Editorial 1: A chance for India to shape a data governance regime

Context:

• India’s G-20 presidency has provided an opportunity for the country to showcase its advancements in the digital arena, particularly with regards to data infrastructures and data governance. As the world becomes increasingly digital, the G-20 has recognised the need for international cooperation and collaboration in addressing the challenges, opportunities and risks posed by the rapid growth of data and digital technologies.

Recent developments

• In recent years, India has made great strides in its digital strategies and data governance. But as the country continues to evolve, it must also ensure that its digital strategies and data governance are inclusive, transparent, secure, and conducive to sustainable development.
• Significant progress has been made in the use of digital technologies to provide access to bank accounts and in the promotion of digital transactions through the Unified Payments Interface (UPI) and other options.

DEPA and related concerns

• The launch of India’s Data Empowerment and Protection Architecture (DEPA), a consent management tool, has generated both excitement and concern among stakeholders. On the one hand, DEPA has the potential to improve data protection and privacy for citizens by giving them greater control over the use and sharing of their personal information. By allowing individuals to easily manage and control their data consents, DEPA could help to build trust in digital technologies and data governance.
• However, if the consent management tool is not properly implemented or managed, there is a risk that personal information could be misused or misappropriated.
• Additionally, there are concerns that the implementation of DEPA may be inconsistent across different sectors and jurisdictions, which could undermine its effectiveness and create confusion among citizens.
• In order to realise the potential benefits of DEPA and minimise the risks, it is important that the tool is implemented in a transparent, consistent, and secure manner. This will require close collaboration between the government, the private sector, civil society, and other stakeholders and the development of clear and effective regulations and standards.
• While the advances in financial inclusion and the successful implementation of the UPI in India are commendable, it remains to be seen whether these advancements can be replicated successfully in other areas such as health and agriculture. The use of digital technologies can enhance access to health-care services, particularly in rural and remote areas, while in agriculture they can empower farmers and enhance their incomes.

The issue of data sovereignty

• Data sovereignty has become an increasingly important issue. The term “data sovereignty” refers to the principle that a country has the right to control the collection, storage, and use of data within its borders and also to the informational self-determination of citizens over their data.

• India’s establishment of an India Data Management Office (IDMO) is a step forward in the country’s journey towards data sharing and data governance. The IDMO is expected to oversee and coordinate the implementation of India’s digital strategies and data governance framework, and to ensure that these efforts are aligned with the country’s values and priorities. It will also work to promote the development and implementation of open-source solutions, which will help to ensure that underlying data architectures are a social public good, and to promote digital technologies to become accessible and affordable for all. Again, this is a great opportunity for India to develop solutions that can be adopted and adapted in other countries. Open source and open innovation models can be important alternatives to proprietary solutions that are governed by big tech companies.

Way forward

• In this context, many commentators have called for the opening of data “silos” to capture the potential wealth of data sharing between governmental offices, corporations and citizens. While opening up some data silos may be useful in promoting citizen participation and increasing access to information, others may jeopardise trust and security.

Find a middle way

• For example, the sharing of sensitive personal or financial information may be harmful to individuals and society as a whole, as it may lead to discrimination, exclusion, and unforeseen negative consequences. Therefore, it is important for India to navigate a middle way between restrictive data sovereignty and limitless data flow, and define which data, for which purposes, can be shared and used by whom.
• In doing so, India must respect and protect the fundamental right to privacy with a robust data protection law, and balance the interests of all stakeholders, including governments, businesses, and citizens for the goal of sustainable development.
• This requires the development of clear, transparent and accountable data governance policies and regulations as well as investment in the necessary digital infrastructure and skills to ensure that data is collected, stored, and used in a responsible, secure and accountable manner — so that a resilient data governance regime can be accomplished.
• While the advancements in financial inclusion and UPI hold promise for transfer of inter alia data to other parts of the India Stack (for instance in health and agriculture) there are also valid sceptical notes that must be taken into account. (India Stack is a unified software platform that provides digital public goods, application interfaces and facilitates digital inclusion.) The challenges of digital infrastructure, privacy protection, data security, and responsible data governance must be addressed before these advancements can be fully realised in other sectors.

Conclusion:

• It is essential that the India Stack is designed and implemented in a way that is consistent with India’s broader development strategies. This will help to ensure that the data governance is aligned with the country’s values and priorities, and that it supports, rather than undermines, the development of a secure, more egalitarian, and trustworthy digital future for all. In this, India has a unique opportunity to develop and implement a data governance regime that can become a model for other countries.

---

Editorial 2: The rise of the ESG regulations

Introduction:

• Over the last decade, regulators and corporations around the world have embraced the idea that businesses should be measured not just on traditional economic metrics such as shareholder return, but also by their environmental impact, commitment to social issues and the soundness of their corporate governance and protection of shareholder rights.

The trinity of E, S and G:

• While this development is partially due to the belief that companies have a distinct responsibility as corporate citizens, the main driver is the realisation that environmental, social and governance (“ESG”) considerations need to be included by investors in a company’s risk profile in order to accurately assess the enterprise. 

How ESG differs from CSR

• India has a robust corporate social responsibility (CSR) policy that mandates that corporations engage in initiatives that contribute to the welfare of society. This mandate was codified into law with the passage of the 2014 and 2021 amendments to the Companies Act of 2013.
• The amendments require companies with a net worth of ₹500 crore (approximately $60 million) or a minimum turnover of ₹1,000 crore (approximately $120 million) or a net profit of ₹5 crore (approximately $6,05,800) in any given financial year spend at least 2% of their net profit over the preceding three years on CSR activities.
• ESG regulations, on the other hand, differ in process and impact. The EU’s Sustainable Finance Disclosure Regulation, for example, requires banks, pension funds, asset managers and other financial market participants to disclose how they have integrated sustainability risks into their investment decision-making processes.

Relevance of ESG in India

• India has long had a number of laws and bodies regarding environmental, social and governance issues, including the Environment Protection Act (EPA) 1986, quasi-judicial organisations such as the National Green Tribunal (NGT), a range of labour codes and laws governing employee engagement and corporate governance practices. The penalty for violations can be substantial.
• While these laws and bodies provide important environmental and social safeguards, new initiatives in India go further, establishing guidelines that emphasise monitoring, quantification and disclosure, akin to ESG requirements found in other parts of the world.
• The Securities and Exchange Board of India (SEBI), responding to the increase in ESG investing and the demand by investors for information on ESG risks, substantially revised the annual Business Responsibility and Sustainability Report (BRSR) required by the 1,000 largest listed companies in India.
• SEBI describes the current report format as a “notable departure” from previous disclosure requirements, which are aligned with evolving global standards and place “considerable emphasis on quantifiable metrics” to allow companies to engage meaningfully with stakeholders and to enhance investor decision making. Disclosures range from greenhouse gas emissions to the company’s gender and social diversity.

Implications for Indian companies: way forward

• Compliance with ESG regulations — both originating in India and elsewhere around the world — thus, pose a significantly different challenge than India’s CSR regulations. In particular, compliance by Indian companies with the ESG regulations of the U.S., the U.K., the European Union and elsewhere will be critical if India is to take full advantage of the growing decoupling from China and play a more prominent role in global supply chains and the global marketplace overall.
• As Indian companies look to expand their ESG risk management, thorough due diligence will play a key role. However, this requires more than having sub-suppliers fill out a questionnaire. Due diligence that can stand up to scrutiny means going deeper.
• Depending on the situation, this can include looking at company records, interviewing former employees and making discreet visits to observe operations to ensure that the measures to comply with international ESG standards are in effect. his is particularly true when the supplier’s own supply chains have several layers.
• Ownership that is obscured through shell companies can present additional challenges. Further, ESG due diligence needs to be supported within the company with detailed procedures for assessing risks and controls for assuring that no corners are cut.

Conclusion:

• Companies that wish to maximise their opportunities in the global economy need to embrace these new requirements and adjust their organisations accordingly.