Gist of Rajya Sabha TV : Data Empowerment & Protection Architecture
Copy
Published: 21st Sep, 2020
Introduction
Recently, the NITI Aayog has released draft Data Empowerment and Protection Architecture (DEPA) which aims to promote greater user control on data sharing.
The Data Empowerment & Protection Architecture will empower individuals with control over how their personal data is used and shared while ensuring that privacy considerations are addressed.
Why RSTV? Being a credible source, RSTV provides a good understanding of Current Affairs through different perspectives, which is central to success in UPSC. Here, we are providing Gist of Rajya Sabha TV discussion on ‘Data Empowerment & Protection Architecture’.
Topic relevance from RSTV Debate on ‘Data Empowerment & Protection Architecture’ for UPSC: Direct questions can be asked on:
Global Approaches to Data Protection and Sharing
Application in different sectors
Significance of DEPA
Global Approaches to Data Protection and Sharing
EDITED EXCERPTS FROM THE DEBATE
What is DEPA?
The Data Empowerment and Protection Architecture (DEPA) empower every Indian with control over their data, and democratises access and enables the portability of trusted data between service providers.
This architecture will help Indians in accessing better financial services, healthcare services, and other socio-economically important services.
DEPA is more commonly known as the ‘Consent Layer of India Stack’.
The rollout of DEPA for financial data and telecom data is taking place through Account Aggregators that are licensed by RBI. It already covers all asset data, liabilities data, and telecom data.
Guiding Principle BehindData Empowerment and Protection Architecture (DEPA)
The government is pushing forward into digital leveraging frontier technologies and Digital India, so the added responsibility of dealing with data becomes a priority.
Without a proper framework to deal with data, it is not possible to leverage this digital movement as well as frontier technologies be it AI, etc. which are being actively used to address various barriers that we have found in our developmental processes in the past.
The government is very conscious that the data should not be misused at the same time we should be in a position to leverage this asset.
With India Stack in place, a lot of data is being generated is financial as well as other sectors like the PMJDY. But to use this data effectively for various public service activitiesand also empower owner the data – data protection is necessary.
At one end there is GDPR of EU which is extreme and restrictive.At other end, large corporation of US collect and misuse data without knowledge and consent of data owner.
In a country like ours with its own unique challenges, we leverage our database but leverage in a responsible manner, thus this architecture was proposed on how this data will be used in responsible manner.
Key Focus Areas
Ensure a seamless and a secure based sharing of data between one party to another.
Each individual is generating a huge amount of ledger and records for themselves. It is important to ensure that the citizens have control over the data as well as they use this data to empower themselves.
The idea behind DEPA is that there is secure data sharing framework based on a very strong and secure consent based framework.
DEPA make sure that if there is any sharing of data between various parties, it is done by a certain entity which may be known as a Consent Manager.
Thus, the DEPA strives to Empowerment of Citizens financially, economically and digitally.
Entity Consent Manager:
The idea of Entity Consent Manager comes from the Account Aggregators introduced by RBI in 2016 and based on the Right to Privacy judgement by the Supreme Court which created certain rights for the citizen like data flexibility, data minimisation, etc.
The whole idea of a Consent Manager is to ensure sharing of data in a secure and a seamless manner. This consent manager is not supposed to keep this data in their system and only transfer the data like a traffic signal.
The Consent Manager has to follow a consent framework wherein these managers will be the trustee of the consent of each individuals and which also provides the right to individual to withdraw consent at any time.
Data Architecture in Present India
In the present scenario data is the king and data is a commodity of the present time.
In the absence of Data Protection Bill, National Health Mission, DISHA, and the existence of just few guidelines in IT Act, critical and sensitive/personal data must be protected.
In the time when Non-personal data protection bill also under consideration and the kind of data we generate and big companies (like LinkedIn) use host of mechanisms to gather data this mechanism can benefit smaller entities too.
Looking at the privacy, consent and safeguard aspects, data sharing transactions should be noted, there should be audit trail in place.
This framework in much needed in the present scenario and this will boost the economy and this will develop a very noble consented data sharing architecture which is much needed.
Roadmap to Implementation
In UK, they have open banking where they force their banks to share data.
The DEPA tries to create a value proposition where people in their own will be incentivise to be part of the system and willing to share data when they see value in it.
This is unique feature sets apart the Indian system from GDPR which is highly restrictive system which does not allow us to leverage the data and functions as a dictate.
Value creation, transparency, taking the people along, giving them the right to make their choices is what is unique about this framework.
Evolving Framework
It will be tried first in the financial sector then Health and then telecom sector.
In terms of what it apparently has, the guiding principle is based on the aspect of Data Protection, Data Minimisation and Data Security.
It has to be driven very fast, it has to evolve in very short span of time and needs to be updated continuously.
With the kind of features this framework has specially the aspect of pre-informed, specific, clear and revocable consent has been beautifully covered in this framework.
Seeing how this pans out in the coming times and affect across different sectors, the guiding principles of DEPA are kept as evolving as possible.
Conclusion
This approach will lead us to a greater digital transparency and also removal of entry of smaller players, improved choice, improved efficiency and a level playing field for all. However, implementation is one that has to be looked into.