Share with Care- Aakaash Singh

Imagine that an asset that you own such as a car remains underutilized most of the time. In fact in the Indian scenario this not so hard to imagine - it has been reported that private car utilization percentages are as low as 5%. But now with the help of advanced big data analytics, an intermediary such as Zoomcar, Revv or Quickride is leveraging on data to provide you a platform on which you can share your assets or carpool with fellow travelers and earn some income from your assets and improve your assets‟ utilization and become a mobility service provider yourself.

Now consider another scenario wherein you are driving a car provided to you by an intermediary or your own car which you have shared with others. Suddenly you lose control of both your phone and car with both the devices not responding to your attempts to wrest control. This nightmare scenario isn‟t as far-fetched as it sounds because modern day hackers are able to tap into data and meta-data between connected devices to hack almost anything and everything.

In both of the above potential scenarios , it is important to note that the manner in which data is collected, processed, stored, accessed and transferred plays a significant role in the type of outcomes that are realized. According to a report by business intelligence firm DOMO “over 2.5 Quintilian bytes of data are created every single day, and it‟s only going to grow from there. By 2020, it is estimated that 1.7 MB of data will be created every second for every person on earth.” These staggering numbers indeed give further credence to the new adage - “Data is the new oil”. The trend world over including India is that future socio-economic growth and governance will be driven by data generation and utilization by algorithmic-driven frontier technologies such as machine learning, AI, blockchain, and IoT. India‟s demographic profile with nearly 65% of its population below 35 years is conducive to the shared economy paradigm that is steadily driving growth and creating new opportunities worldwide.

In light of the above, it is vital that India take all possible data-related policy matters into consideration when tapping into the potential of the shared economy. In this context it is, therefore, encouraging to see that the Ministry of Road Transport and Highways(MoRTH) has recently come out with a Bulk Data Sharing Policy & Procedure which aims at sharing data with various kinds of service providers to improve mobility service delivery for users through effective and efficient data utilization. The policy framework provides a structure for a plethora of potential applications, which are enumerated as follows.

Improving Asset Utilization for Passenger and Freight Movement – By utilizing the proposed 28 data points such as Registration no, Chassis no, Financer‟s name, Dealer name, Model name etc and through methods of data triangulation, big data analytics, data mining and leveraging upon data transfer between connected devices the utilization rates of private assets such as private cars, bikes etc can be improved. For instance, intermediaries and aggregators can reach out to private or commercial vehicle owners and provide them access to hitherto unutilized or underutilized markets by matching supply with demand, thereby improving systemic efficiency and effectiveness. It will provide an income stream for private owners and help reduce the idle time for fleet operators in the passenger and logistic segments. This will promote competition and innovation amongst service providers in the mobility space.

Improving Road Safety and Law Enforcement: In the present scenario the vehicle insurance premiums do not factor in the driving patterns of drivers. However going forward with the help of the bulk data, the vehicles‟ on board performance analytics and linkages with law enforcement databases differential insurance premium rates can be computed and used to encourage responsible driving behaviors. These data points can be used to generate a driver profile and with every breach of the law demerit points can be added to the profile. If the demerit points cross a particular threshold, driving licenses may be revoked. All these measures will go a long way in promoting safety and responsible behavior on the roads.

Transport and Urban Planning: Access to data will also help urban transport authorities to plan and improve service delivery in public transport operations. As private vehicle ownership is also associated with externalities such as traffic congestion, accidents, inadequate parking spaces and pollution, it is an important component of local and regional transportation policy making. Thus, big data analysis of the vehicle ownership and usage levels can be deployed for spatial and transportation planning. Integrated with intelligent transport solutions, this data can also be used to inform citizens of the traffic patterns on a daily basis and help them plan their journey via alternative modes that are safe, comfortable and save time.

Academic Research: The policy provides that the bulk data can be utilized by educational and research institutions for both research and commercial purposes. Analysis and processing of these data points can yield many interesting insights for future policy decisions. The above four mentioned potential application areas are by no means exhaustive but are meant to be illustrative of the opportunities that can be tapped into by leveraging MoRTH‟s latest policy.

However there are a few concerns that require detailing before the policy is actually

The policy has laid down certain eligibility criteria for accessing bulk data to ensure checks and balances. However, in the absence of a robust data protection law, it would be prudent to implement this policy only after defining and establishing a responsibility/liability matrix of all entities involved throughout the entire data processing chain. Without this matrix different stakeholders may adopt different interpretations of data ownership and responsibilities whenever there are unauthorized data breaches. Without the law and enforcement mechanism in place it will be very challenging to have a standardized approach to data privacy and security, and to assigning responsibility.

In the absence of a Data Protection Authority, it is not clear how the end user will get redressal for his/her grievances pertaining to data theft, unauthorized usage or hacking. In fact in many cases of unauthorized breaches and sale of data as in the case of Zomato and the Facebook-Cambridge Analytica affair, end users had no idea that their data had been hacked or sold to third parties without their consent until much later when they were informed about the breaches. This information asymmetry goes against the „Right to Privacy‟ under article 21 of our constitution, which has been affirmed by the Hon‟ble SC recently. It is to be remembered that many of the data breaches provide access to „sensitive‟ data which may not only cause financial losses to the end users, but may also be used by dubious elements to cause actual physical harm.

The policy doesn't categorically mention whether end users have the right to opt out of the databases of the firms that purchase the bulk data. Neither does it say that users will be informed every time their data is accessed and processed. Having these options explicitly stated can help the data-sharing regime adhere to principles such as „informed user consent‟ and „purpose limitation‟, preventing misuse of data by third party entities While the policy categorically prevents firms from the sale of data on an „as-is‟ basis to third parties it is not clear how this provision is going to be enforced in practice.

The Ministry of Road Transport and Highways should be complimented for taking a progressive step of allowing sale of bulk data because not only it will be an additional source of revenue for the Government, the data can be utilized for various applications, which can go a long way in improving ease of living for citizens. However there needs to be more detailed consultations between various stakeholders to iron out areas of concern as enumerated above to ensure that user privacy and safety is given prime importance in the policy implementation.

This would require that the policy is implemented in a calibrated manner with due regards to the principles of data security and protection as enumerated in the Sri Krishna Committee report and Europe‟s General Data Protection Regulations. In the interest of transparency and end user education it would be also prudent for the Ministry to issue a detailed FAQ on the potential applications of the bulk data, users‟ rights and grievance redressal mechanisms to allay fears about the proposed policy. The potential for misuse shouldn't become a roadblock in going ahead with a progressive move. Necessary safeguards can always be worked out in consultation with the line ministries, independent experts, think tanks and citizens to ensure that the policy delivers its stated outcomes with win-win outcomes for all stakeholders.

Aakaash Singh,

No comments: