Draft Data Empowerment And Protection Architecture (DEPA)

  • 05 Sep 2020

  • The government of India’s policy think-tank NITI Aayog has released a draft for Data Empowerment and Protection Architecture (DEPA) draft for public consultation in order to seek opinion on the implementation of the framework, which is set to launch by 2020-end.

Aim

  • To empower individuals to control how their personal and financial data is used and shared.
  • To democratise access and enable portability of trusted financial and other data between service providers or other third-party institutions.

Provision of Consent Managers

  • The proposed framework has recommended setting up a ‘Consent Manager’ institution, which will ensure that individuals can provide their consent as per an innovative digital standard. These consent managers will also be responsible for protecting users’ data rights.
  • Consent Manager can plug in to a network of information providers and users without setting up expensive, duplicative, and exclusive bilateral data sharing rails. And it ensures that data sharing occurs by default with granular, revocable, auditable, and secure consent.
  • These consent managers can compete to reach different customer segments with accessible and inclusive modes of obtaining consent. They will also be free to experiment with different business models.

DEPA to Boost Entrepreneurship, Financial Inclusion

  • DEPA would allow these MSMEs to get a digital footprint, which in turn, would enable them to access capital and other benefits like insurance and better financial management products. Even individual, without any digital footprint so far, will be able to access these benefits.

Current Initiatives towards DEPA

  • The government is currently running a pilot of DEPA in the health sector. The development comes after Prime Minister Narendra Modi, on August 15, launched the tech-based National Digital Health Mission (NDHM) to revolutionise the Indian health sector. It will pitch a more centralised and data-driven health sector that will work on the Aadhar-like model to share all confidential medical data such as prescriptions, diagnostic reports, discharge summaries and more.
  • Next in line is the telecom sector, following TRAI consultation report on privacy released in July 2018 and a workshop held by TRAI Chairman RS Sharma in August 2020 with industry players.

Why we need DEPA?

  • Lending companies use a host of mechanisms to obtain data about users from different sources and in particular, online lending companies acquire a lot of digital data about users from other financial service providers before underwriting loans. Health insurance companies need to obtain hospitalization and diagnostic data about patients for them to be able to make insurance payments and this data is shared by hospitals and labs, often in digital form, with such companies.
  • In these applications, it is essential that users provide consent to the service provider sharing data (the data provider) before they share data with the provider requesting access (the data consumer). It is also essential that privacy of the data be safeguarded i.e. to ensure the data is accessible only by the data consumer, only for a stipulated amount of time and only for a stipulated purpose, as consented to by the user. It is also desirable that all data sharing transactions be traceable and auditable in the future. Finally, the data sharing process itself should be easy, efficient and user-friendly.