Draft Data Empowerment and Protection Architecture: NITI Aayog
#GS2 #Governance #GS3 #CyberSecurity
Recently, the NITI Aayog has released draft Data Empowerment and Protection Architecture (DEPA) which aims to promote greater user control on data sharing.
- DEPA will be empowering individuals with control over their personal data, by operationalizing a regulatory, institutional, and technology design for secure data sharing.
- DEPA is designed as an evolvable and agile framework for good data governance.
- DEPA empowers people to seamlessly and securely access their data and share it with third-party institutions.
- The consent given under DEPA will be free, informed, specific, clear, and revocable.
- Consent Managers: DEPA’s Institutional Architecture will involve the creation of new market players known as User Consent Managers. These will ensure that individuals can provide consent as per an innovative digital standard for every data shared. These Consent Managers will also work to protect data rights.
- Reserve Bank of India (RBI) issued a Master Directive creating Consent Managers in the financial sector to be known as Account Aggregators (AAs). A non-profit collective or alliance of these players is created called the DigiSahamati Foundation.
- Open Application Programming Interfaces (APIs) enable the seamless and encrypted flow of data between data providers and data users through a consent manager.
- Implementation: RBI, SEBI, IRDAI, PFRDA, and the Ministry of Finance will implement this model. This regulatory foundation is also expected to evolve with time (eg. with the forthcoming Data Protection Authority envisaged under Personal Data Protection Bill, 2019).
- Regulatory direction on data privacy, protection, consent, and the new financial institutions required for DEPA’s application in the financial sector was provided through
- Supreme Court Judgement on the Fundamental Right to Privacy in 2017.
- Personal Data Protection Bill (PDP), 2019.
- Justice Srikrishna Committee Report, 2018.
- RBI Master Direction on NBFC-Account Aggregators, 2016 (for the financial sector).
- Recently, a government committee headed by Infosys co-founder Kris Gopalakrishnan has suggested that non-personal data generated in India be allowed to be harnessed by various domestic companies and entities.