The government of India’s policy think-tank NITI Aayog has released a draft for Data Empowerment and Protection Architecture (DEPA) draft for public consultation in order to seek opinion on the implementation of the framework, which is set to launch by 2020-end.
The Data Empowerment and Protection Architecture (DEPA) will empower individuals to control how their personal and financial data is used and shared. It also democratises access and enables portability of trusted financial and other data between service providers or other third-party institutions. NITI Aayog will keep its channels open to suggestions till October 1, 2020.
The Data Empowerment & Protection Architecture will empower individuals with control over how their personal data is used & shared while ensuring that privacy considerations are addressed.
Seeking your comments on the draft document, before 1st Oct
— NITI Aayog (@NITIAayog) September 3, 2020
“India needs a paradigm shift in personal data management that transforms the current organisation-centric data sharing system to an individual-centric approach that promotes user control on data sharing for empowerment,” the discussion paper reveals.
The document has been drafted in consultation with major financial sector regulators — the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Provident Fund Regulatory and Development Agency (PFRDA) and Insurance Regulatory and Development Agency India (IRDAI), Ministry of Finance and others.
The list also includes representatives from non-profit organisations such as iSPIRT foundation, DICE India, Sahamati, CredAll, along with individual thought leaders on financial inclusion data and privacy — Infosys cofounder and former UIDAI chairperson Nandan Nilekani, the architect of personal data protection framework Justice Srikrishna, former SBI chairperson Arundathi Bhatacharya, and TMT chief and Trilegal partner Rahul Matthan.
DEPA To Boost Entrepreneurship, Financial Inclusion In MSME Sector
The financial exclusion of MSMEs and other small business have been a big challenge for the Indian economy. The government of India believes that a framework like DEPA would allow these MSMEs to get a digital footprint, which in turn, would enable them to access capital and other benefits like insurance and better financial management products. Even individual, without any digital footprint so far, will be able to access these benefits.
The document explained that consented data sharing can reduce the cost and risk in offering loans to small entrepreneurs by creating frictionless and secure access to data used to establish creditworthiness with individual consent. This will allow small businesses to avail loans on the future capacity to repay loans, instead of based on evidence of past turnover or credit history. The document noted that even pre-Covid-19 nearly 92% of small businesses lacked access to formal credit, and such a move will help bridge the INR 20-25 Tn gap faced by the sector.
DEPA will work in coordination with the other layers of India stack, which includes Aadhar, Aadhar based eKYC and Aadhaar based eSign for digital contracts; UPI for cashless payments; DigiLocker, etc. Open Credit Enablement Network will also be part of this ecosystem.
Besides this, the DEPA framework also offer more digital opportunities, a new class of institutions, data silos to address Indians’ emerging data access needs and more.
Govt Looks To Appoint Consent Managers To Empower Users
The proposed framework has recommended setting up a ‘Consent Manager’ institution, which will ensure that individuals can provide their consent as per an innovative digital standard. These consent managers will also be responsible for protecting users’ data rights. The document emphasises that such an architecture will replace costly and cumbersome data access and sharing practices that may, in turn, disempower individuals.
“DEPA combines public digital infrastructure and private market-led innovation: it creates a competitive ecosystem where any new Consent Manager can plug in to a network of information providers and users without setting up expensive, duplicative, and exclusive bilateral data sharing rails. And it ensures that data sharing occurs by default with granular, revocable, auditable, and secure consent,” the document further explained.
These consent managers can compete to reach different customer segments with accessible and inclusive modes of obtaining consent. They will also be free to experiment with different business models.
Health & Telecom To Follow Financial Sector
The document has also noted that DEPA will go live in the financial sector in 2020 under the joint leadership of the ministry of finance, RBI, PFRDA, IRDAI and SEBI. The consent managers in the financial sectors will be known as account aggregators and, so far, seven AAs have already received in-principle regulatory licenses. The government had also held an AA hackathon in July 2020 that attracted more than 1250 applicants.
Currently, DigitSahamati Foundation or Sahamati, which is a new non-profit collective of account aggregators, is mobilising support to existing financial institutions to adopt the technical standards. They are also open to establishing open data governance and legal working groups to innovate on the technology architecture to further protect data rights and drive empowerment.
After this, the government is currently running a pilot of DEPA in the health sector. The development comes after Prime Minister Narendra Modi, on August 15, launched the tech-based National Digital Health Mission (NDHM) to revolutionise the Indian health sector. It will pitch a more centralised and data-driven health sector that will work on the Aadhar-like model to share all confidential medical data such as prescriptions, diagnostic reports, discharge summaries and more.
Next in line is the telecom sector, following TRAI consultation report on privacy released in July 2018 and a workshop held by TRAI Chairman RS Sharma in August 2020 with industry players.