http://datameet.org​ . Comments on the Geospatial Information Regulation Bill (Draft,  V.1.0), 2016   by  DataMeet  To the Joint Secretary (Internal Security-I), Ministry of Home Affairs, We are grateful to the Ministry of Home Affairs for making public the draft Geospatial Information Regulation Bill 2016, and for providing sufficient time for comments to be submitted. This submission presents comments and recommendations by the DataMeet community on the proposed draft of the Geospatial Information Regulation Bill 2016 (“​ the draft Policy / the 1 draft GIRB​ ”). This submission is based on Version 1.0 of the draft Bill released by the Ministry of Home Affairs (“​ MHA​ ”) on May 4, 2016. DataMeet2 is a community of over 1500 data enthusiasts from around the country who meet and and work towards making data more open and accessible to all. We share information on how to access and use information, give technical support to people, and discuss policy issues regarding data and geospatial data. We have worked with the NIC team that implements Data.Gov.In on what data the community wants to use and have access to. Comments and Recommendations The Bill proposes definitive measures to ensure 1) standardised depiction of national boundary of India, and 2) complete removal of depiction of intelligence, military, and other security establishments from publicly available maps. Both of these are important concerns, and we greatly appreciate the government's move to create a streamlined and time-bound approach to ensuring security; however, several parts of the Bill have negative implications for the users and creators of maps in India. This draft covers all "geo-referenced information," and requires prior permission and security vetting for geo-information that is part of everyday communication such as: ❖ geo-tagged photos, ❖ geo-tagged social media posts, 1 2  See: http://mha.nic.in/sites/upload_files/mha/files/GeospatialBill_05052016_eve.pdf   See: ​ http://datameet.org/   DataMeet, ℅The Centre for Internet & Society No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru, 560071 http://datameet.org   http://datameet.org​ . ❖ ❖ ❖ ❖ geo-tagged recording of my daily movements (running, cycling, walking or driving), sharing of my location with my friends sharing of my location with food delivery and transport companies, and crowd-sourced mapping of my neighborhood and so on. While an effective geospatial information law is required, such a policy would take into account the Right to Information Act, National Data Sharing and Accessibility Policy (NDSAP) 2012, and include protection of privacy concerns. This draft is too broad to allow for realistic use of geospatial information by everyday users. We would like to propose recommendations to make sure that the intent of the bill is achieved while allowing geospatial data to be continued to be used for economic growth, research, and to ensure that digital innovation can continue uninhibited. 1. National Security in terms of Geospatial data needs to be defined. a. It is our understanding that that the majority of everyday use of geospatial information is not of substantial concern. In view of the same, it is necessary that such usage be facilitated, and the concerns regarding national security be specifically defined. Currently the draft bill is too broad and does not define what geospatial data affects national security the most and needs to be given the greatest scrutiny. b. The need to protect defense installations and the representation of the international border is one of the main national security concerns. However, how the MHA defines the geospatial data most at risk needs to be clarified in the Act. Otherwise the bill will be too broad for enforcement. c. The fear of using Indian maps against India is very genuine but unfortunately it is not something this approach can resolve. As the Maps would still be available outside of India and the miscreants would still be getting the maps from other sources outside of India. ​ The broad scope of the draft bill would essentially curb all development on indigenous mapping, while doing little to restrict their access internationally. This ban or rationing of maps within India for Indians, affects the common man in his day to day life. Some of the simple aspects of using a map based app to go from one point to another in a new place or to use maps to deliver goods or plan trips would be taken away from the hands of Indian citizens. This in effect, means that the latest and greatest geospatial technological advances around the world would reach Indians much much later and thereby making Indians/India a less favorable destination for the companies involved in creating such technology, and companies that use such tech to deliver innovative services. This will have an adverse impact on employment opportunities in the long run. 2. Post-use approval and vetting is the only way to assure that geospatial data continues to be used by commercial entities and for greater good uses. DataMeet, ℅The Centre for Internet & Society No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru, 560071 http://datameet.org   http://datameet.org​ . a. It is not prudent to have every use of geospatial data go through a pre-approval process. Most geospatial data is used for economic, research or recreational purposes, the requirement that all these uses be pre-approved will act as a hurdle to achieving the goals of the Startup India and Digital India initiatives. b. Chapter II - REGULATION OF GEOSPATIAL INFORMATION OF INDIA - (2) Every person who has already acquired any geospatial imagery or data of any part of India either through space or aerial platforms such as satellite, aircrafts, airships, balloons, unmanned aerial vehicles or terrestrial vehicles or any other manner including value addition prior to coming of this Act into effect, shall within one year from the commencement of this Act, make an application along with requisite fees to the Security Vetting Authority for retaining such geospatial information and grant of licence thereof. i. This requirement is impractical, the amount of work from across India that requires some geospatial data is gargantuan, every mobile user potentially would have to submit an application. This seems to be an unnecessary step for most use cases. If the scope of national security is defined then more prudent and targeted approval can be done which would allow the MHA to realistically look at how people are using geospatial data that could violate national security measures. c. Chapter II - REGULATION OF GEOSPATIAL INFORMATION OF INDIA (3) The Security Vetting Authority shall, within three months from the date of receipt of an application made under sub-section (2), either grant a licence with such conditions as may be specified thereon or reject the application as the case may be after examining the application in terms of the guidelines i. A three month process is too long in a digital economy to vet applications and give licenses for the scope of this current draft. ii. In fact much of geospatial data usage today needs to be real-time. For e.g. traffic data, weather data, humanitarian disasters data. Hence having even a one day long vetting process for such data would defeat its purpose. iii. Instead of having a vetting authority to make sure the correctness of the boundaries of India, it would be more feasible for the Survey of India to or any other premier government organization release the exact boundaries of India in an open geospatial format(s) for general usage.Subsequently, any users/organizations/companies which do not comply, government can be asked for clarification for non compliance and take action on the erring parties? 3. Acquiring and Depiction a. There needs to be more clarification about acquiring and depiction of geospatial data. b. Chapter II - REGULATION OF GEOSPATIAL INFORMATION OF INDIA 4. Dissemination, Publication or Distribution of the Geospatial Information of India. Save as otherwise DataMeet, ℅The Centre for Internet & Society No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru, 560071 http://datameet.org   http://datameet.org​ . provided in this Act, rules or regulations made thereunder, and with the general or special permission of the Security Vetting Authority, no person shall disseminate or allow visualization of any geospatial information of India either through internet platforms or online services, or publish or distribute any geospatial information of India in any electronic or physical form. i. What types of collection and at what scale needs to be monitored more? What representation of geospatial data does the bill hope to curb, if it is just the representation of the border and defense infrastructure then other geospatial information does not need to be under an approval process. 4. Threat of prosecution inhibits innovation a. Chapter II - REGULATION OF GEOSPATIAL INFORMATION OF INDIA 5. Use of Geospatial Information of India outside India: Save as otherwise provided in any international convention, treaty or agreement of which India is signatory or as provided in this Act, rules or regulations made thereunder, or with the general or special permission of the Security Vetting Authority, no person shall, in any manner, make use of, disseminate, publish or distribute any geospatial information of India, outside India, without prior permission from the Security Vetting Authority. i. The current information technology infrastructure means that people outside India do in fact have full access to Indian geospatial information from international sources. Also people outside India are actively helping to create economic opportunity in India using geospatial information. This is also true for efforts to assist local bodies for natural disaster. During the Chennai floods, many volunteers outside India were using geospatial data to help map areas so people can get more accurate information. ii. The threat of prosecution can inhibit such efforts and also discourage the growth of startups and companies who use geospatial data to sell services and products. It is thus our recommendation to clearly specify the types of geospatial data that are of concern for national security and the integrity of the country and limit the scope of the bill only to these, for example geospatial data of defence installations and national borders. Allow the government through this Act to retain the right to have removed any published geospatial data that threatens national security and integrity, as defined. Mere possession of such data, without publication, should not be criminalized, since enforcing this in effect violates an individual’s right to privacy. The penalties for not observing the provisions in this law should only apply to individuals or organisations after repeated requests to give up such data or remove it from the public domain, since most people who violate this law are likely to be common citizens who do so unknowingly. DataMeet, ℅The Centre for Internet & Society No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru, 560071 http://datameet.org   http://datameet.org​ . Revision of the bill to include such balanced provisions, we believe will ensure national security and integrity without derailing much needed initiatives such as Digital India and Startup India and allow technological innovation to continue smoothly. On behalf of DataMeet, Thejesh GN and Nisha Thompson Bangalore, India, Jun 2, 2016 DataMeet, ℅The Centre for Internet & Society No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru, 560071 http://datameet.org