Editorial 1 : Using children’s personal data legally and securely
Context
Adherence to the principles of data privacy and data minimisation is particularly pertinent given the sensitive nature of children’s personal data.
The Indian Education system
- The Indian school education system is one of the most expansive ecosystems in the world. Composed of approximately 15 lakh schools, 97 lakh teachers, and nearly 26.5 crore students enrolled from the pre-primary to higher secondary levels, it boasts of stakeholders from varied socioeconomic backgrounds.
- To realise its objective of managing the wide-ranging education system in India in a sound manner, the Ministry of Education conceived of the UDISE+ platform in 2018.
- The UDISE+ plays a crucial role in collecting and exchanging real-time information on school infrastructure, teachers, student enrolment, and academic performance.
- This allows the Ministry to curate outcome-based policies to enhance the quality of education in India.
- By improving the process of resource allocation and the monitoring of educational programmes, UDISE+ is also notably utilised to map educational trends.
- The objective of strengthening administration and optimising service delivery is charted out as the ultimate goal of this exercise.
APAAR
- In terms of the National Education Policy 2020, the Ministry also introduced the Automated Permanent Academic Account Registry identification (APAAR).
- This serves as a unique identifier of a given student. This facilitates the collation of academic credentials of students at one place.
- The demographic information per user so collected includes Aadhaar information, obtained vide a voluntary consent-based mechanism.
- Measures are being introduced to enhance ease of schooling, which necessitate linking of APAAR and UDISE+.
- Steps to automate student admissions, in turn, to reduce dropout rates during the transitional phases and enhance opportunities for continuing education, fall within the umbrella of such ease of schooling measures.
- Entities such as DigiLocker and ed-tech companies frequently collaborate with State governments.
- Interlinking of UDISE+ and APAAR, in the manner explained above, exposes student data amassed to such actors in the educational ecosystem.
- The Education Ministry commendably formulated a data-sharing policy for school education and literacy in 2020.
- However, this is yet to be updated to reflect the regulatory overhauls post the enactment of the Digital Personal Data Protection (DPDP) Act, 2023.
- In the absence of clear regulations or minimum standards (importantly, for ed-tech players), their compliance with the Act comes under question.
- There are numerous potential pressure points wherein non-compliance of the involved actors may materialise.
- For instance, there is limited guidance on what constitutes verifiable parental consent.
- Consent from parents for minors’ data, sought under the UDISE+/APAAR regime, may violate this requirement.
- Moreover, the DPDP Act emphasises the importance of collecting personal data for specified legitimate purposes only.
- Sharing children’s data under UDISE+ for a purpose incremental to the authorised one could violate this statutory requirement.
- The Ministry acknowledged the benefits of sharing student data at a national scale — for instance, to track intra- and/or inter-State student migration.
- Streamlining the system to manage educational records efficiently is therefore critical.
The three-part test
- The Supreme Court recognised the right to privacy as a fundamental right in Justice K.S. Puttaswamy (Retd.) v. Union of India (2018) and laid down the three-part test against which state action must be adjudged.
- This test is deployed to assess the impact of state action on the right to privacy of citizens.
- The three conditions stipulated under this test are: (i) there exists a legitimate state interest in restricting the right; (ii) such restriction is necessary and proportionate to achieve the interest; and (iii) the restriction is imposed/effected by law.
- Aadhaar integration in APAAR/UDISE+ must comply with these three prongs.
- Due caution is also a prerequisite to counter potential cases of data thefts and cyber breaches.
- Adherence to the principles of data privacy and data minimisation is particularly pertinent given the sensitive nature of children’s personal data.
The need for specific protocols
- Regarding exchange of personal data of children for an unspecified purpose, integration of third parties (such as entities like DigiLocker, etc.) could also raise doubts on the role thereof.
- Identification of actors who qualify as data fiduciary, data processor, and data principal, would be required from a liability affixation standpoint.
- Although the privacy policy for APAAR dictates certain data security, aggregation, third party integration, retention requirements, sharing of personal data of children for an unmentioned purpose may require specific protocols, which are absent.
- Additionally, both the data policy and the annual report emphasise on the absence of any legal liability of the Ministry in respect of disclosure/accuracy of the data shared onto UDISE+.
- Further, the privacy policy directs grievances received to a grievance officer.
- However, there is no clarity on the manner in which the legal liability is affixed or practically incurred.
- This exhibits a blatant lack of a grievance redressal forum and mechanism for the data principals whose personal data is collected and exchanged under APAAR.
Way forward
- Standard operating procedures, both technical and legal, under an overarching governance framework are a pressing priority.
- Such protocols will facilitate preservation of data authenticity and prescription of legal obligations for stakeholders concerned.
Editorial 2 : A new push in the Bay of Bengal
Context
India hosted the 2nd BIMSTEC (Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation) Foreign Ministers’ Retreat in New Delhi earlier this month with a focus on providing an “informal platform to discuss ways and means of cooperating and accelerating action in security, connectivity, trade, and investment within the Bay of Bengal.”
Strengthening ties with eastern neighbours
- BIMSTEC is the regional organisation devoted to the Bay of Bengal, with a membership of five South Asian and two Southeast Asian countries, cooperating across seven diverse sectors.
- It allows New Delhi to engage multilaterally with the other countries of the Bay of Bengal region, which are its eastern neighbours and therefore vital for its economic development, security, and foreign policy imperatives.
- India also remains intent on solidifying relations with its eastern neighbours as China’s growing presence in the Bay of Bengal poses a potential threat to regional stability and New Delhi’s position as a preferred security partner in these waters.
- Strengthening ties with Bangladesh and Myanmar accords India the advantage of providing its landlocked north-eastern region with access to the sea.
- Improved ties with Myanmar and Thailand will also lend India the opportunity to have a more profound presence in the Indo-Pacific, as it holds the ASEAN (Association of South East Asian Nations), in which these two countries are members, to be of central importance in its vision of the Indo-Pacific.
- Thailand reinforced this idea at the retreat by identifying itself as a bridge between BIMSTEC and ASEAN.
- These priorities were reflected in the opening address by the Minister for External Affairs, S. Jaishankar, when he stated that BIMSTEC represents the intersection of India’s ‘Neighbourhood First’ outlook, the ‘Act East Policy’, and the SAGAR (Security And Growth for All in the Region) vision.
Two parts of the retreat
- The retreat was divided into two parts.
- In the first segment, participants assessed the current state of regional cooperation within BIMSTEC, building on a presentation by India on the implementation of key outcomes of the 1st Retreat.
- Multiple ideas were shared by the member states including the establishment of Centers of Excellence in member states, focusing on Agriculture, Disaster Management, and Maritime Transport.
- India announced support for cancer research, treatment, and issuance of e-visas for patients of all BIMSTEC states, while Sri Lanka proposed the inclusion of kidney disease.
- The need for involving the private sector in trade and promoting young entrepreneurs was also highlighted, as was the importance of connectivity, cyber-security, and countering the trafficking of narcotics and illegal arms.
- In the second session, the expectations of each country from the forthcoming summit were discussed.
- Sri Lanka underscored the need to map mineral resources found in abundance in the BIMSTEC countries and create opportunities for the vertical integration of stages of production within specific sectors in the economies of the countries, enabling them to diversify their production structure.
- Bangladesh highlighted the need for cooperation in the Blue Economy and urged member states to ban fishing during the breeding season to address the problem of depleting catch in the Bay.
- Bhutan expounded on the need for collaboration in tourism and cultural exchanges, while Nepal highlighted its ‘whole of the region’ approach to leverage synergies among member states and transform BIMSTEC into a results-oriented regional forum.
- Thailand underscored the need for cooperation in non-traditional security domains, and Myanmar added the need to combat online scamming to the list.
Conclusion
It remains to be seen how many of these proposals find culmination at the forthcoming Summit but the intent of the member states to push forth with a bold vision for the region was clearly evident at the retreat.