Indian Govt. to launch Data Empowerment and Protection Architecture

Ashish M. Shaji

08 Sep, 2020

The Indian Government will launch the data empowerment and protection architecture that will provide individuals with the power to choose how their personal data can be utilized and shared, ensuring privacy at the same time. The framework will allow individuals and businesses to get better access to affordable financial and health care products.

 Data Empowerment and Protection Architecture (DEPA): Summary

India’s DEPA is predicated on the notion that individuals should control how their personal data is used and shared. It is made with the belief that agency over data can empower Indians with an opportunity to empower their lives.

It is founded on the premise that individuals are the best judges of the right use of their personal data instead of competing institutional interests, and they should not struggle to access and share their data. 

DEPA will allow people to access their data and also share it with third party institutions. A new form of private consent manager institution will ensure that individuals will be able to provide consent according to the innovative digital standard for every granular piece of data shared securely. 

The draft stated that these consent managers should work to protect your data rights. This architecture replaces costly and cumbersome access to data and sharing practices that disempower individuals like bulk printout notarization and physical submission, screen scraping, sharing of username/password, and terms and conditions forms providing blanket consent.

Application of Data Empowerment and Protection Architecture (DEPA)

DEPA must be applied flexibly to different sectors and in each context led by institutions that tailor its implementation. The first application of DEPA is in the financial sector towards greater financial inclusion and economic growth. Small businesses in India, even in pre-Covid-19, lacked access to formal credit as per the draft.

 Consented data sharing can reduce the cost and risk premium of offering loans to small entrepreneurs by creating frictionless and secure data access used to establish creditworthiness with individual consent. With the use of DEPA, individuals and small businesses can use their digital footprints to access not only affordable loans but also insurance, savings, and better financial management products.

DEPA is being piloted in the health sector in the year 2020. On 15^th August, Indian PM Narendra Modi announced the National Digital Health Mission^[1], which also includes a health ID and a data-sharing framework for personal health records. It is based on the National Digital Health Blueprint published by the Ministry of Health, which in turn builds on the National Health Stack Strategy published by the Niti Aayog in July 2018.

Furthermore, DEPA is also being launched in the telecom sector after a TRAI consultation report on privacy released and a workshop held with major industry players announcing the partnership permitting telecos to become financial information providers and users in Account Aggregators. 

Building blocks of Data Empowerment and Protection Architecture (DEPA)

The report argues that three building blocks are needed to empower individuals with their data. These are as follows:

• Enabling regulations;
• Cutting edge technology standards; and
• New types of public and private organizations with incentives aligned to those of individuals.

Private Consent Managers in Data Empowerment and Protection Architecture

The DEPA framework envisions a new form of private consent manager institution that will enable individuals to provide access to give consent.

Within this new system, any new private platers shall be allowed to use public digital infrastructure to plug into a network of information providers and users without setting up expensive, duplicate, and exclusive bilateral data sharing rails. 

How will it help?

 It will help in the following ways:

• No more data silos

The framework provides that this architecture will replace costly and cumbersome access to data and sharing practices.

• Easier data portability

As data is stored in various formats across different databases, the report provides that porting is a concern. Moreover, harmonized regulations don’t exist within and across sectors. This architecture will create a seamless framework for data sharing and porting.

• Data sharing with the consent

DEPA provides that data sharing will happen with granular, revocable, auditable, and secure consent by default.

• Competition among Consent managers

In the framework, it is expected that consent managers will compete with each other with a view to reaching different customer segments with accessible and inclusive modes of obtaining informed consent.

• Financial inclusion

The framework claims that the undocumented financial background of individuals in poverty bars them from benefitting from the credit, insurance, and other financial products. By the consolidation of this data in a single repository, it will help the financially excluded create a digital and financial trail.

Building blocks of the technology foundation

DEPAs technology architecture is interoperable, secure, and privacy-preserving digital framework for data sharing through:

• Consent artifact

It is a technology standard for programmable consent to replace the typical terms and conditions form that users click.

• Open  APIs for data sharing

It will allow many new consent managers to plug into a common sharing system instead of having to build bilateral relationships with information providers to access data.

• Financial information Standards

It will allow data recipients to quickly interpret and understand information from a new institution.

As per the DEPA draft, these are the first building blocks of the technology foundation. Further elements are evolving, and it will be implemented within and across sectors as the market develops.

Conclusion