing a wide variety of data, new or unexpected forms of personal data may be generated - thus challenging and evolving beyond traditional or specified definitions of personal information.[18]
Data Controller: In the context of IoT, given the multitude of actors that can collect, use and process data generated by networked devices, the traditional understanding of what and who is a data controller is changing.[19]

Possible Technical and Policy Solutions

In a Report titled "Internet of Things: Privacy & Security in a Connected World" by the Federal Trade Commission in the United States it was noted that though IoT changes the application and understanding of certain privacy principles, it does not necessarily make them obsolete.[20] Indeed many possible solutions that have been suggested to address the challenges posed by IoT and Big Data are technical interventions at the device level rather than fundamental policy changes. For example it has been proposed that IoT devices can be programmed to:

Automatically delete data after a specified period of time [21] (addressing concerns of data retention)
Ensure that personal data is not fed into centralized databases on an automatic basis [22] (addressing concerns of transfer and sharing without consent, function creep, and data breach)
Offer consumers combined choices for consent rather than requiring a one time blanket consent at the time of initiating a service or taking fresh consent for every change that takes place while a consumer is using a service. [23] (addressing concerns of informed and meaningful consent)
Categorize and tag data with accepted uses and programme automated processes to flag when data is misused. [24] (addressing concerns of misuse of data)
Apply 'sticky policies' - policies that are attached to data and define appropriate uses of the data as it 'changes hands' [25] (addressing concerns of user control of data)
Allow for features to only be turned on with consent from the user [26] (addressing concerns of informed consent and collection without the consent or knowledge of the user)
Automatically convert raw personal data to aggregated data [27] (addressing concerns of misuse of personal data and function creep)
Offer users the option to delete or turn off sensors [28] (addressing concerns of user choice, control, and consent)

Such solutions place the designers and manufacturers of IoT devices in a critical role. Yet some, such as Kate Crawford and Jason Shultz are not entirely optimistic about the possibility of effective technological solutions - noting in the context of automated decision making that it is difficult to build in privacy protections as it is unclear when an algorithm will predict personal information about an individual.[29]

Experts have also suggested that more emphasis should be placed on the principles and practices of:

Transparency,
Access and correction,
Use/misuse
Breach notification
Remedy
Ability to withdraw consent

Others have recommended that certain privacy principles need to be adapted to the Big Data/IoT context. For example, the Article 29 Working Party has clarified that in the context of IoT, consent mechanisms need to include the types of data collected, the frequency of data collection, as well as conditions for data collection.[30] While the Federal Trade Commission has warned that adopting a pure "use" based model has its limitations as it requires a clear (and potentially changing) definition of what use is acceptable and what use is not acceptable, and it does not address concerns around the collection of sensitive personal information.[31] In addition to the above, the European Commission has stressed that the right of deletion, the right to be forgotten, and data portability also need to be foundations of IoT systems and devices.[32]

Possible Regulatory Frameworks

To the question - are current regulatory frameworks adequate and is additional legislation needed, the FTC has recommended that though a specific IoT legislation may not be necessary, a horizontal privacy legislation would be useful as sectoral legislation does not always account for the use, sharing, and reuse of data across sectors. The FTC also highlighted the usefulness of privacy impact assessments and self regulatory steps to ensure privacy.[33] The European Commission on the other hand has concluded that to ensure enforcement of any standard or protocol - hard legal instruments are necessary.[34] As mentioned earlier, Kate Crawford and Jason Shultz have argued that privacy regulation needs to move away from principles on collection, specific use, disclosure, notice etc. and focus on elements of due process around the use of Big Data - as they say "procedural data due process". Such due process should be based on values instead of defined procedures and should include at the minimum notice, hearing before an independent arbitrator, and the right to review. Crawford and Shultz more broadly note that there are conceptual differences between privacy law and big data that pose as serious challenges i.e privacy law is based on causality while big data is a tool of correlation. This difference raises questions about how effective regulation that identifies certain types of information and then seeks to control the use, collection, and disclosure of such information will be in the context of Big Data – something that is varied and dynamic. According to Crawford and Shultz many regulatory frameworks will struggle with this difference – including the FTC's Fair Information Privacy Principles and the EU regulation including the EU's right to be forgotten.[35] The European Data Protection Supervisor on the other hand looks at Big Data as spanning the policy areas of data protection, competition, and consumer protection – particularly in the context of 'free' services. The Supervisor argues that these three areas need to come together to develop ways in which the challenges of Big Data can be addressed. For example, remedy could take the form of data portability – ensuring users the ability to move their data to other service providers empowering individuals and promoting competitive market structures or adopting a 'compare and forget' approach to data retention of customer data. The Supervisor also stresses the need to promote and treat privacy as a competitive advantage, thus placing importance on consumer choice, consent, and transparency.[36] The European Data Protection reform has been under discussion and it is predicted to be enacted by the end of 2015. The reform will apply across European States and all companies operating in Europe. The reform proposes heavier penalties for data breaches, seeks to provide users with more control of their data.[37] Additionally, Europe is considering bringing digital platforms under the Network and Information Security Directive – thus treating companies like Google and Facebook as well as cloud providers and service providers as a critical sector. Such a move would require companies to adopt stronger security practices and report breaches to authorities.[38]

Conclusion

A review of the different opinions and reactions from experts and policy makers demonstrates the ways in which Big Data and IoT are changing traditional forms of protection that governments and societies have developed to protect personal data as it increases in value and importance. While some policy makers believe that big data needs strong legislative regulation and others believe that softer forms of regulation such as self or co-regulation are more appropriate, what is clear is that Big Data is either creating a regulatory dilemma– with policy makers searching for ways to control the unpredictable nature of big data through policy and technology through the merging of policy areas, the honing of existing policy mechanisms, or the broadening of existing policy mechanisms - while others are ignoring the change that Big Data brings with it and are forging ahead with its use.

Answering the 'how do we regulate Big Data” question requires re-conceptualization of data ownership and realities. Governments need to first recognize the criticality of their data and the data of their citizens/residents, as well as the contribution to a country's economy and security that this data plays. With the technologies available now, and in the pipeline, data can be used or misused in ways that will have vast repercussions for individuals, society, and a nation. All data, but especially data directly or indirectly related to citizens and residents of a country, needs to be looked upon as owned by the citizens and the nation. In this way, data should be seen as a part of critical national infrastructure of a nation, and accorded the security, protections, and legal backing thereof to prevent the misuse of the resource by the private or public sectors, local or foreign governments. This could allow for local data warehousing and bring physical and access security of data warehouses on par with other critical national infrastructure. Recognizing data as a critical resource answers in part the concern that experts have raised – that Big Data practices make it impossible for data to be categorized as personal and thus afforded specified forms of protection due to the unpredictable nature of big data. Instead – all data is now recognized as critical.

In addition to being able to generate personal data from anonymized or non-identifiable data, big data also challenges traditional divisions of public vs. private data. Indeed Big Data analytics can take many public data points and derive a private conclusion. The use of Big Data analytics on public data also raises questions of consent. For example, though a license plate is public information – should a company be allowed to harvest license plate numbers, combine this with location, and sell this information to different interested actors? This is currently happening in the United States.[39] Lastly, Big Data raises questions of ownership. A solution to the uncertainty of public vs. private data and associated consent and ownership could be the creation a National Data Archive with such data. The archive could function with representation from the government, public and private companies, and civil society on the board. In such a framework, for example, companies like Airtel would provide mobile services, but the CDRs and customer data collected by the company would belong to the National Data Archive and be available to Airtel and all other companies within a certain scope for use. This 'open data' approach could enable innovation through the use of data but within the ambit of national security and concerns of citizens – a framework that could instill trust in consumers and citizens. Only when backed with strong security requirements, enforcement mechanisms and a proactive, responsive and responsible framework can governments begin to think about ways in which Big Data can be harnessed.

[1] BCS - The Chartered Institute for IT. (2013). The Societal Impact of the Internet of Things. Retrieved May 17, 2015, from http://www.bcs.org/upload/pdf/societal-impact-report-feb13.pdf

[2] Sicular, S. (2013, March 27). Gartner’s Big Data Definition Consists of Three Parts, Not to Be Confused with Three “V”s. Retrieved May 20, 2015, from http://www.forbes.com/sites/gartnergroup/2013/03/27/gartners-big-data-definition-consists-of-three-parts-not-to-be-confused-with-three-vs/

[3] Executive Office of the President. “Big Data: Seizing Opportunities, Preserving Values”. May 2014. Available at: https://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_5.1.14_final_print.pdf. Accessed: July 2^nd 2015.

[4] Moses, B., Lyria, & Chan, J. (2014). Using Big Data for Legal and Law Enforcement Decisions: Testing the New Tools (SSRN Scholarly Paper No. ID 2513564). Rochester, NY: Social Science Research Network. Retrieved from http://papers.ssrn.com/abstract=2513564

[5] Danah Boyd, Kate Crawford. CRITICAL QUESTIONS FOR BIG DATA. Information, Communication & Society Vol. 15, Iss. 5, 2012. Available at: http://www.tandfonline.com/doi/full/10.1080/1369118X.2012.678878. Accessed: July 2^nd 2015.

[6] The Chartered Institute for IT, Oxford Internet Institute, University of Oxford. “The Societal Impact of the Internet of Things” February 2013. Available at: http://www.bcs.org/upload/pdf/societal-impact-report-feb13.pdf. Accessed: July 2^nd 2015.

[7] ARTICLE 29 Data Protection Working Party. (2014). Opinion 8/2014 on the on Recent Developments on the Internet of Things. European Commission. Retrieved May 20, 2015, from http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf

[8] Crawford, K., & Schultz, J. (2013). Big Data and Due Process: Toward a Framework to Redress Predictive Privacy Harms (SSRN Scholarly Paper No. ID 2325784). Rochester, NY: Social Science Research Network. Retrieved from http://papers.ssrn.com/abstract=2325784

[9] Barocas, S., & Selbst, A. D. (2015). Big Data’s Disparate Impact (SSRN Scholarly Paper No. ID 2477899). Rochester, NY: Social Science Research Network. Retrieved from http://papers.ssrn.com/abstract=2477899

[10] Barocas, S., & Selbst, A. D. (2015). Big Data’s Disparate Impact (SSRN Scholarly Paper No. ID 2477899). Rochester, NY: Social Science Research Network. Retrieved from http://papers.ssrn.com/abstract=2477899

[11] Article 29 Data Protection Working Party. “Opinion 8/2014 on the on Recent Developments on the Internet of Things”. September 16^th 2014. Available at: h ttp://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[12] Tene, O., & Polonetsky, J. (2013). Big Data for All: Privacy and User Control in the Age of Analytics. Northwestern Journal of Technology and Intellectual Property, 11(5), 239.

[13] Omer Tene and Jules Polonetsky, Big Data for All: Privacy and User Control in the Age of Analytics, 11 Nw. J. Tech. & Intell. Prop. 239 (2013).

[14] Article 29 Data Protection Working Party. “Opinion 8/2014 on the on Recent Developments on the Internet of Things”. September 16^th 2014. Available at: h ttp://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[15] Information Commissioner's Office. (2014). Big Data and Data Protection. Infomation Commissioner's Office. Retrieved May 20, 2015, from https://ico.org.uk/media/for-organisations/documents/1541/big-data-and-data-protection.pdf

[16] Article 29 Data Protection Working Party. “Opinion 8/2014 on the on Recent Developments on the Internet of Things”. September 16^th 2014. Available at: h ttp://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[17] The Chartered Institute for IT and Oxford Internet Institute, University of Oxford. “The Societal Impact of the Internet of Things”. February 14^th 2013. Available at: http://www.bcs.org/upload/pdf/societal-impact-report-feb13.pdf. Accessed: July 2^nd 2015.

[18] Kate Crawford and Jason Shultz, “Big Data and Due Process: Towards a Framework to Redress Predictive Privacy Harms”. Boston College Law Review, Volume 55, Issue 1, Article 4. January 1st 2014. Available at: http://lawdigitalcommons.bc.edu/cgi/viewcontent.cgi?article=3351&context=bclr. Accessed: July 2nd 2015.

[19] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2nd 2015.

[20] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commision. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[21] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commision. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[22] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commision. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[23] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commision. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[24] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commision. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[25] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[26] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[27] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[28] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[29] Kate Crawford and Jason Shultz, “Big Data and Due Process: Towards a Framework to Redress Predictive Privacy Harms”. Boston College Law Review, Volume 55, Issue 1, Article 4. January 1st 2014. Available at: http://lawdigitalcommons.bc.edu/cgi/viewcontent.cgi?article=3351&context=bclr. Accessed: July 2nd 2015.

[30] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[31] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commission. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[32] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[33] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commission. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[34] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[35] Kate Crawford and Jason Shultz, “Big Data and Due Process: Towards a Framework to Redress Predictive Privacy Harms”. Boston College Law Review, Volume 55, Issue 1, Article 4. January 1^st 2014. Available at: http://lawdigitalcommons.bc.edu/cgi/viewcontent.cgi?article=3351&context=bclr. Accessed: July 2^nd 2015.

[36] European Data Protection Supervisor. Preliminary Opinion of the European Data Protection Supervisor, Privacy and competitiveness in the age of big data: the interplay between data protection, competition law and consumer protection in the Digital Economy. March 2014. Available at: https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2014/14-03-26_competitition_law_big_data_EN.pdf

[37] SC Magazine. Harmonised EU data protection and fines by the end of the year. June 25^th 2015. Available at: http://www.scmagazineuk.com/harmonised-eu-data-protection-and-fines-by-the-end-of-the-year/article/422740/. Accessed: August 8^th 2015.

[38] Tom Jowitt, “Digital Platforms to be Included in EU Cybersecurity Law”. TechWeek Europe. August 7^th 2015. Available at: http://www.techweekeurope.co.uk/e-regulation/digital-platforms-eu-cybersecuity-law-174415

[39] Adam Tanner. Data Brokers are now Selling Your Car's Location for $10 Online. July 10^th 2013. Available at: http://www.forbes.com/sites/adamtanner/2013/07/10/data-broker-offers-new-service-showing-where-they-have-spotted-your-car/

For more details visit https://cis-india.org/internet-governance/blog/review-of-policy-debate-around-big-data-and-internet-of-things

Centre for Internet and Society

Big Data in Governance in India: Case Studies

Introduction

What is Big Data

Computational Challenges

Data Characteristics

Qualitative Attributes

Patterns and Inferences

Big Data Governance Frameworks for 'Data Revolution for Sustainable Development'

1. What are the Sustainable Development Goals?

Source: UN Data Revolution Group, A World that Counts, 2014, p.12.

2. The Need for a Data Revolution

Source: UN, Sustainable Development Goals.

3. Big Data: Characteristics and Use for Development

3.1. Characteristics of Big Data

3.2. Using Big Data for Development

4. Sustainable Development and Data Rights

5. Governance Frameworks Proposed

5.1. UN Sustainable Development Solutions Network

Schematic illustration with explanation of the indicators for national, regional, global, and thematic monitoring.Source: UN Sustainable Development Solutions Network, Indicators and a Monitoring Framework for the Sustainable Development Goals: Launching a Data Revolution for the SDGs, 2015, p.3.

5.2. The UN DATA Revolution Group

5.3. Organization for Economic Co-Operation and Development (OECD)

5.4. The Global Partnership for Sustainable Development of Data

5.5. The World Economic Forum (WEF)

World Economic Forum - Diagram on Data Commons. Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.4.

World Economic Forum - Diagram on Global Coordination. Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.7.

5.6. Dr. Julia Lane - A Quadruple Data Helix

5.7. Data-Pop Alliance

6. Conclusion

7. Endnotes

8. Author Profile

Big Data for governance

Let’s take a look at some Big Data based initiatives underway according to analyticsindiamag:

What’s the big picture?

Big Data and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011

Conclusion

Big Data and Reproductive Health in India: A Case Study of the Mother and Child Tracking System

Case study: Download (PDF)

Introduction

Big Data and Positive Social Change in the Developing World: A White Paper for Practitioners and Researchers

Summary

Big Data and Governance in India

Background Note

Agenda

Detailed Agenda

Digital India

Big Data and Smart Cities

Benefits, Harms, Rights and Regulation: A Survey of Literature on Big Data

Introduction

Benefits and Harms of "Big Data"

Introduction

What are the potential benefits of Big Data?

What are the potential harms of Big Data?

Privacy

Security

Epistemological and Methodological Implications

Digital Divides and Marginalisation

Discrimination

Conclusion

Analysis of Aadhaar Act in the Context of A.P. Shah Committee Principles

Introduction

Analysis of the Aadhaar Act

Collection Limitation

Notice

Access and Correction

Disclosure

Consent

Purpose

Security

Accountability

Openness

Endnotes

An Urgent Need for the Right to Privacy

Read and sign the open letter.

Text of the Open Letter

Adoption of Standards in Smart Cities - Way Forward for India

Smart Cities standards in India

Key International Smart Cities Standards

The International Organization for Standardization (ISO) - Smart Cities Standards

ISO 37120 Sustainable Development of Communities — Indicators for City Services and Quality of Life

Schematic illustration with explanation of the indicators for national, regional, global, and thematic monitoring.
Source: UN Sustainable Development Solutions Network, Indicators and a Monitoring Framework for the Sustainable Development Goals: Launching a Data Revolution for the SDGs, 2015, p.3.

World Economic Forum - Diagram on Data Commons.
Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.4.

World Economic Forum - Diagram on Global Coordination.
Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.7.