Draft Data Empowerment and Protection Architecture: NITI Aayog

#GS2 #Governance #GS3 #CyberSecurity

Recently, the NITI Aayog has released draft Data Empowerment and Protection Architecture (DEPA) which aims to promote greater user control on data sharing.

 

Features: 

  • DEPA will be empowering individuals with control over their personal data, by operationalizing a regulatory, institutional, and technology design for secure data sharing.
  • DEPA is designed as an evolvable and agile framework for good data governance.
  • DEPA empowers people to seamlessly and securely access their data and share it with third-party institutions.
  • The consent given under DEPA will be free, informed, specific, clear, and revocable.
  • Consent Managers: DEPA’s Institutional Architecture will involve the creation of new market players known as User Consent Managers. These will ensure that individuals can provide consent as per an innovative digital standard for every data shared. These Consent Managers will also work to protect data rights.
  • Reserve Bank of India (RBI) issued a Master Directive creating Consent Managers in the financial sector to be known as Account Aggregators (AAs). A non-profit collective or alliance of these players is created called the DigiSahamati Foundation.

 

Open APIs: 

  • Open Application Programming Interfaces (APIs) enable the seamless and encrypted flow of data between data providers and data users through a consent manager.
  • Implementation: RBI, SEBI, IRDAI, PFRDA, and the Ministry of Finance will implement this model. This regulatory foundation is also expected to evolve with time (eg. with the forthcoming Data Protection Authority envisaged under Personal Data Protection Bill, 2019).

 

DEPA Institutional Architecture 
USER 
FINANCIAL INFORMATION 
PROVIDERS 
Banks 
Mutual Fund House 
Insurance Provider 
Tax/GST Platform 
o 
Consent to Share 
Data 
O 
Request for 
Data 
Data Access 
Request 
O 
Request for 
Data 
FINANCIAL INFORMATION 
USERS 
CONSENT 
MANAGER 
O 
E2e Encrypted Data Flow 
(Based on user consent) 
Flow based credit 
Personal Finance 
Management 
Wealth Management 
Robo Advisors

 

Background: 

  • Regulatory direction on data privacy, protection, consent, and the new financial institutions required for DEPA’s application in the financial sector was provided through
  • Supreme Court Judgement on the Fundamental Right to Privacy in 2017.
  • Personal Data Protection Bill (PDP), 2019.
  • Justice Srikrishna Committee Report, 2018.
  • RBI Master Direction on NBFC-Account Aggregators, 2016 (for the financial sector).
  • Recently, a government committee headed by Infosys co-founder Kris Gopalakrishnan has suggested that non-personal data generated in India be allowed to be harnessed by various domestic companies and entities.
Print Friendly and PDF
blog comments powered by Disqus