Data Empowerment and Protection Architecture Explained – Video

More commonly known as the ‘Consent Layer of the India Stack’, Data Empowerment and Protection Architecture (DEPA) is a new approach, a paradigm shift in personal data management and processing that transforms the currently prevalent organization-centric system to a human-centric system. By giving people the power to decide how their data can be used, DEPA enables the collection and use of personal data in ways that empower people to access better financial, healthcare, and other socio-economically important services in a safe, secure, and privacy-preserving manner.

It gives every Indian control over their data, democratizes access and enables the portability of trusted data between service providers. This architecture will help Indians in accessing better financial services, healthcare services, and other socio-economically important services.The rollout of DEPA for financial data and telecom data is already taking place through Account Aggregators that are licensed by RBI. It covers all asset data, liabilities data, and telecom data.

We, at iSPIRT, organised a learning session on the 18th of May, to give relevant and interested stakeholders a detailed primer on DEPA. We had 60-odd very animated and engaging people in the audience. The purpose of the session was to understand the technological, institutional, market and regulatory architecture of DEPA, it impacts on existing data consuming businesses and how people could contribute to this new data sharing infrastructure that’s being built in India.

The session was anchored by Siddarth Shetty, Data Empowerment And Protection Architecture Lead & Fellow, iSPIRT Foundation (Email – sid@ispirt.in). Please feel free to reach out to him for any queries regarding DEPA.

For other queries, please write to [email protected].

Decoding the Aadhaar (Amendment) Bill – PMLA Amendment

The amendment made by way of the Aadhaar and Other Laws (Amendment) Bill, 2018 to the Prevention of Money Laundering Act,2002 gives true effect to the intention of the Hon’ble Supreme Court as set out in their judgment of September 2018.

It is clear from the judgment that the objective was to empower the individual and allow for the resident to be able to uniquely identify herself to avail of every service of her choice while ensuring that there are adequate protections for such use under the force of law.

Aadhaar Act Amendment

This is clearly set out in the now amended Section 4(3) of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the “Aadhaar Act”) as follows:

Section 4(3) – Every Aadhaar number holder to establish his identity, may voluntarily use his Aadhaar number in physical or electronic form by way of authentication or offline verification, or in such other form as may be notified, in such manner as may be specified by regulations.

Explanation-For the purposes of this Section, voluntary use of the Aadhaar number by way of authentication means the use of such Aadhaar number only with the informed consent of the Aadhaar number holder.

And further in Section 4(4)-

An entity may be allowed to perform authentication if the Authority is satisfied that the requesting entity is-

  1. Compliant with such standards of privacy and security as may be specified by regulations; and
  2. (i) permitted to offer authentication services under the provisions of any other law made by Parliament; or

(ii) seeking authentication for such purpose, as the Central Government in consultation with the Authority and in the interest of the State may prescribe.

With the above amended provisions, it is clarified that (a) the objective is to ensure that the Aadhaar number holder is empowered to establish her identity voluntarily with informed consent (b) Entities that may be permitted to offer authentication services will do so pursuant to a law made by Parliament or by way of Central Government direction in consultation with the UIDAI and in the interest of the State.

PMLA Amendment

The amendment to the Prevention of Money Laundering Act,2002 (the “PMLA”) seeks to give clear direction to the above-enunciated ideas.

The newly inserted Section 11A of the PMLA provides for the manner in which a Reporting Entity may verify the identity of its clients and beneficial owner (conduct KYC). This is by way of offline verification of Aadhaar or where the Reporting Entity is a banking company- online verification of Aadhaar.

However, it is further clarified (in tandem with the aforesaid amendments to the Aadhaar Act) that upon satisfaction of standards of privacy and security, the Central Government may, in consultation with the UIDAI and appropriate regulator provide for online authentication for Reporting Entities other than banking companies.

And it is further explicitly clarified that in the scenarios as contemplated in this provision, nobody will be denied services for not having an Aadhaar number, i.e: ensuring that the presence of Aadhaar number is not mandatory but purely enables and eases the availing of services.

As next steps on this front, distinct Reporting Entities, including NBFCs, Mutual Fund Houses and other financial institutions need to approach the Central Government with requests for access to online Aadhaar authentication services.

Organisations such as DICE would be useful in mobilising groups of different financial institutions in approaching the relevant regulators and Central Government authorities for Aadhaar authentication access.

Saranya Gopinath is the co-founder of DICE (Digital India Collective for Empowerment)- an industry body representation across emerging technology sectors.

She can be reached on [email protected]

India Financial Services – Disrupt or Be Disrupted

Matrix India recently hosted two firebrands of the financial services world, Mr Sanjay Agarwal, founder AU Small Finance Bank and Mr Sharad Sharma, founder iSPIRT Foundation, Volunteer at India Stack, for a no holds barred discussion at the Matrix Rooftop in Bangalore. Here is an excerpt from the evening and some of our learnings for fin-tech entrepreneurs.

Part 1 of the two-part series features the untold story of AU Bank, in the words of Sanjay Agarwal himself, as below:

Sanjay Agarwal – on his background and early days before starting AU:

“In my early Chartered Accountancy days, I started out by doing audit work, taxation, and managing clients. I had studied hard and was naïve and enthusiastic at that time hoping, to solve the world’s problems. This pushed me to work harder and I had a desire to do something more.

I believe that we are the choices we make. While evaluating various choices, I eliminated all the options that I didn’t want to pursue e.g. to work for a fee or commission and then I started digging deeper on what really interests me – that was when the concept of AU Financiers was formed.

In 1996, as 26 years old, I began approaching HNIs to raise capital, as back then, there were no VCs. I was fortunate to raise INR 10 cr at a 12% hurdle rate and I had to secure the funding with a personal guarantee. But what is the guarantee of the guarantor? No one questioned this at that time. So, I technically became one of the first P2P lenders, and structured a product that didn’t exist– short term, secured and at a 30% rate of interest. That was the start of the AU journey.”

The Early Days of AU:

“I started off AU as a one-man army. I was everything from the treasurer to the collector. Slowly we built our team and rotated the 10 cr of capital to disburse 100 cr of loans – not a single rupee was lost. There were several challenges at that time for e.g., there was no CIBIL score, financial discipline was lacking, people were still learning how to take a loan and repay it and customer ids didn’t even have a photograph. But somehow, we managed.

The period from 1996 to 2002 taught me everything I needed to learn – how to lend, how to collect, how to manage people, read people’s body language, and most importantly how to manage yourself in different situations. I follow all of that until today, and my team also benefits or suffers from those learnings of mine even today. In those 7 years, we would have dealt with 2000 customers out of which 500 defaulted. That was the ratio of defaulters – 25%. But we managed and there were actually no NPL’s.”

Partnering with HDFC Bank

“In 2002, retail credit was beginning to take off, but our HNIs started pulling their money out, as they wanted a higher return. However, at that time, the most premium bank in the country, HDFC Bank, appointed us as their channel partner. The model we followed was very simple – AU was responsible for sourcing the customer, KYC processing and doing on the ground diligence while loans were booked on HDFC’s balance sheet. HDFC is perceived to be a conservative bank, and it is – however, they gave me Rs 400 cr, on a net worth of only Rs 5 cr! They made an exception in our case due to our strong track record, through execution, sound knowledge of the market, and most importantly our integrity.

By 2008, our net worth had increased to Rs 10 crore through internal accruals. At that time, HDFC told us that we can’t give you any more capital, as we were overleveraged, and that we now needed to bring in equity capital if we wanted to grow.”

Growing the balance sheet and partnering right

“I had two choices at that point, I could continue in Jaipur, keep my ambition under control and live comfortably or figure out what else is possible. I chose the latter and this marked the beginning of my partnership with Motilal Oswal. Its easier to raise equity now, back in the day shareholder agreements used to look like loan agreements with min IRR requirements, etc. As luck would have it, a few months after we raised equity, the Lehman Brothers crisis broke out and most banks stopped funding. We were supported once again by HDFC – they were our saviour and I will cherish my relationship with them always. Once the market settled down, having survived this negative environment, there was no looking back.

Our next major investor was IFC. For the entrepreneurs here, I want to say that you have to be selective about your investors, who will help with not just capital – there should be added value they bring to the table apart from money. IFC was giving me 20% lower valuation, but I knew that I didn’t have any lineage to fall back on. As a first-generation entrepreneur, I had to raise money on the strength of my balance sheet and not basis my family name. I knew that partnering with IFC would shift the perception of AU within the industry, especially for PSU banks. After their investment, we grew from one bank relationship with HDFC to 40 bank partnerships. One thing led to another and Warburg Pincus, ChrysCapital, and Kedaara Capital all came on board after that.”

Consistent performance

“From 2008 onwards, we started diversifying from vehicle lending and got into other forms of secured lending like a loan against property, home loans etc. We never tried unsecured lending and never ventured into microfinance or gold finance. Those were very popular products at that time but focusing on what we were good at resulted in a consistently strong performance. We never had a bad year. In the world of finance, the margin of error is very less. If you have a bad year you can almost never come back. Good companies survive regardless of the market condition, you can never blame the market for your company’s poor performance. In 2015-16, we were a successful NBFC, our RoA was close to 3% with an asset base of close to 8,000 crores, with a RoE of 27-28% and everyone was chasing us – the question at that time before us was, what next?”

How we became a bank

“As an NBFC, it is very hard to manage a book of Rs 50,000 cr with the same efficiency and effectiveness as it’s a people dependent business, there are limits to the kind of products you can do and you can’t keep raising capital. Hence, we became a bank because we wanted to be there for the next 100 years and that perpetual platform can only be created through a bank. That is the biggest platform and it is not available at a price. It’s available through your integrity, business plan and execution. Today, we receive Rs 100 cr of money every single day. This is the same person who was struggling to raise Rs 10 cr in 1996, and is now getting money at the speed of Rs 100 cr every day – it feels amazing but there is a lot of responsibility!”

Part 2 of the two-part series features insights from Sharad Sharma:

Recognizing the Athletic Gavaskar moment in Indian Financial Services

“Indian financial services industry is going through its equivalent of the Athletic Gavaskar project of Indian cricket. The motive behind this project was to instil the importance of being athletic to successfully compete in the modern game. A new team was created with the rule that if you are not athletic, you cannot be a part of the team, regardless of other skills that you bring to the table. Virat Kohli eventually became the captain of this team and the results are for everyone to see. Similar yet contrasting stories played out in hockey and wrestling. In hockey, we lost for 20 years because we refused to adapt to the introduction of astroturf. However, in wrestling, the Akhadas in Haryana embraced the move from mud to mat with rigour, and Indian wrestling is already punching above its weight class and hopefully will do even better over time. The idea of sharing this is that similar to sports, sometimes an industry goes through a radical shift. Take the telecom space, for example, if Graham Bell came alive in 1995, he would recognize the telephone system, 20 years later he wouldn’t recognize it at all. The banking industry is going to go through a hockey/wrestling or communications type disruption and a lot of us are working hard to make it happen.”

Infrastructure changes lead to New Playgrounds

“All the banks and NBFCs put together are not serving the real India today. We have 10 million+ businesses that have GST id’s, out of which 8 million+ are big enough to pay GST on a monthly basis, but only 1.2 million have access to NBFC or bank finance. This is a gap that needs to be addressed and it cannot be solved through incremental innovations.

Entrepreneurs and incumbents should learn from what happened in the TV industry when new infrastructure became available. When India went from state-run TV towers in 34 cities to cable and satellite TV in pretty much every town, there was a massive new market that was unlocked that did not want to watch the same Ramayan or Hum Log TV serials. What transpired was an explosion of entertainment products because of the high demand stemming from the new markets and the TV channel players that reinvented their content is thriving today while others that did not, are barely surviving or have shut down.

So where does this leave the bankers? I think it is the biggest opportunity for the right banker who understands this problem, wants to serve this section of the market and is willing to reinvent the way they do their business and take advantage of the new infrastructure that will be available.”

Dual-immersed entrepreneurs have the biggest advantage

“Entrepreneurs who are immersed in the messiness of both the new infrastructure and the old problem are “dual immersed entrepreneurs”. They are the ones that succeed when a market shift is underway. Today this is not happening. Some of our city-bred entrepreneurs are more comfortable with California rather than Bharat. And some of our sales-oriented entrepreneurs are intimidated by the messiness of the new technology infrastructure.”

New Playgrounds need new Gameplay

“In a world where eKYC exists, and we can transfer money through UPI from a phone, and sign documents digitally – we are ready to deliver financial products on the phone and this is the disruption that is required. Access to credit drives the economy and with this new infrastructure, it is now possible to lend to the real India. However, it’s easy to give money, but the ability to get it back and keeping defaults at a minimum is the real trick. Even there we are moving towards seeing a radical improvement. Debt providers now have powers they never had and defaulters are being brought to book. Customers are now incentivized to build their own credit history to get better and lower interest rates over time. A new Public Credit Registry is coming to enable this at scale. But the biggest innovation is related to the dramatic shortening of the tenor. One can structure a one-year loan into 12 monthly loans or 52 weekly loans. This rewards positive customer behaviour and brings about the behaviour change that is needed.

There is no secret sauce here, it requires gumption – like that shown by Reed Hastings, founder of Netflix. He disrupted the TV and home video industry by first having the wisdom to go from ground to cloud and then again when they started developing original content. In both cases, he had little support from the board or investors. If you can reinvent yourself before it becomes necessary, you’re a winner but this is harder to do for a successful company. The legacy of success provides resisters with the clout to block change. The real beneficiary of Aadhaar based eKYC in the telecom world was not the incumbents but Jio – eKYC allowed Jio to acquire customers at an unprecedented scale and they saved INR 5000 crores on KYC costs as well.”

About iSPIRT

iSPIRT is a non-profit think tank that builds public goods for Indian product startup to thrive and grow. iSPIRT aims to do for Indian startups what DARPA or Stanford did in Silicon Valley. iSPIRT builds four types of public goods – technology building blocks (aka India stack), startup-friendly policies, market access programs like M&A Connect and Playbooks that codify scarce tacit knowledge for product entrepreneurs of India.

About AU Small Finance Bank:

AU Small Finance Bank Limited (AU Bank) started in 1996 as a vehicle financing NBFC, AU Financiers and scaled to touch over a million underbanked and unbanked customers across 11 states of North, West and Central India, prior to becoming a bank in April 2017. During this time, AU attracted equity investments from marquee investors such as IFC, Warburg Pincus, Chrys Capital, Kedaara Capital and recently went public when its IPO was oversubscribed ~54 times. Over the years, AU Bank, led by its founder Sanjay Agarwal, has created significant shareholder value with its equity value growing from ~$120 million in 2012 to current market capitalization of ~$3 billion.

Please Note: The blog was first published and authored by Matrix India Team and you can read the original post here: matrixpartners.in/blog

iSPIRT Final Comments on India’s Personal Data Protection Bill

Below represents iSPIRT’s comments and recommendations on the draft Personal Data Protection Bill.  iSPIRT’s overall data privacy and data empowerment philosophy is covered here.  

Table of Contents

Major Comments
1. Include Consent Dashboards
2. Financial Understanding and Informed Consent for all Indians
3. Data Fiduciary Trust Scores Similar to App Store Ratings
4. Comments & Complaints on Data Fiduciaries are Public, Aggregatable Data
5. Warn of Potential Credit and Reputation Hazards
6. A Right to View and Edit Inferred Personal Data
7. Sharing and Processing of Health Data

Suggestions and Questions

  • Fund Data Rights Education
  • Limit Impact Assessment Requirement
  • Passwords should be treated differently than other Sensitive Personal Data.
  • Does the Bill intend to ban automatic person-tagging in photos and image search of people?
  • Notifications about updates to personal data should be handled by a Consent Dashboard, not every data fiduciary.
  • Need for an Authority appeal process when data principal rights conflict
  • Do not outlaw private fraud detection
  • Limit record keeping use and disclosure to the Authority and the company itself.
  • Fillings may be performed digitally
  • Request for Definition Clarifications
  • Author Comments
  • Links
  • Appendix – Sample User Interface Screens

Major Comments

1. Include Consent Dashboards

We support the idea of a Consent Dashboard as suggested in the Data Protection Committee Report (page 38) and recommend it to be incorporated in the Bill in Section 26 – Right to Data Portability and Section 30 (2) Transparency.  

We envision all of a user’s personal and inferred data that is known by data fiduciaries (i.e. companies) being exposed on a consent dashboard, provided by a third party consent collector or account aggregator (to use the RBI’s parlance). Below is an example user interface:

This mandate would enable users to have one place – their consent collector-provided dashboard – to discover, view and edit all data about them. It would also allow users to see any pending, approved and denied data requests.

Furthermore, in the event of data breaches, especially when a user’s password and identifier (mobile, email, etc) have been compromised, the breach and recommended action steps could be made clear on the consent dashboard.

Given the scope of this suggestion, we recommend an iterative or domain specific approach, wherein financial data is first listed in a dashboard limited to financial data and for its scope to grow with time.

2. Financial Understanding and Informed Consent for all Indians

We applaud the Bill’s Right to Confirmation and Access (Chapter IV, Section 24):

The data fiduciary shall provide the information as required under this section to the data principal in a clear and concise manner that is easily comprehensible to a reasonable person.

That said, we’ve found in practice that it’s difficult to appreciate the implications of digital policies on users until real user interfaces are presented to end users and then tested for their usability and understanding. Hence, we’ve put together a set of sample interfaces (see Appendix) that incorporate many of the proposed bill’s provisions and our recommendations. That said, much more work is needed before we can confidently assert that most Indians understand these interfaces and what they are truly consenting to share.

The concepts behind this bill are complicated and yet important. Most people do not understand concepts such as “revocable data access rights” and other rather jargon-filled phrases often present in the discussion of data privacy rights. Hence, we believe the best practices from interface design must be employed to help all Indians – even those who are illiterate and may only speak one of our many non-dominant languages – understand how to control their data.

For example, multi-language interfaces with audio assistance and help videos could be created to aid understanding and create informed consent.  Toll-free voice hotlines could be available for users to ask questions. Importantly, we recognize that the interfaces of informed consent and privacy control need rigorous study and will need to evolve in the years ahead.

In particular, we recommend user interface research in the following areas:

  • Interfaces for low-education and traditionally marginalized communities
  • Voice-only and augmented interfaces
  • Smart and “candy-bar” phone interfaces
  • Both self-serving and assisted interfaces (such that a user can consensually and legally delegate consent, as tax-payers do to accountants).

After user interface research has been completed and one can confidently assert that certain interface patterns can be understood by most Indian adults, we can imagine that templated designs representing best practices are recommended for the industry, much like the design guidelines for credit card products published by US Consumer Financial Protection Bureau or nutritional labelling.

3. Data Fiduciary Trust Scores Similar to App Store Ratings

We support the government’s effort to improve the trust environment and believe users should have appropriate, easy and fast ways to give informed consent & ensure bad actors can’t do well. Conversely, we believe that the best actors should benefit from a seamless UI and rise to the top.

The courts and data auditors can’t be the only way to highlight good, mediocre and bad players. From experience, we know that there will be a continuum of good to bad experiences provided by data fiduciaries, with only the worst and often most egregious actions being illegal.

People should be able to see the experiences of other users – both good and bad – to make more meaningful and informed choices. For example, a lender that also cross-sells other products to loan recipients and shares their mobile numbers may not be engaging in an illegal activity but users may find it simply annoying.

Hence, we recommend that data fiduciary trust scores are informed with user-created negatives reviews (aka complaints) and positive reviews.

In addition to Data Auditors (as the Bill envisions), user created, public ratings will create additional data points and business incentives for data fiduciaries to remain in full compliance with this law, without a company’s data protection assessment being the sole domain of its paid data auditors.

We would note that crowd sourced rating systems are an ever-evolving tech problem in their own right (and subject to gaming, spam, etc) and hence, trust rating and score maintenance may be best provided by multiple market actors and tech platforms.

4. Comments & Complaints on Data Fiduciaries are Public, Aggregatable Data

…so 3rd party actors and civil society can act on behalf of users.

A privacy framework will not change the power dynamics of our society overnight. Desperate people in need of money will often sign over almost anything, especially abstract rights. Additionally, individual citizens will rarely to be able to see larger patterns in the behaviour of lenders or other data fiduciaries and are ill-equipped to fight for small rewards on behalf of their community.  Hence, we believe that user ratings and complaint data about data fiduciaries must be made available in machine-readable forms to not only to the State but to third-parties, civic society and researchers so that they may identify patterns of good and bad behaviour, acting as additional data rights watchdogs on behalf all of us.

5. Warn of Potential Credit and Reputation Hazards

We are concerned about the rise of digital and mobile loans in other countries in recent years. Kenya – a country with high mobile payment penetration and hence like India one that has become data rich before becoming economically rich – has seen more than 10% of the adult population on credit blacklists in 2017; three percent of all digital loans were reportedly used for gambling. These new loan products were largely made possible by digital money systems and the ability of lenders to create automated risk profiles based on personal data; they clearly have the potential to cause societal harm and must be considered carefully.

Potential remedies to widespread and multiple loans are being proposed (e.g. real-time credit reporting services), but the fact that a user’s reputation and credit score will be affected by an action (such as taking out a loan), most also be known and understood by users. E.g. Users need to know that an offered loan will be reported to other banks and if they don’t pay they will be reported and unable to get other loans.

Furthermore, shared usage-based patterns – such as whether a customer pays their bills on time or buys certain types of products – must be available for review by end users.

6. A Right to View and Edit Inferred Personal Data

The Machine Learning and AI community have made incredible strides in computers’ ability to predict or infer almost anything. For example, in 2017, a babajob.com researcher showed the company could predict whether a job seeker earned more or less than Rs 12000 / month with more than 80% accuracy, using just their photo.  She did this using 3000 job seeker photos, 10 lines of code and Google’s TensorFlow for Poets sample code.  Note the project was never deployed or made publicly available.

As these techniques become ever more commonplace in the years to come, it’s reasonable to assume that public facing camera and sensor systems will be able to accurately infer most of the personal data of their subjects – e.g. their gender, emotional state, health, caste, religion, income – and then connect this data to other personally identifiable data such as a photo of their credit card and purchase history. Doing so will improve training data so that systems become even more accurate. In time, these systems – especially ones with large databases of labelled photos – like the governments’, popular social networks’ or a mall’s point of sale + video surveillance system – truly will be able to precisely identify individuals and their most marketable traits from any video feed.

Europe’s GDPR has enshrined the right for people to view data inferred about them, but in conjunction with the idea of a third party consent dashboard or Account Aggregator (in the RBI’s case), we believe we can do better.

In particular, any entity that collects or infers data about an individual that’s associated with an identifier such as an email address, mobile, credit card, or Aadhaar number should make that data viewable and editable to end users via their consent dashboard.  For example, if a payment gateway provider analyses your purchase history and infers you are diabetic and sells this information as a categorization parameter to medical advertisers, that payment gateway must notify you that it believes you are diabetic and enable you to view and remove this data. Google, for example, lists these inferences as Interests and allows users to edit them:

Using the Consent Dashboard mentioned in Major Comment 1, we believe users should have one place where they can discover, view and correct all personal and inferred data relevant to them.

Finally, more clarity is needed regarding how data gathered or inferred from secondary sources should be regulated and what consent may be required. For example, many mobile apps ask for a user’s consent to read their SMS Inbox and then read their bank confirmation SMSs to create a credit score. From our view, the inferred credit score should be viewable by the end user before it’s shared, given its personal data that deeply affects the user’s ability to gain usage of a service (in this case, often a loan at a given interest rate).

7. Sharing and Processing of Health Data

The Bill requires capturing the purpose for data sharing:

Chapter II, point 5:

“Purpose limitation.— (1) Personal data shall be processed only for purposes that are clear, specific and lawful. (2) Personal data shall be processed only for purposes specified or for any other incidental purpose that the data principal would reasonably expect the personal data to be used for, having regard to the specified purposes, and the context and circumstances in which the personal data was collected.”

In the healthcare domain, collecting the purpose for which the data is being shared might itself be quite revealing. For example, if data is being shared for a potential cancer biopsy or HIV testing, the purpose might be enough to make inferences and private determinations about the patient and say deny insurance coverage. On the other hand, stating high-level, blanket purposes might not be enough for future audits. A regulation must be in place to ensure the confidentiality of the stated purpose.  

The Bill has a provision for processing sensitive personal data for prompt action:

Chapter IV, point 21:

“Processing of certain categories of sensitive personal data for prompt action. — Passwords, financial data, health data, official identifiers, genetic data, and biometric data may be processed where such processing is strictly necessary— (a) to respond to any medical emergency involving a threat to the life or a severe threat to the health of the data principal; (b) to undertake any measure to provide medical treatment or health services to any individual during an epidemic, outbreak of disease or any other threat to public health; or (c) to undertake any measure to ensure safety of, or provide assistance or services to, any individual during any disaster or any breakdown of public order.”

While this is indeed a necessity, we believe that a middle ground could be achieved by providing an option for users to appoint consent nominees, in a similar manner to granting power of attorney. In cases of emergency, consent nominees such as family members could grant consent on behalf of the user. Processing without consent could happen only in cases where a consent nominee is unavailable or has not been appointed. This creates an additional layer of protection against misuse of health data of the user.

Suggestions and Questions

Fund Data Rights Education

We believe a larger, public education program may be necessary to educate the public on their data rights.

Limit Impact Assessment Requirement

Section 33 – Data Protection Impact Assessment —

  • Where the data fiduciary intends to undertake any processing involving new technologies or large scale profiling or use of sensitive personal data such as genetic data or biometric data, or any other processing which carries a risk of significant harm to data principals, such processing shall not be commenced unless the data fiduciary has undertaken a data protection impact assessment in accordance with the provisions of this section. …
  • On receipt of the assessment, if the Authority has reason to believe that the processing is likely to cause harm to the data principals, the Authority may direct the data fiduciary to cease such processing or direct that such processing shall be subject to such conditions as may be issued by the Authority.

We believe that the public must be protected from egregious data profiling but this provision does not strike an appropriate balance with respect to innovation. It mandates that companies and other researchers must ask government permission to innovate around large scale data processing before any work, public deployments or evidence of harm takes place. We believe this provision will be a large hinderance to experimentation and cause significant AI research to simply leave India. A more appropriate balance might be to ask data fiduciaries to privately create such an impact assessment but only submit to the Authority for approval once small scale testing has been completed (with potential harms better understood) and large scale deployments are imminent.

Passwords should be treated differently than other sensitive personal data.

Chapter IV – Section 18. Sensitive Personal Data. Passwords are different than other types of Sensitive Personal Data, given that they are a data security artifact, rather than a piece of data that is pertinent to a person’s being. We believe that data protection should be over-ridden in extraordinary circumstances without forcing companies to provide a backdoor to reveal passwords. We fully acknowledge that it is useful and sometimes necessary to provide backdoors to personal data – e.g. one’s medical history in the event of a medical emergency – but to require such a backdoor for passwords would likely introduce large potential security breaches throughout the entire personal data ecosystem.  

Does the Bill intend to ban automatic person-tagging in photos and image search of people?

Chapter I.3.8 – Biometric Data – The Bill defines Biometric Data to be:

“facial images, fingerprints, iris scans, or any other similar personal data resulting from measurements or technical processing operations carried out on physical, physiological, or behavioural characteristics of a data principal, which allow or confirm the unique identification of that natural person;”

The Bill includes Biometric Data in its definition of Sensitive Personal Data (section 3.35) which may only be processed with explicit consent:

Section 18. Processing of sensitive personal data based on explicit consent. — (1) Sensitive personal data may be processed on the basis of explicit consent

From our reading, we can see a variety of features available today around image search and person tagging being disallowed based on these provisions. E.g. Google’s image search contains many facial images which have been processed to enable identification of natural persons. Facebook’s “friend auto-suggestion” feature on photos employs similar techniques. Does the Bill intend for these features and others like them to be banned in India? It can certainly be argued that non-public people have a right to explicitly consent before they are publicly identified in a photo but we feel the Bill’s authors should clarify this position. Furthermore, does the purpose of unique identification processing matter with respect to its legality?  For example, we can imagine mobile phone-based, machine learning algorithms automatically identifying a user’s friends to make a photo easier to share with those friends; would such an algorithm require explicit consent from those friends before it may suggest them to the user?

Notifications about updates to personal data should be handled by a Consent Dashboard, not every data fiduciary.

Chapter IV – Section 25.4 – Right to correction, etc

Where the data fiduciary corrects, completes, or updates personal data in accordance with sub-section (1), the data fiduciary shall also take reasonable steps to notify all relevant entities or individuals to whom such personal data may have been disclosed regarding the relevant correction, completion or updating, particularly where such action would have an impact on the rights and interests of the data principal or on decisions made regarding them.

We believe the mandate on a data fiduciary to notify all relevant entities of a personal data change is too great a burden and is better performed by a consent dashboard, who maintains which other entities have a valid, up-to-date consent request to a user’s data. Hence, upon a data change, the data fiduciary would update the consent dashboard of the change and then the consent dashboard would then notify all other relevant entities.

It may be useful to keep the user in this loop – so that this sharing is done with their knowledge and approval.

Need for an Authority appeal process when data principal rights conflict

Section 28.5 – General conditions for the exercise of rights in this Chapter. —  

The data fiduciary is not obliged to comply with any request made under this Chapter where such compliance would harm the rights of any other data principal under this Act.

This portion of the law enables a data fiduciary to deny a user’s data change request if it believes doing so would harm another data principal. We believe it should not be up to the sole discretion of the data fiduciary to determine which data principal rights are more important and hence would like to see an appeal process to the Data Protection Authority made available if a request is refused for this reason.

Do not outlaw private fraud detection

Section 43.1 Prevention, detection, investigation and prosecution of contraventions of law

(1) Processing of personal data in the interests of prevention, detection, investigation and prosecution of any offence or any other contravention of law shall not be permitted unless it is authorised by a law made by Parliament and State Legislature and is necessary for, and proportionate to, such interests being achieved.

We worry the above clause would effectively outlaw fraud detection research, development and services by private companies in India. For instance, if a payment processor wishes to implement a fraud detection mechanism, they should be able to do so, without leaving that task to the State.  These innovations have a long track record of protecting users and businesses and reducing transaction costs. We recommend a clarification of this section and/or its restrictions to be applied to the State.

Limit record keeping use and disclosure to the Authority and the company itself.

Section 34.1.a. Record – Keeping –

The data fiduciary shall maintain accurate and up-to-date records of the following

(a) important operations in the data life-cycle including collection, transfers, and erasure of personal data to demonstrate compliance as required under section 11;

We expect sensitive meta-data and identifiers will need to be maintained for the purposes of Record Keeping; we suggest that this Record Keeping information be allowed but its sharing limited only to this use and shared only with the company, its Record Keeping contractors (if any) and the Authority.

Fillings may be performed digitally

Section 27.4 – Right to be Forgotten

The right under sub-section (1) shall be exercised by filing an application in such form and manner as may be prescribed.

The Bill contains many references to filing an application;  we’d suggest a definition that is broad and includes digital filings.

This also applies to sections which include “in writing” – which must include digital communications which can be stored (for instance, email).

Request for Definition Clarifications

What is “publicly available personal data”?

  • Section 17.2.g – We believe greater clarity is needed around the term “publicly available personal data.“ There questionably obtained databases for sale that list the mobile numbers and addresses of millions of Indians – would there thus be included as a publicly available personal data?
  • We’d recommend that DPA defines rules around what is publicly available personal data so that it is taken out of the ambit of the bill.  
  • The same can be said for data where there is no reasonable expectation of privacy (with the exception that systematic data collection on one subject cannot be considered to be such a situation)

Clarity of “Privacy by Design”

Section 29 – Privacy by Design

Privacy by Design is an established set of principles (see here and in GDPR) and we would like to see the Bill reference those patterns explicitly or use a different name if it wishes to employ another definition.

Define “prevent continuing disclosure”

Section 27.1 – Right to be Forgotten

The data principal shall have the right to restrict or prevent continuing disclosure of personal data by a data fiduciary…

We request further clarification on the meaning of  “prevent continuing disclosure” and an example use case of harm.

Define “standard contractual clauses” for Cross-Border Transfers

Section 41.3.5 – Conditions for Cross-Border Transfer of Personal Data

(5) The Authority may only approve standard contractual clauses or intra-group schemes under clause (a) of sub-section (1) where such clauses or schemes effectively protect the rights of data principals under this Act, including in relation with further transfers from the transferees of personal data under this subsection to any other person or entity.

We would like to standard contractual clauses clearly defined.

Define “trade secret”

Section 26.2 C – Right to be Forgotten

compliance with the request in sub-section (1) would reveal a trade secret of any data fiduciary or would not be technically feasible.

We request further clarification on the meaning of  “trade secret” and an example of the same.

Author Comments

Compiled by iSPIRT Volunteers:

  • Sean Blagsvedt – sean _@_ blagsvedt.com
  • Siddharth Shetty – siddharth _@_ siddharthshetty.com
  • Anukriti Chaudharianukriti.chaudhari _@_ gmail.com
  • Sanjay Jain – snjyjn _@_ gmail.com

Links

Comments and feedback are appreciated. Please mail us at [email protected].

Appendix – Sample User Interface Screens

Link: https://docs.google.com/presentation/d/1Eyszb3Xyy5deaaKf-jjnu0ahbNDxl7HOicImNVjSpFY/edit?usp=sharing

******

AI/ML is not Sexy

One would think that the new sexy in the startup capital of the world is self-driving cars, AI/ML… I got news for you! AI/ML (esp. Machine Learning) is not listed in Gartner’s hype cycle for 2018.

Source: https://commons.wikimedia.org/wiki/File:Hype-Cycle-General.png

This was corroborated on my recent trip to the valley and the US east coast, where I met several investors, founders, corp dev and other partners of the startup community. It was evident that the AI/ML hype which peaked in 2016 & 2017 is no longer considered a buzzword. It is assumed to be table stakes. What you do with AI/ML is something everyone is willing to listen to. Using AI/ML to solve a high-value B2B SaaS problem is Sexy! (Gartner trends for 2018).

As the hype with AI/ML settles down, B2B startups across the globe are discovering the realities of working the AI/ML shifts for SaaS. Many AI tools & frameworks in the tech stack are still evolving and early pioneers are discovering constraints in the stack and creatively building workarounds as they build their products.

Many entrepreneurs are watching from the sidelines the unfolding of the AI/ML hype, wondering on many valid questions like these (and more):

Q: Do I have to stop what we are building and jump onto the AI bandwagon? No.
Q: Are the AI/ML resources mature & stable to build better value products? No, they are still evolving.
Q: Do I need expensive investments in constrained resources? No, not until you have a high-value problem to solve.

B2B SaaS startups go through 2 key struggles. How to find market-fit and survive? And how to stay relevant and grow. And if you don’t evolve or reinvent as the market factors change, there are high chances for an upstart to come by and disrupt you. The iSPIRT entrepreneur playbooks look to help entrepreneurs get clarity on such queries and more. Our goal is to help our startups navigate such market shifts, stay relevant and grow. Our mini roundtables Playing with AI/ML are focused on WhyAI for SaaS discussions in multiple cities. If you or a startup you know may benefit do register

The MiniRT Agenda

Seeding & creating an active discussion on Why AI/ML? What is the higher order value being created? How to identify the value & opportunities to leverage AI? How to get started with an AI playground (if not already running)? How to think of data needs for AI/ML investments, How to address the impact on Product & Business… Insights from these sessions are meant to help refine our approach & readiness to leverage AI/ML for building higher order value products. And in doing so building a vibrant community focused around navigating this shift.

Upcoming PlaybookRTs on AI/ML

6-Oct (Chennai) 10 am – 1 pm – MiniRoundTable on WhyAI for B2B SaaS – Shrikanth Jagannathan, PipeCandy Inc
18-Oct (Bangalore) 6 pm – 8 pm MiniRoundTable with Dr Viral Shah on AI/ML Tools & discuss your ML/DeepLearning challenges
27-Oct (Delhi/Gurgaon) 2 pm – 6 pmMiniRoundTable on WhyAI for B2B SaaS, Adarsh Natarajan, CEO & Founder – Aindra Systems
TBD (Bangalore)MiniRoundTable on WhyAI for B2B SaaS, (based on registered interest)
TBD (Mumbai)MiniRoundTable on WhyAI for B2B SaaS, (based on registered interest)

The AI+SaaS game has just begun and it is the right time for our hungry entrepreneurs to Aspire for the Gold, on a reasonable level playing field.

Click to Register for the AI/ML Playbooks Track.

Please note: All iSPIRT playbooks are pro-bono, closed room, founder-level, invite-only sessions. The only thing we require is a strong commitment to attend all sessions completely and to come prepared, to be open to learning & unlearning, and to share your context within a trusted environment. All key learnings are public goods & the sessions are governed by the Chatham House Rule.

Image source: https://commons.wikimedia.org/wiki/File:Hype-Cycle-General.png

Interesting Reads

https://factordaily.com/indian-saas-ai-hurdle/

Are you ready to Jump with AI/ML? [Updated Session Dates]

[Update 6-Apr] New April Session Dates – Symposium RT is being scheduled on Saturdays for Bangalore & Chennai (21st & 28th April). 

Playbooks for Electrifying SaaS and more.

This is what we call the fourth industrial revolution…And companies are really transforming and bringing all these new technologies to connect with their customers in new ways.
Dreamforce 2017 Keynotes, Marc Benioff.

There is no doubt that Artificial Intelligence (AI), is one of the recent “tectonic” market shifts, creating a change in landscape, market, and opportunity. AI and  Machine Learning (ML), now in its eternal spring, has a deep impact on SaaS evolution. While the incumbent companies like Salesforce, Zendesk, Workday, have all invested heavily in AI, also global challengers across many verticals from Sales, BPM, CRM… to Security are focused on building higher order efficiencies and automation through AI/ML.

Over the last few years, our Indian SaaS entrepreneurs trumped the global SaaS growth by leveraging mobile first as there was no baggage of desktop, reduced sales & onboarding cost by perfecting the art of Inside Sales & Inbound Marketing, and efficient after sales support & service by leveraging remote success representatives. Our SaaS Mavens helped disseminate these leverages by sharing the best practices & modeling internal flywheels & experimentations. Many SaaS entrepreneurs successfully assimilated and got a significant boost in their growth journey. These levers are now basic table stakes for most SaaS startups.

AI has no breakthrough success stories, but it is helping create a level playing field – especially for our Indian entrepreneurs – to compete with global players and incumbents alikeStartups willing to make the jump, adapt AI into their products & business models to create meaningful differentiation, will experience a strong wind in their sails to leapfrog over the players who don’t.

Our entrepreneurs have a rare opportunity to be early adopters & global trailblazers. 

To take advantage of this our entrepreneurs ask very valid questions.

Q. Why & How should we entrepreneurs navigate this AI market shift? 
Q. How should we, given that we are untrained in AI, grapple with the 360° impact of AI on product, business, and technology?
Q. What AI leverage can we develop without requiring expensive investments for constrained resources? 

How do we enable our companies to create new AI playgrounds to analyze, surface, validate and develop higher order customer values & efficiencies?

AI Playbooks

Since adapting to the AI “tectonic” shift requires a new paradigm of thinking, we have launched a multi-step playbooks track focused on Playing with AI/ML for Indian entrepreneurs. In line with iSPIRT’s mission, our playbooks purpose is to help market players navigate market shifts. The goal is to bring the practitioner knowledge from AI Mavens AI-first entrepreneurs who are further ahead in their AI journey – to the AI-hungry startups and help them perfect the model of working with AI, get traction towards a meaningful AI-enhanced value, and become trailblazers for the community. If you are an AI-hungry startup who has either taken the plunge with AI/ML but early in your journey, or are actively looking to leverage AI/ML for your current products, then following the stepped approach below may help:

Step 1 – Attend an AI/ML Symposium RT – Getting prepared with Why AI and How AI. In our first kickoff session on 10-Mar, we had great discussions on AI data maturity, what can drive your AI approach, and more with our AI Mavens and ten startups (read more).

Step 2 – A cohort of startups from step 1 will be taken through multiple AI/ML Playbook RT for How AI – deep dives on topics to help with structuring an internal AI playground, competency with data product management, product positioning & branding, business model shifts, and more.
These playbook RTs will help the startups carve out a lean playground for rapid experimentation and analysis, with a 3-4 person team of a data PM, & engineers. The team, actively lead by the founder, runs regular sprints (business/product/engineering sprints) of experimentation and validation, and have review touchpoints at intervals with AI-Mavens and the cohort as a running group.
There is also an optional Tech Training Lab to build internal ML competency with a multi-day workshop with Julia experts.

Four startups have been initially selected for the cohort for the step 2 AI playbook RTs (Acebot, FusionCharts, InstaSafe & LegalDesk).

SaaSx5 – June 2018

We are working to set up the 5th version of our marquee SaaSx to engage with the larger SaaS startup community. We will definitely focus on the impact of AI/ML on SaaS and have workshops based on our momentum of the playbooks track on various topics above. Date & details to be announced shortly.

The AI+SaaS game has just begun and it is the right time for our hungry entrepreneurs to Aspire for the Gold, on a reasonable level playing field.

Click to Nominate or Register a startup for the AI/ML Playbooks Track.

Dates & Venue

AI/ML Symposium RT #1 – 10th Mar (Sat) 2p – 5p Done (read more)
AI/ML Symposium RT #2 – 21st Apr (Sat) 11a – 2p @ Bangalore TBD
AI/ML Symposium RT #3– 28th Apr (Sat) 10a – 1p @ Chennai TBD

May the force be with you!

* All iSPIRT playbooks are pro-bono, closed room, founder-level, invite-only sessions. The only thing we require is a strong commitment to attend all sessions completely, to come prepared, to be open to learning & unlearning, and to share your context within a trusted environment. All key learnings are public goods & the sessions are governed by the Chatham House Rule.

Featured image modified from source: https://www.flickr.com/photos/jedimentat/7557276684

First AI/ML Playbook Roundtable – Playing With the New Electricity

This is a Guest post by Krupesh Bhat (LegalDesk) and Ujjwal Trivedi (Artoo).

AI is seen as the new electricity that will power the future. How do we make the best of the opportunity that advancements in AI technology brings about? With this thought in mind iSPIRT conducted a symposium roundtable at the Accel Partners premises in Bengaluru on March 10th. Accel’s Sattva room was a comfortable space for 20+ participants from 11 startups. There were deep discussions and a lot of learning happened through subject matter experts as well as peers discussion. Here’s a quick collection of some pearls, that some of us could pick, from the ocean of the deep discussions that happened there.

Products that do not use AI will die soon. Products that use AI without natural intelligence (read common sense) will die sooner.

– Manish Singhal, Pi Ventures

Starting with that pretext, it isn’t hard to gather that AI is not just a promising technology, it is going to be an integral part of our lives in near future. So, what does it mean for existing products? Should everyone start focusing on how they can use AI? Are you an AI-first company? If not, do you need to be one? After all, it does not make sense to build the tech just because it appears to be the next cool thing to do. If you are building AI, can you tell your value proposition without mentioning the word AI or ML? have you figured out your data strategy? Is the need driven by the market or the product?

Before we seek answers we must clarify that there are two types of products/startups in the AI world:

First, an AI-first startup – a startup which cannot exist without AI. Their solution and business model is completely dependent on use of Artificial intelligence (or Machine Learning at least). Some examples of such startups in local ecosystem are Artifacia and Locus.sh.

Second, AI-enabled startup – startups with existing products or new products which can leverage AI to enhance their offering by a significant amount (5x/10x anyone?). Manish has a very nifty way of showing the AI maturity of such companies.

The session was facilitated by several AI experts including Manish Singhal of pi Ventures, Nishith Rastogi of Locus.sh, Shrikanth Jagannathan of PipeCandy, Deepak Vincchi of Julia Computing.

Maturity Levels of AI Startups

After a brief introduction by Chintan to set the direction and general agenda for the afternoon, Manish took over and talked about the various stages of AI based companies. Based on his interactions with many startups in the space, he said there are roughly four growth stages where different companies fall into:

Level 1No Data, No AI: An entity that solves a business problem and is yet to collect sufficient data to build a sustainable AI business. The AI idea will die down if the company fails to move to state 2 quickly. Business may be capturing data but not storing it.
Level 2Dark data, No AI: The company holds data but is yet to build solid AI/ML capabilities to become an AI company. There is a huge upside for such companies but the data strategy needs to be developed and AI capabilities are not mature enough to be considered as an AI/ML company.
Level 3Higher automation driven by data and AI: These are the companies that have built AI to make sense out of data and provide valuable insights into the data using AI/ML, possibly with some kind of human assistance.
Level 4Fully autonomous AI companies: These are the companies at the matured stage where they possess AI products that can run autonomously with no human intervention.

Manish also noted that most companies they meet as a VC are in level 1 and 2, while the ideal level would be 3 and 4. He noted that AI comprises of three important components: Data, Algorithm & the Rest of the System that includes UI, API & other software to support the entire system. While it is important to work on all three components, oftentimes, the data part doesn’t get enough importance.

Do You Really Need Artificial Intelligence?

A whole bunch of solutions are smart because they are able to provide additional value based on past data. These are not AI solutions. They are merely rule based insights. Nishith from Locus added that there is nothing really wrong with rule based systems and in a lot of cases AI is actually an overkill. However, there are two cases where it seems apt for startups to look at AI for their predicament:

  1. Data is incomplete: An example of this is Locus who gets limited mapping for gps coordinates and addresses.
  2. Data is changing constantly: A typical case was of ShieldSquare where bots are continuously evolving and improving and the system deployed to identify them also needs to learn new patterns and evolve with them.

It is important to have clarity on your AI model especially when you communicate with your internal teams. Figure out what is the core component of your product – AI, ML, Deep Learning or Computer Vision.

What’s Driving Your AI Approach?

There are two major driving forces that can help one in deciding whether to AI or not to AI.

  1. PUSH: The internal force when decision can largely be taken if your business is sitting on a lot of useful data, may be as a side effect of your key proposition.
  2. PULL: The external market driven force where clients expect or ask for it e.g chatbots. We are already observing that AI can be a great pricing mechanism.

However, take great caution when using Customer data or Derived data, it depends on legal agreement with clients and can get you into legal troubles if it violates any terms.

Is Your Data Acquisition Strategy in Place?

Anyone interested in AI should have a data acquisition strategy in place. Here are a few points that can help you get one in place:

    • What data do you collect, How do you validate it, Clean it and store it for further analysis?
    • Surveys and chatbots can provide a steady stream of data if built correctly
    • Think of data as a separate entity (has its own lifecycle), it may help to think of it as a currency and plan how you would earn, store and utilise it
    • Capturing location, user interaction data can be insightful. This may include the interactions user has committed and the ones they have not committed (deleted/skipped/hidden)
    • It makes sense to invest time, resources and people to gather data properly
    • Have a unified warehouse (can start with economical options like Google Analytics and AWS)

It is also important to give some thoughts on how you are using aggregate data across the platform. In case, if your AI model uses a combination of customer specific data and the sanitised aggregate data available in the platform (“Derived Work”), then you should make sure that you have the permission to use such data. Without such clarity, you may run into legal issues.

Deepak Vincchi explained how Julia Computing is emerging as the programming language of choice for data scientists. The platform can process 1.3 million threads in parallel and is used by large organizations to crunch data problems.

In all this was an extremely engaging 3 hours without break. Guiding the session with real examples by Nishith, Shrikanth and also shared learnings from Navneet and others really helped bring to life Why AI and How AI. This symposium is part of an AI playbooks track was aimed at kickstarting cohorts of startups ready to jump with AI and help them get traction with AI, more will emerge on this shortly.

10 startups attended this mini-roundtable session – Acebot, Artifacia, Artoo, FusionCharts, InstaSafe, Klove, LegalDesk, Rocketium, Rubique, ShieldSquare.

Thanks to volunteers Rinka Singh and Adam Walker for their notes from the session and Ankit Singh (Mypoolin/Wibmo) for helping coordinate the blog post & note

* All iSPIRT playbooks are pro-bono, closed room, founder-level, invite-only sessions. The only thing we require is a strong commitment to attend all sessions completely, to come prepared, to be open to learning & unlearning, and to share your context within a trusted environment. All key learnings are public goods & the sessions are governed by the Chatham House Rule.

Featured photo by Matan Segev from Pexels https://www.pexels.com/photo/action-android-device-electronics-595804/

Playing with the new Electricity – AI/ML Playbook Sessions [March Update]

[Update 29-Mar] New April Session Dates – Symposium RT is being scheduled for Bangalore & Chennai (21st & 28th April). 

“Tectonic” market shifts happen every few years creating a change in landscape, market and opportunity. The most recent “tectonic” shift is the emergence of the Artificial Intelligence era. In just the same way electrification in the early 1900s transformed major industries globally, AI, Machine Learning & Deep Learning are poised to transform a multitude of industries, services & products.

It took 100 years from the discovery of electrical generator to electrification of industries. AI is doing this in a span of 70 years (from the time of the Turing Test).

AI/ML has gone through many winters and is now in its eternal spring. It portents a new framework for startups to navigate and evolve from an internet era startup into an AI era startup.


Every new era shift begins with a lot of smoke and hype before it is well understood. iSPIRT ProductNation & Julia are launching a set of AI/ML playbook roundtable & workshop sessions to dispel the hype around AI, and help bring a pragmatic mindset & process change necessary for product startups to leverage AI/ML. We believe AI is not just a technology shift. It is a combination of product, business, and technology shift. Adapting to it requires a new paradigm of thinking to build a viable value strategy. This needs to be done mindfully and in context of the value you offer to the customer, do not rush in with the AI hype.

These multi-step playbooks are for all categories of startups regardless whether they are AI-First or SaaS, and MarTech, FinTech, HealthTech or any other <Domain>Tech category, startups who are looking to deliver a higher order value to their customers by leveraging and applying AI models with their data.

Since AI/ML is still in its early years there aren’t any proven success playbooks. Hence these deep sessions will bring together AI experts, AI Mavens (entrepreneurs who are more ahead in their AI journey), iSPIRT Mavens, and selected startups, to discuss & share their insights, challenges & learnings on the mindset shifts outlined above and best practices adopted. The 2-step playbook roundtable sessions focused on founders (+1 typically CXO) and a hands-on lab workshop are a sequence of:

    • AI/ML Symposium RT (step 1) – An invite-only 3 hour mini-symposium playbook with AI/ML experts, first mover AI leaders & Mavens from our startup community and 10-15 invited startups, focusing on Why AI/ML? What was the higher order value being created? How to identify the opportunities to leverage AI? What do you need to get started with AI (if not already running)? Data needs for AI/ML investments… The shared awareness created in this session, combined with the commitment by startups to articulate their AI/ML opportunity, and detail their approach will lead to the next AI/ML roundtable.
    • AI/ML Playbook RT (step 2) – Startups at similar AI readiness from the Symposium will be invited for a 5-hour deep-dive roundtable discussion on the AI/ML challenges in the context of the startup domain, effectively going through their AI/ML readiness & approach (a review & teardown). Topics would emerge from the Symposium RT and could cover data collection & modeling strategy, AI transformation algorithms, Business model innovation, Success metrics… This session is restricted to 5-6 startups (having similar AI needs) per roundtable and an AI Maven to facilitate the topics & discussion. Possible outcomes for each startup would be to develop an action plan/checklist for next few months of execution. Additionally, startups can identify a tiger tech team to go to the AI/ML Training Lab to get traction for their checklist…
    • AI/ML Training Lab with Julia Sandbox (optional) – A 3+ day workshop intended for the 3-4 person tiger tech teams (CTO, Engg, Data guy, PM…) from each startup. The workshop will help focus on building competency, getting traction & executing implementations related to the checklist developed at the roundtable.

For the first set of these playbooks, we are inviting nominations/applications for startup founders (+CXOs) who are either directly focusing on AI-based opportunity or have started integrating AI/ML as a core strategy for their product growth/success. Please provide your nomination for startups you believe should be part of the first series of the AI/ML playbooks. If you are a startup and interested to be part of this please register below. On final approval, an invite confirmation will be sent via email.

Please submit your nominations here. A registration link will be sent to your nominee.

Dates & Venue for the first of the series:

AI/ML Symposium RT #1 – 10th Mar (Sat) 2p – 5p Done
AI/ML Symposium RT #2 – 21st Apr (Sat) 11a – 2p @ Bangalore TBD
AI/ML Symposium RT #328th Apr (Sat) 10a – 1p @ Chennai TBD
AI/ML Playbook RTApr-TBD (Sat) 11a – 5pm @ Bangalore TBD
AI/ML Training Lab w/ JuliaApr-TBD @ TBD (Bangalore)

While the sessions are in Chennai/Bangalore, we believe this topic is of emergent interest to startups across the country and would invite all to register.

AI Mavens

Ashwin Ramasamy – PipeCandy
Manish Singhal – pi Ventures
Nishith Rastogi – Locus.sh
Shrikanth Jagannathan – PipeCandy

Cost

All iSPIRT roundtables are pro-bono (read below for how that works)

This series of playbooks is being setup by active support from our Mavens & Volunteers – Ankit Singh, Deepak Vinchhi, Karthik KS, Praveen Hari, Ravindra Krishnappa, Sandeep Todi.

P.S. Some great material for pre-reading

I strongly recommend all to go through many of these.

* All iSPIRT playbooks are pro-bono, closed room, founder-level, invite-only sessions. The only thing we require is a strong commitment to attend all sessions completely and to come prepared, to be open to learning & unlearning, and to share your context within a trusted environment. All key learnings are public goods & the sessions are governed by the Chatham House Rule.

* The Julia team is on a social mission to train a large number of people in India to develop grassroot skills and competency with AI & ML.

+Feature image from https://www.flickr.com/photos/gleonhard/34046647175/

Call for Volunteers: FinTech Leapfrog Council [FTLC]

iSPIRT’s FinTech Leapfrog Council (FTLC) is an initiative designed to help incumbent, government-owned banks make the transition to an era of cashless, presenceless and paperless transactions enabled by India Stack and other emerging technologies.

At iSPIRT, our belief is that banking will change more in the next five years than it has in the last 50 years. For a variety of reasons, the changes happening in India will follow a path that is very different from other countries. Indian Banks, therefore, have two choices: Create a new playbook to deal with these changes, or stick to the old rulebook and risk being disrupted.

Over the last two years, FTLC has been helping SBI, Axis, BOB and IDFC Bank create new playbooks in six orbit shifts that will help banks successfully transform themselves. These six orbit shifts are:

  1. Fee-based Payments to UPI and Payments as a Service
  2. Closed Billing Systems to Bharat Bill Payment System (BBPS) and Billing as a business  
  3. Asset-based lending to (Cash) Flow-Based Lending
  4. Closed Pipe Architectures to Open APIs and Platform Banking
  5. Core Banking Systems to Internet Architecture and Transaction Engines
  6. Data Silos to Consent-based Data Sharing

These FTLC banks have major government shareholding and comprise more than 30 percent of the Indian banking system. Therefore, helping them create these new playbooks is a mission of national importance.

FTLC works with the CEOs and leadership teams of these banks through a series of quarterly workshops and customised workshops in the above-mentioned areas. Some of the industry leaders who spoke at FTLC workshops to facilitate these orbit shifts are:

  • Shamir Karkal, Head of Open APIs at BBVA Bank, Spain, and co-founder of Simple Bank
  • S Ramakrishnan, former Chief Data Officer of Citibank
  • Prof. Saras Sarasvathy of the Darden School of Business
  • Nandan Nilekani, Non-Executive Chairman, Infosys
  • Sharad Sharma, Co-founder of iSPIRT & Ex CEO – Yahoo Inc, R &D. 
  • Sanjay Swamy, Managing Partner of Prime Ventures.

We are looking for an anchor volunteer who can work closely with the FTLC banks to ensure that they are making progress on these orbit shifts, and gradually take my place at FTLC.

For me, being the anchor volunteer for FTLC has been rewarding in many ways. The opportunity to work with other volunteers whose work is reshaping the fundamental nature of banking in India has been very exciting. The opportunity to work with some master strategists who can see the big picture without losing focus on the nitty-gritty details of execution has been awe-inspiring. Seeing young volunteers take on crucial roles and excelling in it has given me great hope for the future of our country. And finally, the fact that iSPIRT’s work is helping India create a world-class digital infrastructure is something that fills my heart with great pride. I had initially signed on as anchor volunteer for FTLC for one year, but the work was so interesting that one year became two before I realised it! We are now looking for a volunteer who can replace me, but start off gradually as a volunteer-in-training.

As you probably know by now, it is difficult to become an iSPIRT volunteer, but easy to cease being one. The arduous process of becoming a volunteer allows each side to feel each other out. We want you to get into volunteering with your eyes open. As part of this counter-intuitive mantra, we let you hibernate without any hesitation. This enables you to make soft promises that you can keep.

If you are interested in being a volunteer for FTLC, contact me at [email protected] or [email protected]

Action For India’s 6th Annual Forum invites FinTech startups

Action For India’s 6th Annual Forum invites FinTech startups
Just about two months ago, the nation attempted the massive ‘demonetization’ initiative at an unprecedented scale to clean-up illicit money and move towards greater economic equity and justice. As a consequence, the realm of digital money management and transactions saw a burgeoning growth and needless to say, this accelerated the vision of ‘Digital India’, the India where technology and digitization makes every facet of life for a common man, easy and empowering. This is becoming a global phenomenon as a recent report from Accenture found that global investment in FinTech has skyrocketed from $930 million back in 2008 to over $12 billion by the beginning of 2015.
Alongside digital payments, the nation also takes pride in harboring FinTech initiatives working wonders on the ground, in the areas of banking for the unbanked, micro-loans, credit-free schemes, micro asset-management, and a portmanteau of other technology-powered solutions/models that are serving the unreached. Recognizing these FinTech entrepreneurs, the 6th edition of Action For India Forum, is on a mission to help Indian social innovators overcome barriers to scale and achieve greater impact.
Though this exclusive invite-only event (taking place on January 24th & 25th, 2017 in New Delhi) that brings together 100 leading social innovators (with FinTech as one of the six sectors of focus) along with 100 “influencers” (from the realms of impact investment, philanthropy, government, technology and public policy), it aims to bring together a stellar set of handpicked start-ups and provide them with a platform to further partnerships, investment and growth. The applications to be a part of the esteemed Forum, are still open for all the promising FinTech startups.
The form can be found here: goo.gl/9xdqfn
It is at this event that the most promising social entrepreneurs are selected to be a part of a two-week all-expense- paid trip to Silicon Valley through the Silicon Valley Challenge (SVC).
You can find a post-event update on AFI’s 5th Annual Forum here: http://bit.ly/1U35zdE & details of the upcoming AFI Forum 2017 here: http://actionforindia.org/afi-forum-2017/.
You can reach AFI via email at afiforum2017@actionforindia.org or call +91-72040-24529.

 

When to open the purse for that Blockchain-y project of yours?

Blockchain, Blockchain ! The buzz continues to spread from coffee machines to boardrooms. Everyone I speak to nowadays is eager to know how to leverage Blockchain tech and what’s in it for them.

A key question in front of us as solution providers is when to choose Blockchain (and when to stick to relational databases) and more importantly which use case to fund/invest.

Based on my experience of Blockchain technology, if your use case meets all the conditions below, using a Blockchain makes business sense:

  1. A Shared Database: A Blockchain is a distributed ledger. The data contained in a Blockchain is replicated across all nodes within the network and is therefore shared. First step would be to determine if there is a genuine need for data sharing across the entire network.
  2. Multiple Writers: In a Blockchain, the database is written by multiple writers simultaneously. These writers could be a bank’s customers initiating payments, traders trading in a exchange, ATM/POS transactions, multiple companies updating their records in a government portal etc.
  3. Lack of Trust: Does your use case involves multiple users that trust each other? Let me ask it differently. Is one user willing to let other users modify the database entries it owns and is he/she blindly trusts the ‘read-only’ information provided by other users? If your answer is a clear NO, then Blockchain can be the answer. But everyone trusts a Blockchain as transactions are confirmed by ‘autonomous’ nodes (that do not trust each other) and considered immutable.
  4. No need for a central intermediary: If all we needed was a solution that let’s multiple non trusting writers update a shared database, then having a central intermediary that is trusted by all writers could have solved the problem. Everyday we interact with such central intermediaries e.g. Uber, commuter train companies, our banks, government etc. Govt issues us identity documents that are acceptable to all, a bank’s confirmation on a successful transaction is treated as a gospel of truth. Blockchain removes the need of having a central intermediary by its inherent design of immutability, block confirmations, distributed consensus. The transactions performed on a blockchain can thus be trusted by multiple writers who do not trust each other but trust a Blockchain. Do you really need disintermediation and does not having one makes it cheaper , faster , more efficient for your customers.
  5. Transactions Linkage: It means that transactions created by different writers often depend on one other. For example, A sends some money to B who in turn sends it to C. So, C’s balance is dependant on A. Because of this dependency, the transactions naturally belong together in a single shared database. Taking this further, one nice feature of blockchains is that transactions can be created collaboratively by multiple writers, without either party exposing themselves to risk.
  6. Authoritative Final Transaction Log: All nodes agree to the contents of this log. For a new node, downloading the entire previous blockchain is a starting point. If a node is down for some time, it can download the incremental blockchain to know the latest contents of Blockchain. In a peer-to-peer database with no central authority, nodes might have different opinions regarding which transaction to accept, because there is no objective right answer. By requiring transactions to be “confirmed” in a blockchain, we ensure that all nodes converge on the same decision.
  7. Guaranteeing the represented assets: Who stands behind the assets represented on the blockchain? If the database says that I own 10 units of something, who will allow me to claim those 10 units in the real world? Who do I sue if I can’t convert what’s written in the blockchain into traditional physical assets? Is it going to be a bank, a stock exchange, a mineral company? It all depends on the type of asset that is recorded on the Blockchain.

Conclusion: If your use case fulfils the all of the above criteria, using a Blockchain makes sense. Go ahead and invest in it, Blockchain is worth it.

(Disclaimer: Inputs from Gideon. Views expressed are personal and may not necessarily reflect views of my employer.)

Guest Post by Gaurav Singhai, Sopra-Steria

The fundamentals that help us grow more than 100% every quarter

At Mypoolin, we have a consistent and strong belief that a very significant aspect of building a business is keeping the fundamentals strong. The fundamentals are not just the core pillars for making the company stand as an entity, but also serve as defining the form as the firm emerges from its initial amorphous self. When we started the venture last year, we had some basics and an initial direction in mind, but we could not define those at that time.

For the first timers, we are the social payments product company of the country. We enable seamless peer to peer transactions and group transactions for all use cases, varying from movies to events to parties to outings to rent and more. Over the past 12 months, the product has grown both qualitatively and quantitatively. Starting from transactions just worth a few thousands per month to achieving a high growth rate currently, we are intent on making this product an integral part of your social lifestyle.

Mypoolin1

Let us dive into the fundamentals that continue to shape us –

Tackling a big problem

The reasons big problems are so important to be solved, is that once you solve them, half of the battle (or even more) is won. Not only does it ensure that the product can deliver, it also incentivizes the user by default to explore and use the same. Once you hit a raw nerve and resolve a crucial pain point, you ensure that the barriers to adoption are now as low as they can be, from the point of view of motivation of the user. And at the same time, when the vision is big, everyone in the team is driven as well to execute on it and be a part of it.

MyPoolin2

Simplifying a challenging solution

Well, it is one thing to say and another thing to build on it. After defining the problem and realizing the challenge in front, we started iterating on the product and building it piece by piece. All along some factors and pointers helped us in defining the direction of the product –

  • What exactly does the consumer desire? (Putting ourselves in their shoes)
  • Does our solution present itself in its simplest form? (Analyzing)
  • Are users really feeling empowered by using it? (Observing and tracking)

Mypoolin3

The above pointers will answer that whether the customers have the necessary ability to utilize our solution or not. And at the same time, since we are combining two domains of the internet viz – social network and payments into one; the product tends to become intricate in terms of its engineering. This in turn makes sure that the ability of the team is tested as well to its full potential for making the product really polished.

Discipline, Focus and Fun

Another key fundamental in running a growing company, especially in the complex and sensitive infrastructure of payments, is the presence of discipline and focus. This applies to both the phases-

  • Developing the product as well as
  • Tracking the analytics and output

Mypoolin4

At the same time, fun is always a part of the equation and the hidden gem at times for everyone to appreciate the mission as a team. In fact, the point of fun trickles everywhere, including our product as well which portrays the statement of ‘Payments made fun’. Traditionally, payments have been a painful and mundane part of our lives, but not anymore. Time to make them cool….

Wish to join one of the fastest growing ventures in the intricate, growing and powerful domain of fin-tech? Ping us directly at [email protected]

Cheers

Team Mypoolin, Rohit Taneja. 

 

A corporate wallet to simplify business payments and expense tracking: The Happay Story

B2C wallets like Paytm and Mobikwik are known well enough. The B2B wallet story, however, is still in its nascent stage. Happay is that wallet which helps companies manage their expenses through employees, using corporate wallets.

Varun Rathi and Anshul Rai were classmates at IIT Kharagpur. They worked for 2 years before they started up. After toying with different business ideas, they zeroed in on payments, and thereafter, quit their jobs.

Happay started as a platform for splitting payments or transfer money through its wallet. However, the team, even with over 2 lakh registered users, was unable to find a good revenue model. They pivoted to address B2B payment management hassles. They have tied up with Ratnakar Bank to issue corporate cards which double as expense management system for the company. The companies can issue these cards to all their employees, and, at the back end, track, or even cap the permissible amount for each card.

Here is an excerpt from Varun’s interview with iSPIRT:

Why did you Startup?

VR: “I come from a business family and so, I think I inherited the urge to start something of own business. It was different from a typical Marwari business, because I wanted to make a technology business that was scalable”.

Why did you choose to address payments?

VR: “The payments market in itself is globally very large and scalable. So even if you solve a small problem in payments, it can go big.

Last 5-10 years have seen a lot of sourcing through wallets. So we thought this was the problem we should solve. Our solution was quite a hit between students and young professionals. However, there was no strong revenue model. Also, we had to go to all vendors and get them to accept those payments through our instrument, which was proving difficult.

On the other hand, a lot of businesses would come to us looking for payments solution. There was no product that would address their issue. So we decided to pivot.”

You decided to pivot from B2C to B2B. What were your major challenges?

VR: “First biggest challenge was to unlearn whatever we had learned and focus exclusively on talking to customers which we didn’t do with the first product.

The first product seemed more intuitive to the team, as we ourselves were the customers. This time around the team talked to over 1000 customers to understand their problems.”

As for aligning the team, Varun shares, “Our team was very young, with no one with more than 2-3 years of experience. So they were open to learn new things. Besides, it took us 9-10 months, to come up with the new product. This gave enough time to the team to align themselves.”

Next challenge was in terms of requirements of the business. “With a B2B product, we realized that businesses needed handholding at every step. Where we scaled to 2 lakh registered users with just 5 members in the team, this time around, we ended up hiring for different teams, taking the number of employees to about 100.

We hired the first person that could give a demo to the customers. Then we needed someone for lead generation, as the product does not automatically reach the target audience. Even after a customer is acquired, we needed to hire for relationship management and customer support. The customers even after signing up would not take the next steps themselves.”

What are the challenges in coming up with an expense card? Why have other expense management companies not done it?

VR: “ Getting such a card and its integration in place, is a difficult process. It requires a license, partnership with the bank, a certification with VISA, and a strong technology team to support all of it. It takes about a year to complete just the processes.

We were in the business of payments, from the start. So our initial aim was to develop applications over the payments platform. We first solved the payments problem and then later on built expense management software over it. Other players made the software and started selling it. They never had the intention of going deeper into the payments problem.”

How is scaling a B2B business different from a B2C?

VR: “There are both pros and cons. B2B is slow and time taking but steady. There are some safe landings in between, so I cannot go down all of a sudden, as is the case with B2C. I can become an overnight success in a B2C product, with maybe some good PR but that can go away in a second, as it is very fragile and there is a lot of competition. In B2B, customers don’t sign up that fast, but they give you time. Once you have their trust, even if something is not perfect, they give you a month or 2 to make it right. That gives more stability to the business.”

What are the 3 things you wish you knew before you started?

VR: “Launch soon: One mistake we made was not launching the product soon. We, like most other companies, were trying to build a perfect product. But the sooner you take it to the customer; the steeper is the learning curve.

Talk to your customers: We assumed what our customers needed and built the product around it. Customers don’t know what they need till they see it. So let them see it.

Making the team will take time: Time required in hiring and nurturing team is very high. It takes almost 50% of our time. We didn’t account for it from the start and this has come across as a major learning.

What is your advice to other people starting up right off the college?

VR: “Understand the market first. If you start fresh out of college, you can take more risk. In terms of technology, you can stretch your limits, as you don’t have any responsibilities. But scaling brings problems. Hiring, building and managing the team and responding to the market needs more finesse. Understand the market so that you have at least some idea of how to respond.”

Corporate wallets address a very crucial bottleneck in managing expenses in an organisation. We wish Varun and his team at Happay, all the success.