Pages

5 April 2023

Global Technology Summit 2022 Action Points

SHRUTI SHARMA, SUYASH RAI, KONARK BHANDARI, PRIYADARSHINI D.

INTRODUCTION

Carnegie India, in collaboration with India’s Ministry of External Affairs, organized its seventh annual Global Technology Summit (GTS), themed “Geopolitics of Technology,” in New Delhi from November 29 to December 1, 2022.

The summit included a range of debates, panel discussions, and keynote addresses on diverse and cutting-edge topics, including digital infrastructures, digital public goods (DPGs), interoperability of cross-border payments, cybersecurity, quantum technology, semiconductors, biosafety and biosecurity, lessons from the war in Ukraine, geopolitics of data transfers, India’s growing space sector, and the India-U.S. tech alliance.

In addition to public sessions, the summit hosted several closed-door discussions on wide-ranging topics at the intersection of technology, finance, governance, and geopolitics, such as semiconductors, principles for real-time payment systems, principles for digital health architectures, central bank digital currencies (CBDCs), safeguarding modern bioscience and biotechnology innovation, improving access to welfare through DPGs, and India’s Digital Personal Data Protection Bill, 2022.

Some of these discussions weave directly into India’s Group of Twenty (G20) priorities, while others form a part of our research program.

Each discussion brought together a specific group of experts from a variety of stakeholders, including representatives from different departments in the Indian government, such as the Reserve Bank of India, Ministry of Electronics and Information Technology, Office of the Principal Scientific Adviser, Ministry of Health and Family Welfare, National Security Council, along with government representatives from other countries, such as the United States, the United Kingdom, Togo, Mexico, Sri Lanka, and the European Union (EU). In addition, representatives from international financial institutions, such as the International 1 1 Monetary Fund (IMF), Bank for International Settlements (BIS), SWIFT, and International Finance Corporation (IFC), also participated in the discussions. Experts from Indian and global think tanks, participants from academia and industry, and representatives from philanthropy groups, such as the India Office of the Bill & Melinda Gates Foundation and Omidyar Network, also participated in the closed-door discussions.

Through this collection of short commentaries, Carnegie India scholars aim to highlight key insights and takeaways from the various closed-door discussions hosted at GTS.

We are keen to draw lessons from these discussions and continue our research in these areas to move the conversation forward.
Aligning Principles of Real-Time Payment Systems
Semiconductors: Connecting Corridor Between Policy and Investment
Central Bank Digital Currencies: The Future of the Global Financial System
Principles for Digital Health Architectures
Safeguarding Biotechnology Innovation and Boosting the Bioeconomy: The Road to G20
Improving Access to Welfare through Digital Public Goods
Unpacking the Digital Data Protection Bill, 2022

1. ALIGNING PRINCIPLES OF REAL-TIME PAYMENT SYSTEMS

More than forty experts from central banks, multilateral organizations, think tanks, academia, and payment service providers attended this closed-door discussion. It was curated to discuss both domestic and cross-border payments. While discussing domestic real-time payment systems, participants exchanged notes about what is working and what is not. Similarly, on cross-border payments, participants discussed priority areas that need to be addressed to make progress. Some of key takeaways from the discussion are presented below.

DOMESTIC REAL-TIME PAYMENT SYSTEMS

Many countries are building fast payment systems, and quite a few of them have been successful. Jurisdictions, however, differ considerably in how they have gone about building and operating their fast payment systems. These differences relate to:Payment types processed (P2P, P2B, B2B, P2G, G2P) and transaction limits: Most jurisdictions offer a wide range of payment types. The general trend is toward expanding the use cases that are allowed.

Pricing regulation: While most fast payment systems regulate pricing for the payment services, almost all allow some price to be charged to enable participants to make some money. Commercial viability is crucial for the fast payment system to work well in the long run. So, countries must consider whether the stakeholders in a fast payment system are getting adequate remuneration that keeps them invested in the system and encourages further investments.

Transaction limits: While many jurisdictions have some transaction limit, even some of those without a limit place other constraints on transactions, such as availability of funds in a payer’s account.

Role of the central bank: In most cases, central banks have played an important role as catalysts in the development of fast payment systems. Quite a few central banks have an oversight role in fast payment systems. In some jurisdictions, fast payment systems are owned and operated by the central bank, while in others there are private sector fast payment systems that are regulated by the central bank to address issues related to risk, access, and competition.

Participation criteria: While many fast payment systems have criteria that are equivalent to or less restrictive than the domestic real-time gross settlement (RTGS) systems in the jurisdictions, some systems have more restrictive participation criteria.

Most fast payment systems are interface agnostic. They are open to various channels, including internet banking as well as mobile payments, with the interfaces typically developed and offered by the system participants. Most fast payment systems are using ISO 20022, which will provide users with more flexibility in choosing payment channels and greater use of straight-through processing for payments.

While each country must choose the design of the fast payment system that may work in its context, there is much value in learning from experiences from other countries. Since most of these systems have been launched in recent years, and many more are likely to launch them in the coming years, much learning is happening through experimentation and innovation. Learning from these experiences could help countries avoid mistakes and undertake useful innovations.

The last few years have demonstrated that there is room for much more innovation in payment systems, and regulators and central banks may need to continue to be agile in enabling useful innovation.

While fast payment systems have scaled rapidly, there are still large segments of populations that do not have access to these systems because of supply- or demand-side issues. Addressing these issues could make these systems more inclusive.

CROSS-BORDER PAYMENTSExtension and alignment of operating hours for settlement systems could reduce liquidity costs and settlement risks. According to a recent report that covered eightytwo jurisdictions, RTGS systems in these jurisdictions are open for about eleven hours on average.

Improving direct access for a wide variety of payment service providers to payment systems like RTGS systems that settle in central bank money could reduce the settlement risks in the system. According to the BIS only a minority of systems settling in central bank money currently provide direct access to non-bank payment service providers, foreign banks, and financial market infrastructures.

Interlinking arrangements, which allow banks and other payment service providers to transact with each other without requiring them to participate in the same payment system or use intermediaries such as correspondent banks, can shorten the transaction chains, reduce the costs, and increase the transparency and speed of payments. The arrangements include bilateral links of the type that have been initiated between Unified Payments Interface (UPI) in India and PayNow in Singapore. Interlinking could also cover different types of payment systems (wholesale or retail) and be underpinned by different types of currency arrangements (single currency, multicurrency, cross-currency).

Regulatory coordination across jurisdictions will be key to the success of cross-border payments, but it is difficult to achieve. This includes coordination to supervise cross-border payment service providers and multi currency payment infrastructures. Similarly, applying anti-money-laundering/combating the financing of terrorism (AML/CFT) frameworks consistently and comprehensively across jurisdictions with a risk-based approach can reduce uncertainty in cross-border payments by improving trust and protecting the financial system from abuse. Further, the country frameworks for data governance and regulation may need to be adapted to enable cross-border payments that involve cross-border data flows.

Harmonizing message formats and application programming interface (API) protocols can lead to efficiency gains. Message formats and API protocols have been developed in response to specific needs. It will be important to consider some harmonization in these formats and protocols. For instance, ISO 20022 as the common messaging standard can help in interoperability and in addressing data standards and quality and quantity restrictions in cross-border payments. Many jurisdictions have adopted ISO 20022 as the messaging format for their fast payment systems, and many others are moving toward it.

2. SEMICONDUCTORS: CONNECTING CORRIDOR BETWEEN POLICY AND INVESTMENT

A pressing shortage of semiconductors had led many countries to try and become self-reliant in the semiconductor ecosystem. Among them, India released a comprehensive set of policies to attract investment in its semiconductor sector in December 2021, becoming one of the first countries to do so. These policies focused on the chip fabrication segment; the chip design sector; assembly, testing, marking, and packaging (ATMP) operations; and workforce training. By all accounts, the various policies introduced were seen as pragmatic and realistic, as the incentives offered under them reflected the desire to shore up capabilities not only in leading-edge nodes but also trailing-edge ones.

However, one year on, there was a general perception that even with the semiconductor policy hitting all the right notes, there was scope for further investment in the semiconductor ecosystem. This was despite the announcement of a major and significant investment by a transnational joint venture. Accordingly, it was felt that it was critical to ask whether there are other factors at play here, which are extraneous to the semiconductor policy itself. What were the views of leading semiconductor manufacturing and design firms when it came to investing in India? What did they consider as the roadblocks to further investment in India?

Lastly, how did the representatives of key government agencies in India feel about these roadblocks? Could they be resolved to the satisfaction of all stakeholders? What did global independent think tank experts feel about the feasibility of implementing the solutions proposed, if any? What in their view was the experience of other countries that have had success in incubating a robust semiconductor ecosystem?

Accordingly, a closed-door discussion was convened during the 2022 GTS to better understand how India’s semiconductor policy was perceived by others in the industry, and what were the functional outcomes desired. The following ideas were discussed:Talent and chip design ecosystem needs to receive a bigger push: Given that a large number of Indian professionals in the semiconductor industry work in the chip design segment, this could be an area of focus. Industry institutes could be set up to enhance manpower capabilities. Also, the role of the government is to do things that companies cannot or will not do, for example, help in developing opensource electronic design automation (EDA) tools.

End-use case needs to be substantiated: India is not the only suitor for semiconductor companies. Therefore, the real challenge is that every country today is offering similar incentives to those offered by the Indian government. Accordingly, the question that Indian policymakers need to answer is how to position themselves in the global supply chain vis-à-vis more mature semiconductor/hardware ecosystems. For instance, focusing on mature nodes could be a good starting point. But even then, there is a pressing need to know what the end use will be for semiconductors in India. This will determine what kind of node or chip needs to be developed to meet this domestic demand.

A supportive ecosystem is needed: A senior Indian government official noted that India had previously made two significant forays into the semiconductor manufacturing space that did not thrive. However, today, electronics manufacturing in India is an $80-billion industry, and the demand for semiconductors is set to grow. Yet building the first fabrication foundry will be a major challenge as the ecosystem to support it is untested. But as the number of players starts to grow, things may become easier.

Look toward industries of tomorrow: It was also highlighted that India should look at industries of the future. India needs to look to the future to figure out emerging end-use cases, for instance, in climate tech, which will become high-volume very soon. It is necessary to think fifteen to twenty years ahead and envision which industries will eventually use semiconductors and then make a push toward focusing on those end-use cases.

International partnerships are key: With its Make in India initiative, India had shown that working on downstream technologies domestically is possible. But in the context of geopolitics, India needs to look at attempts by the other three members of the Quad (the United States, Australia, and Japan) and the EU diversify their supply chains. The need to secure cross-border demand in this context is essential, and so perhaps looking at some form of demand-sharing with the said actors could be looked at. Also, synchronization is needed between India’s semiconductor policy and the U.S. CHIPS and Science Act.

Investment-linked tax credits are important: While grants and awards are important, the Indian government should focus on providing permanent manufacturing investment-linked tax credits to semiconductor manufacturers, as is the case under the U.S. CHIPS and Science Act. These are widely seen by experts as having a multiplier effect on the quantum of funding.

Integration with global supply chain through liberal tariff policies: Some experts stressed the importance of integration with the global supply chain. Currently, it is the opinion of a few design firms, in particular, that they find it difficult to import equipment because of high tariffs. An example given here is of Taiwan, whose biggest export is semiconductors, yet whose biggest import item is integrated circuits. Therefore, looking at increasing imports should not necessarily be seen as undesirable.

3. CENTRAL BANK DIGITAL CURRENCIES: THE FUTURE OF THE GLOBAL FINANCIAL SYSTEM

Digitalization of currency may be one of the most consequential developments in the evolution of money. Digital currencies issued by central banks, or CBDCs, have seen rapid developments in the past couple of years, from mature pilots by major economies (for example, the People’s Bank of China and Sveriges Riksbank) to live rollouts (for example, Nigerian and Bahamian central banks). Collaborative cross-border CBDC experiments like the mBridge project have produced key results in facilitating real-time cross-border transfers. India, too, has announced the launch of a “digital rupee” by 2023 and followed up with two pilots on the wholesale and retail side in quick succession. Alongside possible benefits and risks, many of which are still being studied, CBDCs when issued may carry several potentially disruptive implications for the domestic and global financial system.

Against this background, the closed-door discussion set out to cover a broad agenda, including interoperability of CBDCs and other digital payments and currencies, principal challenges to adoption, lessons from pilots and issuances of CBDCs, implications of the digital yuan, and India’s role in advancing developments and discussions in this space as the G20 president this year. The following potential action points (in no order of priority) are gleaned from the ensuing multistakeholder discussion, and the several important insights and takeaways they gave rise to.Address further areas of research for a common CBDC platform design: Areas that require further research and consideration in the context of wholesale cross-border CBDC transactions, especially ones designed on a common platform, include: (a) interoperability with domestic payment systems; (b) price discovery and matching; (c) liquidity management tools and role of central bank participants in this regard; (d) policy, legal, and compliance frameworks; (e) governance mechanism (whether centralized or decentralized); (f) evaluation of additional use cases; and (g) introducing scale, especially through participation by more jurisdictions on such platforms.

Reach multilateral agreement or arrangement for implementation: Legal, compliance, and jurisdictional concerns and constraints as well as geopolitical considerations could prove to be a practical challenge. A multilateral understanding will need to underpin the implementation of cross-border connectivity of CBDCs, whether via a common platform shared by all central banks or other multilateral designs/arrangements for CBDC connectivity.

Assess the role of the public and private sector: In the context of competing models, that is, CBDCs, commercial bank issued digital currencies (essentially, tokenized commercial bank deposits), and well-regulated stablecoins, and although it is premature to identify which model will succeed, it may be useful to understand the contours and implications of coexistence of these models in the meantime.

Articulate democratic values underpinning the new or emerging financial architecture: The eCNY or digital yuan forms a part of the overall Chinese vision for the digital economy and their strategy to create smart financial architecture. Recent events suggest potential for abuse. It may be useful for democracies to articulate their values and vision for the new financial architecture as well.

Achieve global consensus: The realization of advantages offered by CBDCs will require major countries, if not every country, to issue CBDCs as a precondition. A global understanding or consensus in the next five years—that there is a need for CBDCs and on developing CBDC systems—is therefore important.

Focus on policy questions beyond technological considerations: Central bank money constitutes only 10 percent of the money supply whereas private money constitutes 90 percent. First, the evaluation of CBDCs, including the roles of central banks and commercial banks, must occur within this context. Second, the advantages of CBDCs over fast payment systems, especially those related to programmability or atomic payments and so on, may not be important for a retail consumer. There are also large policy issues related to CBDCs, such as disintermediation of the two-tier banking system and expansion of central bank balance sheets, especially in an era where central banks are looking to shrink their balance sheets. Given the emphasis on the technical side in discussions, there is a need to focus on the policy questions.

Undertake better central bank communication to bolster adoption and allay reputational risks for central banks: Central banks’ policies for communicating with the public on CBDC engagement must be continuous, simple, direct, and relatable, especially to tackle concerns and narratives around CBDCs’ impact on data privacy. In addition to identifying use cases, especially those with genuine value addition over the existing payment systems, communication on central banks’ goals and objectives and that CBDCs are not trying to replace the current payment landscape will also be an important factor for adoption.

Disclose security considerations under current (and future) pilots: Privacy solutions under existing pilots may be compromising security guarantees. It is unclear if these are deliberate choices or pursuant to the maturity of the current distributed ledger technologies. Therefore, more explicit threat modeling should be undertaken under the pilots or if already being undertaken, communicated to the external research and academic community in order to identify any technical gaps.

4. PRINCIPLES FOR DIGITAL HEALTH ARCHITECTURES

Global investment and development in digital health architectures have escalated, particularly since the COVID-19 pandemic, in order to address current and potential public health emergencies Stakeholders in the global healthcare ecosystem are consistently working toward developing digital healthcare tools and solutions that deliver healthcare in a user-friendly, affordable, reliable, and accessible way.

This discussion was curated, in collaboration with the India Office of the Bill & Melinda Gates Foundation, to identify principles and lessons that can be drawn from global approaches to creating digital health architectures to improve health outcomes while emphasizing sustainability and equity. Some of the key takeaways from the discussion are as follows.

A clear mandate and strategy: Any effort to build digital health architectures in a country would need to be government led. The mandate for creating these architectures must be clear and uninterrupted by changes in leadership or political situations. It is also important for these governments to have a clear and well thought out blueprint or strategy before they begin to build out these architectures.

Prioritization: While building out this blueprint or strategy, it is important for governments to prioritize their efforts based on goals or targets that they aim to achieve. Once these goals have been established, governments must then prioritize the technologies they would like to apply in order to achieve them. Since multiple technologies can be used to achieve the same purpose, the selection must be made taking into account technological capability, available infrastructure, and economic considerations.

Patient-centric approach: It is recommended that these efforts take a patient-centric approach rather than a hospital or health service provider approach. Individuals’ electronic health records form the building blocks of any digital health architecture. However, it is important that these records are a means to an end and not an end in themselves. Following such an approach enables real and accurate data collection about the individual’s health, resulting in high-quality data that could then ensure a higher quality of healthcare and health outcomes.

Integration with existing systems and the private sector: These digital health architectures should be built on top of existing health systems and other digital architectures rather than taking a ground-up approach. Having the private sector participate in these systems, especially in countries with mixed healthcare systems, is vital for their success. It is important for the government to engage with private health service providers throughout the inception, development, and updating stages of digital health architectures. This improves their ability to integrate with national health systems.

Technology implementation, governance, and policy: Technology implementation, governance, and policy cannot be treated as a linear sequence. Prioritizing one over the other or allowing them to occur in silos is an exercise doomed to fail. Having a clear strategy for technology implementation enables policymakers to create appropriate policies to govern the use of technology and the health architectures as a whole. This also enables policymakers to make related policies, such as financial, insurance, and privacy policies among others, which in turn make these architectures safer to use. It is also important to take a multistakeholder approach to governance of digital healthcare architectures involving regulatory authorities from the fields of not just healthcare but also technology, insurance, finance, and privacy among others.

Creating data architectures: Given the sensitive nature of health information, it is important for any country venturing into digital health to have a privacy or data protection law or framework. Creating a data architecture for digital health architectures must include the concepts of interoperability and data sharing. In the context of healthcare, these two concepts become extremely important for identifying and combating epidemics and pandemics, disease surveillance, clinical care management, and patient record transfer between facilities. These data architectures are also important to enable the creation of artificial intelligence (AI) and machine learning tools which require large and complete datasets to be viable for application in healthcare. Creating policies and standards for the collection and storage of data in an annotated format would be useful in this regard while also reducing the economic costs of doing this after the fact.

Education and academic engagements: It is important that one aspect of digital health architectures focus on using technology to educate the general population about illnesses, preventative measures, and the services that could avail using technology, especially in areas with limited access to healthcare resources. Training for healthcare and technology have been two distinct streams of education. In order to train dually skilled professionals, it is important to engage with academia to create curriculums that would cater to the growing demand for qualified digital health professionals.

5. SAFEGUARDING BIOTECHNOLOGY INNOVATION AND BOOSTING THE BIOECONOMY: THE ROAD TO G20

Biotechnology advances hold incredible promise for fighting disease, protecting the environment, promoting economic development, and advancing sustainable development goals. However, these advancements are always related to some uncertainty regarding their outcome and, thus, might contribute to the risk of accidental damage or deliberate abuse with potentially severe consequences for people or the environment.

This discussion was curated in collaboration with the Nuclear Threat Initiative to develop a common understanding of biological risks and identify solutions to tackle emerging biological risks. Below are the key takeaways.

Biological risks and their growing relevance: Advancements in biotechnology have made it faster, cheaper, and easier to read, write, and edit genetic material, which are blueprints for all living systems on earth. This, paired with advances in AI and automation, can lead to large-scale engineering of biological systems. While generally used for the good of society, accidental leaks from a laboratory can have severe consequences. Furthermore, some of these tools and technologies, if accessed by nefarious actors, can be used to make, for example, pathogens more virulent, more transmissible among humans, and more resistant to medical countermeasures like vaccines.

Developing common strategies to tackle biological risks: Participants emphasized the need for clear definitions and substantial distinctions between biosafety and biosecurity to be able to develop shared solutions to tackle emerging biological risks. Biosafety is the set of systems put in place to prevent laboratory accidents or accidental release into the environment. Biosecurity, on the other hand, is the set of tools and systems that are put in place to prevent deliberate misuse of hazardous pathogens to cause harm. It is important to recognize the difference between biosafety and biosecurity when devising and implementing risk mitigation measures at bio labs.

Global biosafety and biosecurity landscape: While most countries have strong biosafety regulations, biosecurity policies are lagging. This is primarily because of two reasons. First is the intuitiveness of biosafety, which is meant to protect oneself and their immediate environment, and second is the historical perspective demonstrating how biosafety has reduced large numbers of laboratory acquired infections over decades. By contrast, biosecurity is a relatively young topic with broader acknowledgment only since the anthrax attacks in 2001. It seems vaguer and more distant due to its emphasis on managing risks emerging from unknown actors. To operationalize biosecurity, it is important to identify actors that can be potential sources of deliberate biological threats, recognize pathogens that can be weaponized, communicate openly about these risks, and continuously monitor the evolving nature of the threat.

Whole-of-society approach toward governance: To date, the scientific community and industry players are geared toward improving life and livelihood of human society, and in this state of mind are often reluctant to acknowledge the risks related to their experimentation, in particular the potential for misuse. And in cases where they are aware of these risks, they might be wary that overregulation might stifle research. Therefore, it is important for security and law enforcement representatives to collaborate with scientists, academia, and industry to develop clear guidelines, which from an industrial point of view is imperative for promoting innovation. While acknowledging the challenges in bringing multiple stakeholders together, participants suggested that rather than creating a new organization, the doors of existing entities, like the numerous biosafety and biosecurity associations spread globally, should be kept open to enable information exchange to tackle biological risks.

Life-cycle approach to risk assessment: Sound biological risk assessment should be conducted at the beginning of each bioscience project to evaluate potential unexpected outcomes from editing and engineering pathogens. Furthermore, from planning and project implementation, and project execution in research labs or commercial facilities, to publishing and sharing of findings and commercialization of technology, risk-benefit analysis should be conducted at all stages. Reducing risks incrementally in each step will allow for all-together risk mitigation.

Biosecurity priorities for India’s G20 agenda: India’s G20 presidency is an opportune time to develop common practices, mechanisms, and standards to address and mitigate biological risks. These standards can play a critical role in building risk mitigation strategies into industry management systems and thus rolling them out across companies and branches of industry (nationally and globally) as a complementary factor to regulatory acts by governments. Furthermore, before basic principles, standards, or norms are established at an international level, perspectives about these risks should be aligned at the national level.

“One Health” priorities for India’s G20 agenda: G20 countries should bring together experts to ensure preparedness for the next pandemic, which could come from natural or manmade sources. Acknowledging “One Health” as one of the key priorities for India’s G20 presidency, participants discussed that it provides better interagency cooperation to facilitate disease surveillance and pandemic preparedness for humans and animals. Trust and transparency should, therefore, be established between G20 member states to ensure collaboration between countries on disease surveillance, investigation, and mitigation, which will be an excellent way to identify unusual outbreaks in the global context.

6. IMPROVING ACCESS TO WELFARE THROUGH DIGITAL PUBLIC GOODS

The Digital Public Goods Alliance defines DPGs as “open-source software, open data, open AI models, open standards and open content that adhere to privacy and other applicable laws and best practices, do no harm, and help attain the SDGs.” DPGs have various focus areas, including sustainable health outcomes, financial inclusion, and improving access to welfare schemes. The discussion focused on identity (ID) systems-based DPGs, which help achieve such focus areas, with the Modular Open Source Identity Platform (MOSIP) as the focal point of reference. The MOSIP, with its design principles, experience of international collaborations, and special focus on gender inclusion, serves as an example of a responsibly designed DPG.

This discussion was organized in partnership with MOSIP–IIIT Bangalore and Aapti Institute to understand (a) the best utilization of DPGs for access to welfare; (b) best practices and design philosophies of co-creating digital tools across international borders; and (c) addressing the need for gender inclusion in and through DPG design technology. Below are the key takeaways.

DPGs for empowerment of nations: DPGs are fundamental tools to provide social and economic welfare. They bring inclusion, gender parity, and efficiency in service delivery and prevent leakages in administrative chains. Beyond being an instrument for welfare, the open-source characteristics of DPGs could be used as a primary tool for empowerment of countries and their citizens. Open-source software, when distributed with its source code, enables the software’s flexible usage, modification, and distribution. This flexibility can be leveraged by nations to address issues regarding gender or financial inclusion, among others, pertinent to their distinct challenges and circumstances.

Gender inclusion through DPGs: Technology design must ensure inclusivity of stakeholders and gender parity. For example, the MOSIP continuously builds its architecture from a gendered perspective. To counter the narrative of technology being historically led by men, technologists should address questions about gender invisibility, biometric design considerations, and other such biases during the design phase. Further, they must continuously evaluate their designs through all the stages leading up to implementation, keeping the goal of gender equality in mind.

DPGs for changing the global technological ecosystem: Most fields in the global technological ecosystems, including information and communications technology (ICT), pharmaceuticals, health, and so on, are focused on the Global North. There is a need to increase participation from the Global South to bring equity to the global technological ecosystem. Thus, technologies must be designed appropriately for less-than-medium-income countries and marginalized communities within such countries. To customize the development of technologies for country-specific needs, open-source DPGs can be leveraged with the support of local ecosystems, as against relying on conventional support of international aid through bilateral and multilateral agreements.

Kickstarting funding for DPGs: Financial resources to kickstart DPGs are integral from a sustainability and adoption perspective. Securing funding is typically easier when technology is designed with a clear vision and road map and the trust of potential partners. For instance, the MOSIP, following its inception, was able to secure funding from philanthropic organizations upon demonstrating the interest and trust of potential international partners for developing their ID system. However, the sustainability of funding is also important: a few open-source programs have burnt out due to the lack of requisite funding.

Building trust value of DPGs: Co-creation of DPGs by partners based in different countries or of differing natures (government–private partnership) may challenge the trust value of such DPGs. To this end, an equal partnership of DPG co-creators must be fostered. For the foreign DPG co-creator, it is important to be immersed in the local ecosystem of the country where the DPG will be deployed. For the local DPG co-creator, it is important to open up to the foreign partner about the country’s cultural context and political nuances.

Need for interoperability of DPG deployment: Based on the MOSIP’s experience of working with various countries such as Morocco, the Philippines, and Togo, it was learnt that the deployment of a DPG is inhibited by challenges such as vendor lock-ins. When users of a DPG are obligated to rely on any commercial entity running the DPGs for longer periods with low-quality services, it may compromise user experience and goals of DPGs. Vendor lock-in can be avoided by relying on commercial partners with a proven track record instead of on the Request for Proposal (RFP) route for projects. For instance, MOSIP partners with numerous commercial players, including vendors and system integrators to support the infrastructure of the platform, allowing market forces to enable effective and efficient deployment.

Private sector participation for DPGs: The private sector, including nongovernmental organizations and private businesses, has two functions: (a) to deliver, maintain, and sustain the technology solutions required for running the DPGs with partner countries, and (b) to serve as storehouses of knowledge. The knowledge absorbed by private players helps DPG creators formulate more sustainable solutions. Additionally, governance of DPGs needs to be a democratic, representative, and inclusive process. The government’s role is not limited to providing financial backing for such DPGs, but to also maintain the security and safety of their users.

7. UNPACKING THE DIGITAL DATA PROTECTION BILL, 2022

A closed-door roundtable was organized to discuss data privacy issues as a part of the 2022 GTS, especially in the context of the draft Digital Personal Data Protection Bill, 2022 released by the Indian government for consultation. The discussion was attended by stakeholders from industry and government, legal experts, and privacy rights advocates from India, the United States, and other countries. While the discussion was centered on the draft bill, many of the points raised during the discussion also have a bearing on the global discourse on data privacy standards.

Discussants pointed out that this version of the bill is a significant departure from previous versions and is more principles-based and pragmatic. They pointed out that compared to earlier drafts, this version of the bill would be easier for industry to comply with. Many provisions, such as those related to data localization, nonpersonal data, and others within the previous versions of the bill, were cumbersome and would have created significant regulatory uncertainty. This highlights the need for data privacy legislation to focus specifically on data privacy issues and resist the tendency to frame omnibus legislation on data.

Other discussants highlighted that this version had significantly watered-down privacy protections compared to earlier drafts and was a departure from laws and regulations in other jurisdictions, for example, the General Data Protection Regulation (GDPR) in the EU. Many consumer rights present in the GDPR have been removed from the current version of India’s bill.

Some argued that the previous versions were too expansive in scope and would have been difficult to implement, given India’s nascent digital economy and the vast scope of data protection envisaged in the previous versions. Instead, it is better to proceed incrementally and first put in place a basic framework for data protection that can be complied with easily.

This is especially so because of the context of many developing countries that do not have any preexisting data protection regulation or judicial decisions which can help guide regulatory actions. This discussion with opposing viewpoints highlights the need for a nuanced debate on how much data privacy laws should aim for given the inherent difficulties in regulating data, the specific contexts and readiness of states to implement data protection regulation, and the impact of data protection regulation across the economy.

There was significant debate on the necessity for an independent data protection regulator. A few discussants objected to the absence of a data protection authority (DPA) from the draft bill, on the grounds that it would weaken data protection and also remove independent supervision of government practices that impinge on data privacy. They also argued that this approach to data protection would make India an outlier, since most advanced jurisdictions have created independent DPAs as a part of their data protection framework.

To this, others responded that the same institutional structures cannot guarantee similar outcomes in different countries. It was pointed out that data regulation is inherently difficult and becomes more difficult to implement in the absence of sufficient jurisprudence and expertise. In addition, the magnitude of increase in regulatory supervision under the proposed DPA would have meant higher regulatory costs for small businesses compared to larger ones.
The absence of the DPA and the proposal in the draft bill to create a data protection board with a limited mandate to monitor data breaches and resolve consumer grievances has to be seen in light of the draft’s overall philosophy, which is incremental and pragmatic.

At the same time, most discussants agreed that the current formulation of the data protection board is not adequate. The draft bill should create mechanisms to ensure the board’s independence from the government, even if its mandate is limited.

This discussion highlighted the fact that there is a conflict between an approach that focuses solely on privacy rights and an approach that accepts the difficulties of regulating data, and identifies solutions based on local needs and contexts. As bilateral and multilateral discussions around data privacy standards continue, this roundtable identified the necessity to define specific outcomes that countries are trying to achieve through their data privacy laws. It also highlighted the need to identify the best way to ensure privacy without compromising on other developmental imperatives faced by countries. Decisions about the kinds of institutions required should ideally be determined by the answers to these questions.

No comments:

Post a Comment