The policy provides for Indian Data Management Office (IDMO), set up by MEITY’s Digital India Corporation. IDMO plays a vital role in the framework provided and is responsible for various functions such as maintaining data security and confidentiality of information by formulating rules, principles, standards, disclosure standards for the proper implementing the policy, notifying protocols to facilitate the sharing of non-personal information. data assets, etc. The IDMO can impose a limit on multiple access requests to datasets and facilitate access to intergovernmental data.
IDMO, while taking privacy concerns into account, must consider the argument of informed consent of the subjects whose data will be processed and used. The integration of the concept of informed consent into the framework will be huge; without it, the box may seem meaningless, and consent by checking the box should not be construed as an understanding of the data sharing agreement.
The appointment and composition of the IDMO must not be quoted ambiguously in the Policy, as this may lead to arbitrariness. The composition of the IDMO must take into account the representation of experts, including experts in information technology, data protection officers, data analysts, legal professionals, etc.
Although the IDMO has been given the duty to review, it is suggested that an Institutional Review Board could be established to perform an unbiased assessment and audit of the risks and benefits to understand whether the vulnerabilities to which data owners will be exposed could be justified. on a legal basis. Additionally, since IDMO is responsible for enumerating ethics and fair use principles, it must consider the international CRAFT (choice, responsibility, accountability, fairness and transparency) framework that is one of the suggestive patterns to follow when working on a data governance model. Although the CRAFT framework is not binding, a framework based on ethical principles often creates a community of shared values.