iSPIRT Final Comments on India’s Personal Data Protection Bill

Below represents iSPIRT’s comments and recommendations on the draft Personal Data Protection Bill.  iSPIRT’s overall data privacy and data empowerment philosophy is covered here.  

Table of Contents

Major Comments
1. Include Consent Dashboards
2. Financial Understanding and Informed Consent for all Indians
3. Data Fiduciary Trust Scores Similar to App Store Ratings
4. Comments & Complaints on Data Fiduciaries are Public, Aggregatable Data
5. Warn of Potential Credit and Reputation Hazards
6. A Right to View and Edit Inferred Personal Data
7. Sharing and Processing of Health Data

Suggestions and Questions

  • Fund Data Rights Education
  • Limit Impact Assessment Requirement
  • Passwords should be treated differently than other Sensitive Personal Data.
  • Does the Bill intend to ban automatic person-tagging in photos and image search of people?
  • Notifications about updates to personal data should be handled by a Consent Dashboard, not every data fiduciary.
  • Need for an Authority appeal process when data principal rights conflict
  • Do not outlaw private fraud detection
  • Limit record keeping use and disclosure to the Authority and the company itself.
  • Fillings may be performed digitally
  • Request for Definition Clarifications
  • Author Comments
  • Links
  • Appendix – Sample User Interface Screens

Major Comments

1. Include Consent Dashboards

We support the idea of a Consent Dashboard as suggested in the Data Protection Committee Report (page 38) and recommend it to be incorporated in the Bill in Section 26 – Right to Data Portability and Section 30 (2) Transparency.  

We envision all of a user’s personal and inferred data that is known by data fiduciaries (i.e. companies) being exposed on a consent dashboard, provided by a third party consent collector or account aggregator (to use the RBI’s parlance). Below is an example user interface:

This mandate would enable users to have one place – their consent collector-provided dashboard – to discover, view and edit all data about them. It would also allow users to see any pending, approved and denied data requests.

Furthermore, in the event of data breaches, especially when a user’s password and identifier (mobile, email, etc) have been compromised, the breach and recommended action steps could be made clear on the consent dashboard.

Given the scope of this suggestion, we recommend an iterative or domain specific approach, wherein financial data is first listed in a dashboard limited to financial data and for its scope to grow with time.

2. Financial Understanding and Informed Consent for all Indians

We applaud the Bill’s Right to Confirmation and Access (Chapter IV, Section 24):

The data fiduciary shall provide the information as required under this section to the data principal in a clear and concise manner that is easily comprehensible to a reasonable person.

That said, we’ve found in practice that it’s difficult to appreciate the implications of digital policies on users until real user interfaces are presented to end users and then tested for their usability and understanding. Hence, we’ve put together a set of sample interfaces (see Appendix) that incorporate many of the proposed bill’s provisions and our recommendations. That said, much more work is needed before we can confidently assert that most Indians understand these interfaces and what they are truly consenting to share.

The concepts behind this bill are complicated and yet important. Most people do not understand concepts such as “revocable data access rights” and other rather jargon-filled phrases often present in the discussion of data privacy rights. Hence, we believe the best practices from interface design must be employed to help all Indians – even those who are illiterate and may only speak one of our many non-dominant languages – understand how to control their data.

For example, multi-language interfaces with audio assistance and help videos could be created to aid understanding and create informed consent.  Toll-free voice hotlines could be available for users to ask questions. Importantly, we recognize that the interfaces of informed consent and privacy control need rigorous study and will need to evolve in the years ahead.

In particular, we recommend user interface research in the following areas:

  • Interfaces for low-education and traditionally marginalized communities
  • Voice-only and augmented interfaces
  • Smart and “candy-bar” phone interfaces
  • Both self-serving and assisted interfaces (such that a user can consensually and legally delegate consent, as tax-payers do to accountants).

After user interface research has been completed and one can confidently assert that certain interface patterns can be understood by most Indian adults, we can imagine that templated designs representing best practices are recommended for the industry, much like the design guidelines for credit card products published by US Consumer Financial Protection Bureau or nutritional labelling.

3. Data Fiduciary Trust Scores Similar to App Store Ratings

We support the government’s effort to improve the trust environment and believe users should have appropriate, easy and fast ways to give informed consent & ensure bad actors can’t do well. Conversely, we believe that the best actors should benefit from a seamless UI and rise to the top.

The courts and data auditors can’t be the only way to highlight good, mediocre and bad players. From experience, we know that there will be a continuum of good to bad experiences provided by data fiduciaries, with only the worst and often most egregious actions being illegal.

People should be able to see the experiences of other users – both good and bad – to make more meaningful and informed choices. For example, a lender that also cross-sells other products to loan recipients and shares their mobile numbers may not be engaging in an illegal activity but users may find it simply annoying.

Hence, we recommend that data fiduciary trust scores are informed with user-created negatives reviews (aka complaints) and positive reviews.

In addition to Data Auditors (as the Bill envisions), user created, public ratings will create additional data points and business incentives for data fiduciaries to remain in full compliance with this law, without a company’s data protection assessment being the sole domain of its paid data auditors.

We would note that crowd sourced rating systems are an ever-evolving tech problem in their own right (and subject to gaming, spam, etc) and hence, trust rating and score maintenance may be best provided by multiple market actors and tech platforms.

4. Comments & Complaints on Data Fiduciaries are Public, Aggregatable Data

…so 3rd party actors and civil society can act on behalf of users.

A privacy framework will not change the power dynamics of our society overnight. Desperate people in need of money will often sign over almost anything, especially abstract rights. Additionally, individual citizens will rarely to be able to see larger patterns in the behaviour of lenders or other data fiduciaries and are ill-equipped to fight for small rewards on behalf of their community.  Hence, we believe that user ratings and complaint data about data fiduciaries must be made available in machine-readable forms to not only to the State but to third-parties, civic society and researchers so that they may identify patterns of good and bad behaviour, acting as additional data rights watchdogs on behalf all of us.

5. Warn of Potential Credit and Reputation Hazards

We are concerned about the rise of digital and mobile loans in other countries in recent years. Kenya – a country with high mobile payment penetration and hence like India one that has become data rich before becoming economically rich – has seen more than 10% of the adult population on credit blacklists in 2017; three percent of all digital loans were reportedly used for gambling. These new loan products were largely made possible by digital money systems and the ability of lenders to create automated risk profiles based on personal data; they clearly have the potential to cause societal harm and must be considered carefully.

Potential remedies to widespread and multiple loans are being proposed (e.g. real-time credit reporting services), but the fact that a user’s reputation and credit score will be affected by an action (such as taking out a loan), most also be known and understood by users. E.g. Users need to know that an offered loan will be reported to other banks and if they don’t pay they will be reported and unable to get other loans.

Furthermore, shared usage-based patterns – such as whether a customer pays their bills on time or buys certain types of products – must be available for review by end users.

6. A Right to View and Edit Inferred Personal Data

The Machine Learning and AI community have made incredible strides in computers’ ability to predict or infer almost anything. For example, in 2017, a babajob.com researcher showed the company could predict whether a job seeker earned more or less than Rs 12000 / month with more than 80% accuracy, using just their photo.  She did this using 3000 job seeker photos, 10 lines of code and Google’s TensorFlow for Poets sample code.  Note the project was never deployed or made publicly available.

As these techniques become ever more commonplace in the years to come, it’s reasonable to assume that public facing camera and sensor systems will be able to accurately infer most of the personal data of their subjects – e.g. their gender, emotional state, health, caste, religion, income – and then connect this data to other personally identifiable data such as a photo of their credit card and purchase history. Doing so will improve training data so that systems become even more accurate. In time, these systems – especially ones with large databases of labelled photos – like the governments’, popular social networks’ or a mall’s point of sale + video surveillance system – truly will be able to precisely identify individuals and their most marketable traits from any video feed.

Europe’s GDPR has enshrined the right for people to view data inferred about them, but in conjunction with the idea of a third party consent dashboard or Account Aggregator (in the RBI’s case), we believe we can do better.

In particular, any entity that collects or infers data about an individual that’s associated with an identifier such as an email address, mobile, credit card, or Aadhaar number should make that data viewable and editable to end users via their consent dashboard.  For example, if a payment gateway provider analyses your purchase history and infers you are diabetic and sells this information as a categorization parameter to medical advertisers, that payment gateway must notify you that it believes you are diabetic and enable you to view and remove this data. Google, for example, lists these inferences as Interests and allows users to edit them:

Using the Consent Dashboard mentioned in Major Comment 1, we believe users should have one place where they can discover, view and correct all personal and inferred data relevant to them.

Finally, more clarity is needed regarding how data gathered or inferred from secondary sources should be regulated and what consent may be required. For example, many mobile apps ask for a user’s consent to read their SMS Inbox and then read their bank confirmation SMSs to create a credit score. From our view, the inferred credit score should be viewable by the end user before it’s shared, given its personal data that deeply affects the user’s ability to gain usage of a service (in this case, often a loan at a given interest rate).

7. Sharing and Processing of Health Data

The Bill requires capturing the purpose for data sharing:

Chapter II, point 5:

“Purpose limitation.— (1) Personal data shall be processed only for purposes that are clear, specific and lawful. (2) Personal data shall be processed only for purposes specified or for any other incidental purpose that the data principal would reasonably expect the personal data to be used for, having regard to the specified purposes, and the context and circumstances in which the personal data was collected.”

In the healthcare domain, collecting the purpose for which the data is being shared might itself be quite revealing. For example, if data is being shared for a potential cancer biopsy or HIV testing, the purpose might be enough to make inferences and private determinations about the patient and say deny insurance coverage. On the other hand, stating high-level, blanket purposes might not be enough for future audits. A regulation must be in place to ensure the confidentiality of the stated purpose.  

The Bill has a provision for processing sensitive personal data for prompt action:

Chapter IV, point 21:

“Processing of certain categories of sensitive personal data for prompt action. — Passwords, financial data, health data, official identifiers, genetic data, and biometric data may be processed where such processing is strictly necessary— (a) to respond to any medical emergency involving a threat to the life or a severe threat to the health of the data principal; (b) to undertake any measure to provide medical treatment or health services to any individual during an epidemic, outbreak of disease or any other threat to public health; or (c) to undertake any measure to ensure safety of, or provide assistance or services to, any individual during any disaster or any breakdown of public order.”

While this is indeed a necessity, we believe that a middle ground could be achieved by providing an option for users to appoint consent nominees, in a similar manner to granting power of attorney. In cases of emergency, consent nominees such as family members could grant consent on behalf of the user. Processing without consent could happen only in cases where a consent nominee is unavailable or has not been appointed. This creates an additional layer of protection against misuse of health data of the user.

Suggestions and Questions

Fund Data Rights Education

We believe a larger, public education program may be necessary to educate the public on their data rights.

Limit Impact Assessment Requirement

Section 33 – Data Protection Impact Assessment —

  • Where the data fiduciary intends to undertake any processing involving new technologies or large scale profiling or use of sensitive personal data such as genetic data or biometric data, or any other processing which carries a risk of significant harm to data principals, such processing shall not be commenced unless the data fiduciary has undertaken a data protection impact assessment in accordance with the provisions of this section. …
  • On receipt of the assessment, if the Authority has reason to believe that the processing is likely to cause harm to the data principals, the Authority may direct the data fiduciary to cease such processing or direct that such processing shall be subject to such conditions as may be issued by the Authority.

We believe that the public must be protected from egregious data profiling but this provision does not strike an appropriate balance with respect to innovation. It mandates that companies and other researchers must ask government permission to innovate around large scale data processing before any work, public deployments or evidence of harm takes place. We believe this provision will be a large hinderance to experimentation and cause significant AI research to simply leave India. A more appropriate balance might be to ask data fiduciaries to privately create such an impact assessment but only submit to the Authority for approval once small scale testing has been completed (with potential harms better understood) and large scale deployments are imminent.

Passwords should be treated differently than other sensitive personal data.

Chapter IV – Section 18. Sensitive Personal Data. Passwords are different than other types of Sensitive Personal Data, given that they are a data security artifact, rather than a piece of data that is pertinent to a person’s being. We believe that data protection should be over-ridden in extraordinary circumstances without forcing companies to provide a backdoor to reveal passwords. We fully acknowledge that it is useful and sometimes necessary to provide backdoors to personal data – e.g. one’s medical history in the event of a medical emergency – but to require such a backdoor for passwords would likely introduce large potential security breaches throughout the entire personal data ecosystem.  

Does the Bill intend to ban automatic person-tagging in photos and image search of people?

Chapter I.3.8 – Biometric Data – The Bill defines Biometric Data to be:

“facial images, fingerprints, iris scans, or any other similar personal data resulting from measurements or technical processing operations carried out on physical, physiological, or behavioural characteristics of a data principal, which allow or confirm the unique identification of that natural person;”

The Bill includes Biometric Data in its definition of Sensitive Personal Data (section 3.35) which may only be processed with explicit consent:

Section 18. Processing of sensitive personal data based on explicit consent. — (1) Sensitive personal data may be processed on the basis of explicit consent

From our reading, we can see a variety of features available today around image search and person tagging being disallowed based on these provisions. E.g. Google’s image search contains many facial images which have been processed to enable identification of natural persons. Facebook’s “friend auto-suggestion” feature on photos employs similar techniques. Does the Bill intend for these features and others like them to be banned in India? It can certainly be argued that non-public people have a right to explicitly consent before they are publicly identified in a photo but we feel the Bill’s authors should clarify this position. Furthermore, does the purpose of unique identification processing matter with respect to its legality?  For example, we can imagine mobile phone-based, machine learning algorithms automatically identifying a user’s friends to make a photo easier to share with those friends; would such an algorithm require explicit consent from those friends before it may suggest them to the user?

Notifications about updates to personal data should be handled by a Consent Dashboard, not every data fiduciary.

Chapter IV – Section 25.4 – Right to correction, etc

Where the data fiduciary corrects, completes, or updates personal data in accordance with sub-section (1), the data fiduciary shall also take reasonable steps to notify all relevant entities or individuals to whom such personal data may have been disclosed regarding the relevant correction, completion or updating, particularly where such action would have an impact on the rights and interests of the data principal or on decisions made regarding them.

We believe the mandate on a data fiduciary to notify all relevant entities of a personal data change is too great a burden and is better performed by a consent dashboard, who maintains which other entities have a valid, up-to-date consent request to a user’s data. Hence, upon a data change, the data fiduciary would update the consent dashboard of the change and then the consent dashboard would then notify all other relevant entities.

It may be useful to keep the user in this loop – so that this sharing is done with their knowledge and approval.

Need for an Authority appeal process when data principal rights conflict

Section 28.5 – General conditions for the exercise of rights in this Chapter. —  

The data fiduciary is not obliged to comply with any request made under this Chapter where such compliance would harm the rights of any other data principal under this Act.

This portion of the law enables a data fiduciary to deny a user’s data change request if it believes doing so would harm another data principal. We believe it should not be up to the sole discretion of the data fiduciary to determine which data principal rights are more important and hence would like to see an appeal process to the Data Protection Authority made available if a request is refused for this reason.

Do not outlaw private fraud detection

Section 43.1 Prevention, detection, investigation and prosecution of contraventions of law

(1) Processing of personal data in the interests of prevention, detection, investigation and prosecution of any offence or any other contravention of law shall not be permitted unless it is authorised by a law made by Parliament and State Legislature and is necessary for, and proportionate to, such interests being achieved.

We worry the above clause would effectively outlaw fraud detection research, development and services by private companies in India. For instance, if a payment processor wishes to implement a fraud detection mechanism, they should be able to do so, without leaving that task to the State.  These innovations have a long track record of protecting users and businesses and reducing transaction costs. We recommend a clarification of this section and/or its restrictions to be applied to the State.

Limit record keeping use and disclosure to the Authority and the company itself.

Section 34.1.a. Record – Keeping –

The data fiduciary shall maintain accurate and up-to-date records of the following

(a) important operations in the data life-cycle including collection, transfers, and erasure of personal data to demonstrate compliance as required under section 11;

We expect sensitive meta-data and identifiers will need to be maintained for the purposes of Record Keeping; we suggest that this Record Keeping information be allowed but its sharing limited only to this use and shared only with the company, its Record Keeping contractors (if any) and the Authority.

Fillings may be performed digitally

Section 27.4 – Right to be Forgotten

The right under sub-section (1) shall be exercised by filing an application in such form and manner as may be prescribed.

The Bill contains many references to filing an application;  we’d suggest a definition that is broad and includes digital filings.

This also applies to sections which include “in writing” – which must include digital communications which can be stored (for instance, email).

Request for Definition Clarifications

What is “publicly available personal data”?

  • Section 17.2.g – We believe greater clarity is needed around the term “publicly available personal data.“ There questionably obtained databases for sale that list the mobile numbers and addresses of millions of Indians – would there thus be included as a publicly available personal data?
  • We’d recommend that DPA defines rules around what is publicly available personal data so that it is taken out of the ambit of the bill.  
  • The same can be said for data where there is no reasonable expectation of privacy (with the exception that systematic data collection on one subject cannot be considered to be such a situation)

Clarity of “Privacy by Design”

Section 29 – Privacy by Design

Privacy by Design is an established set of principles (see here and in GDPR) and we would like to see the Bill reference those patterns explicitly or use a different name if it wishes to employ another definition.

Define “prevent continuing disclosure”

Section 27.1 – Right to be Forgotten

The data principal shall have the right to restrict or prevent continuing disclosure of personal data by a data fiduciary…

We request further clarification on the meaning of  “prevent continuing disclosure” and an example use case of harm.

Define “standard contractual clauses” for Cross-Border Transfers

Section 41.3.5 – Conditions for Cross-Border Transfer of Personal Data

(5) The Authority may only approve standard contractual clauses or intra-group schemes under clause (a) of sub-section (1) where such clauses or schemes effectively protect the rights of data principals under this Act, including in relation with further transfers from the transferees of personal data under this subsection to any other person or entity.

We would like to standard contractual clauses clearly defined.

Define “trade secret”

Section 26.2 C – Right to be Forgotten

compliance with the request in sub-section (1) would reveal a trade secret of any data fiduciary or would not be technically feasible.

We request further clarification on the meaning of  “trade secret” and an example of the same.

Author Comments

Compiled by iSPIRT Volunteers:

Links

Comments and feedback are appreciated. Please mail us at [email protected]n.

Appendix – Sample User Interface Screens

Link: https://docs.google.com/presentation/d/1Eyszb3Xyy5deaaKf-jjnu0ahbNDxl7HOicImNVjSpFY/edit?usp=sharing

******

How To Empower 1.3 Billion Citizens With Their Data

2018 has been a significant year in our relationship with Data. Globally, the Cambridge Analytica incident made people realise that democracy itself can be vulnerable to data.  Closer to home, we got a first glimpse at the draft bill for Privacy by the Justice Sri Krishna Committee.

The writing on the wall is obvious. We cannot continue the way we have. This is a problem at every level – Individuals need to be more careful with whom they share their data and data controllers need to show more transparency and responsibility in handling user data. But one cannot expect that we will just organically shift to a more responsible, transparent, privacy-protecting regime without the intervention of the state. The draft bill, if it becomes law, will be a great win as it finally prescribes meaningful penalties for transgressions by controllers.

But we must not forget that the flip side of the coin is that data can also help empower people. India has much more socio-economic diversity than other countries where a data protection law has been enacted. Our concerns are more than just limiting the exploitation of user data by data controllers. We must look at data as an opportunity and ask how can we help users generate wealth out of their own data. Thus we propose, that we should design an India-specific Data Protection & Empowerment Architecture (DEPA). Empowerment & Protection are neither opposite nor orthogonal but co-dependent activities. We must think of them together else we will miss the forest for the trees.

In my talk linked below which took place at IDFC Dialogues Goa, I expand more on these ideas. I also talk about the exciting new technology tools that actually help us realise a future where Data can empower.

I hope you take away something of value from the talk. The larger message though, is that it is still early days for the internet. We can participate in shaping its culture, maybe even lead the way, instead of being passive observers. The Indian approach is finding deep resonance globally, and many countries, developing as well as developed, are looking to us for inspiration on how to deal with their own data problem. But it is going to take a lot more collaboration and co-creation before we get there. I hope you will join us on this mission to create a Data Democracy.

The coming revolution in Indian banking

Increasing penetration of smartphones, Aadhaar-linked bank accounts and a host of powerful open and programmable capabilities is set to create the ‘WhatsApp moment’ for Indian banking.

Once in a while a major disruption or discontinuity happens which has huge consequences. In 2007, the internet and the mobile phone came together in a whole new product called the smartphone. This phone, with its own operating system, such as the iOS or Android, could support over the top (OTT) applications. The messaging solution for the smartphone did not come from the giant telecom or internet companies. Instead, it came from WhatsApp, a start-up. WhatsApp does 30 billion messages a day, whereas all the telecom companies put together do 20 billion SMS messages per day. Such is the power of disruption!

Such a “WhatsApp moment” is now upon us in Indian banking. This discontinuity has been caused by several things coming together. Smartphones are growing dramatically and are expected to reach a penetration of 700 million by 2020. Over 1 billion Indian residents now have Aadhaar, an online biometric identity. The government promoting financial inclusion through the Jhan Dhan Yojana has led to over 200 million new bank accounts being opened. With the RBI giving licences to over 20 new banks, including small banks and payment banks, the competitive intensity of the sector is set to increase. One can visualise a future where every adult Indian has an Aadhaar number, a smartphone and a bank account. Already over 280 million Indian residents have an Aadhaar-linked bank account and around 1 billion direct benefit transfer (DBT) transactions have happened, whose value is in the billions of dollars.

On top of this, a set of powerful open and programmable capabilities, that are collectively referred to as the “India Stack” by the think-tank iSPIRT, has been created over the last seven years. Aadhaar provides online authentication using one’s fingerprint or iris, which can be done from anywhere. This can make transactions “presence less”. The e-KYC (know your customer) feature of Aadhaar enables a bank account to be opened instantly, just by using the Aadhaar number and one’s biometric. The e-sign feature enables online documents to be digitally signed with Aadhaar. The “digital locker” system enables the storage of such electronic documents safely and securely. All this can make the entire banking process “paperless”.

The final two layers of the “India Stack” have great relevance to the future of banking. The Unified Payment Interface (UPI) layer, a product built by the National Payment Corporation of India (NPCI), a non-profit company collectively owned by banks and set up in 2009, will revolutionise payments and accelerate the move towards a “cashless” economy. So “pushing” or “pulling” money from a smartphone will be as easy as sending or receiving an email. This product from NPCI is the latest in several payment systems that they have developed, from the National Financial Switch, National Automated Clearing House, and RuPay cards, to the Aadhaar Payment Bridge, the Aadhaar-enabled Payment System and IMPS, a real-time payment system.

The move to a “cashless” economy will be accelerated by the Aadhaar-enabled biometric smartphones. So credential checking in banking will move from “proprietary” approaches (debit card and PIN) to “open” approaches (mobile phone and Aadhaar authentication). As such, the holy grail of one-click two-factor authentication, now available only to giants like Apple, will be available to kids in a garage to develop innovative solutions.

Finally, as India goes from being a data-poor to a data-rich economy in the next two to three years, the electronic consent layer of the “India Stack” will enable consumers and businesses to harness the power of their own data to get fast, convenient and affordable credit. Such a use of digital footprints will bring millions of consumers and small businesses (who are in the informal sector) to join the formal economy to avail affordable and reliable credit.

As data becomes the new currency, financial institutions will be willing to forego transaction fees to get rich digital information on their customers. The elimination of these fees will further accelerate the move to a cashless economy as merchant payments will also become digital.

This will also shift the business models in banking from low-volume, high-value, high-cost, and high fees, to high-volume, low-value, low-cost, and no fees. This will lead to a dramatic upsurge in accessibility and affordability, and the market force of customer acquisition and the social purpose of mass inclusion will converge.

These gale winds of disruption and innovation brought upon by technology, regulations and government action, will fundamentally alter the banking industry. Payments, liabilities and assets will undergo a dramatic transformation as switching costs reduce and incumbents are threatened. As the insightful report from Credit-Suisse has so well explained, there is a $ 600 billion market capitalisation opportunity waiting to be created in the next 10 years. This will be shared between existing public and private banks, the new banks and new-age NBFCs. It may even go to non-banking platform players, which use the power of data to fine-tune credit risk and pricing, and make money from customer ownership and risk arbitrage.

The public sector banks, which occupy the commanding heights of the economy with a 70 per cent market share, will be particularly challenged. Even as they deal with the inheritance of their losses, they will have to cope with, and master, enormous digital disruption. This will require their owners, the government, to give them the autonomy and freedom to experiment and innovate.

To quote Shakespeare, “There is a tide in the affairs of men, which, taken at the flood, leads on to fortune”. The $ 600-billion opportunity is here. The WhatsApp revolution went unnoticed by incumbents. Normally such disruptive changes (like bubbles) are only recognised after they have happened. In this case, the forces of change are evident and can be anticipated. The opportunity for the banking sector has been called, and it is equally accessible to incumbents, both in the public and private sector, to the new banks, to the NBFCs and the tech companies. The future will belong to those who show speed, imagination and the boldness to embrace change.

This article was written as foreword to a Credit-Suisse report on the Indian banking sector

An Alternate View Of The Future

Just over 12 years ago, I sat on the sofa outside my office in Infosys, and explained to Tom Friedman about how the playing field was getting levelled through technology. This inspired him to write ‘The World is Flat,’ an international bestseller that sold millions of copies and captured the zeitgeist of the era.

It was an era where technology and political change brought everyone closer. The Dissolution of the Soviet Union in Dec, 1995 was presaged by the fall of the Berlin Wall on the 9th of Nov, 1989. And, the Berlin Wall incident was set in motion by the invasion of the communist Grenada in Oct, 1983. Grenada’s regime change marked the beginning of the end of the Soviet empire. The design of the containerized ‘box’ laid the foundation for global trade in goods and the massive investment in telecommunication capacity and undersea cables as part of the ’dotcom’ boom and bust, laid the foundation for global trade in services.

In this context, last Friday’s Brexit is a momentous development. It marks the turning point in the Wests’ 35 years of globalization. It is truly a ‘Grenada’ moment, but in the opposite direction.

Over the next few years, the West will slowly turn back on immigration, outsourcing and economic integration. This will have major consequences for everybody in the world. India will have to focus on its own domestic market and not on exports.  Automation and Chinese overcapacity will hit manufacturing, and growth will come in services. Employment and entrepreneurship will happen through platforms that aggregate – farmers, retailers, truckers and vendors. This will result in the formalization of the economy in a big way, as finally the benefit of being in the system thanks to affordable and reliable credit will be higher than staying out. India has the potential of many years of high growth as millions of Indians join the organized society. India Stack will be a key enabler for this to happen!

We have been thinking a lot about this scenario at iSPIRT. This presentation (pasted below) captures our view of such a future. Hope you enjoy it!

You can also catch my talk on the future of India in the age of technological disruption at Think Next 2016 in Bangalore (video pasted below the presentation here).

 

Bill Gates meets with iSPIRT

Bill Gates met with members of iSPIRT in Bangalore in December to learn about the organization and its volunteers’ efforts to solve India’s hardest problems through the use of technology.  Nandan Nilekani played host to the event and also present in the room were Sharad Sharma (iSPIRT co-founder), Nachiket More (former Board member of RBI, now senior advisor to the Bill & Melinda Gates Foundation (BMGF)), and various senior members of BMGF.

Bill-Gates1There were three broad themes that were covered — finance, healthcare and education — each of which forms an important part of the Gates Foundation’s work in philanthropy. Product demos included the IndiaStack, a suite of technology services currently being developed around identity, payments and personal data management for all Indian citizens; three of the leading startups in the healthcare space — Practo, Logistimo, and Swasthya Slate; and EkStep, an education-focused nonprofit that focuses on facilitated learning.

Shashank presenting to BillBill Gates observed that India is producing cutting-edge work and there are few countries which can boast of a digital infrastructure as sophisticated as we are producing here. With such positive encouragement from one of the most accomplished individuals in the world, the vision of transforming India at large through application of technology has received a new impetus.

the panel with BillGuest Post by Saurabh Panjwani, iSPIRT

Emerging Markets Finance Conference

Indira Gandhi Institute of Development Research (IGIDR) is an advanced research institute established and fully funded by the Reserve Bank of India for carrying out research on development issues from a multi-disciplinary point of view. IGIDR Finance Research Group have an ongoing conversation with decision makers in government and the financial industry so as to understand the questions faced by them. They work on four fields: (a) Securities markets, (b) Household finance, (c) Corporate finance and (d) Financial intermediaries.

Emerging Markets Finance Conference is an event executed by IGIDR. EMF – 2015 is in its 6th edition and will be held at Sofitel, Bandra-Kurla Complex, Mumbai between 17th and 19th December 2015. The inaugural address will be given by Mr U.K. Sinha, SEBI Chairman.

The conference builds a human network of sophisticated thinking in Indian finance, and growing links within and across the three worlds of academics, policy and the industry with participation from domestic and the International community.

The conference has high quality participation from the global academic community, senior policy makers, and practitioners end of the finance world. Active participation from the regulators including the Ministry of Finance, Reserve Bank, SEBI, NISM add up to a nice blend of high ideas coupled with real world in the conference.

IGIDR has partnered with iSPIRT to showcase ‘Financial Services to come’ during EMF-2015 on 18th December 2015 (Session IV). This includes:

  • 14:00 – 14:30 Fintech: Disruption in financial services, the Leapfrog by Nandan Nilekani, Co-founder, Infosys and Chairman, Aadhaar
  • 14:30 – 15:30 The Players – Who is making Fintech happen?
  • 15:30 – 16:30 Panel I: Future of Payments
  • 16:30 – 17:00 Break
  • 17:00 – 18:00 Panel II: When Status Quo faces Disruption

As part of this partnership, trade booths are available to iSPIRT to showcase their products to a global audience in the Expo. The Expo will be in parallel, at the same venue (Grand Saloon), for all the three days of the conference. The details of the trade booth participation are:

  • A 2×2 meter space for setting up a trade booth at the conference venue
  • 2 Chairs, 1 Table, Spotlight
  • 2 delegates on all the days of conference
  • Cost of each trade booth will be Rs. 2,00,000/-

Companies interested in taking a trade booth may contact Jyoti Manke, Program Manager ([email protected]) or Unnati Gandhi ([email protected]).

India innovated and celebrated @Inno_fest #IndiaCanInnovate

With whatever little humility we can garner, we created a platform for showcasing, inspiring, and celebrating innovation in India – in less than 27 days!!

20931485302_e541c3daaf_bWith the awesome support from our partners, sponsors, believers, dreamers, creators, speakers, patrons, volunteers and each and every one who was a part of InnoFest – we rocked it J

You asked us – Why the focus on Innovation?

Well, the trigger for this innovating idea was a little report that caught our eye. Our entrepreneurship deficit has grown while our innovation deficit is slipping. If we don’t build our innovation capability, two things will happen. First, we will not be able to solve the myriad problems that are specific to India. Second, our current national winners like Flipkart and Ola might lose out to their global competitors over time.

And how do we address the Innovation deficit?

There is no shortage of imagination and creativity in India. We need to build our skills where this imagination and creativity is applied to generate unique solutions to local problems. To give innovation scale – to make it grow; to inspire young minds to innovate…

Sharad Sharma, Co-Founder of iSPIRT and Co-Convenor of Innofest, said that “If companies can innovate and transform their functioning and performance radically, why can’t countries? The idea of Innofest is to distil the best ideas in enterprise and inspire individuals, corporates and Government organizations to take innovation to the common man. We are delighted that the Government has stepped in, in a big way to enable this transformation and this cooperation between public bodies and private enterprises will lay the foundation for radical transformation in the country.”

And… we were pleasantly shocked (that is not a phrase, I know :).

From robots and cars to 3D chocolates: we saw it all !!! (Click here for the complete array of displays that were a part of innovation).

Innofest was a phenomenal success. We reached the message via TV (CNBC Awaaz), RadioCity, Hoardings, and most importantly social media to over half a million individuals across the country. Over 1200 participants attended Innofest and immersed themselves into activities like maker-space, experience zone, young innovator’s zone, etc. The team curated and showcased over 75+ innovations from across India that ranged from an 11-year boy who had developed a mobile charger to Team Indus who are building a spacecraft that will go to the moon. The main session with our patrons – Nandan Nilekani, Mohandas Pai, Jayant Sinha, and Kiran Mazumdar Shaw was a huge hit with some of the most inspiring speeches one could experience(Videos shared below). Of course, Minister Babul Supriyo’s singing and dancing was just the finale that Innofest deserved.

A team of 10 committed and highly enthused volunteers – spread across 5 Indian cities – worked remotely and delivered Innofest 2015. And how…

The craziness of schedules, deadlines, and record turn-around times was exhausting yet exhilarating to the core… From media, sponsorships and venue discussions to the unlikely innovations that we experienced – it was indeed an unforgettable experience for each one of us.

And not surprisingly, we have been flooded with requests from all parts of the country – from individuals/companies/cities, offering to host the next Innofest – and it feels good and satisfying …

20948742491_2e3fe98f8e_bWhile we go about thinking what to do – this is a call for volunteers for our next. We anticipate it to only get bigger and better and we will need all the help that we can… because we cannot create this magic without YOU.

Do let us know how you can help us. Think.Innovate.

#IndiaCanInnovate.

Just let us know 🙂

Guest Post contributed by Ritika Singh, Proud Volunteer for Innofest

Innovation has to be the starting point for entrepreneurs

Innovation significantly expands your options, possibilities, and opportunities

That there is enthusiasm about entrepreneurship across India is apparent, and clearly visible. A number of our young citizens are now thinking about starting a business rather than taking up a job. And that’s a good thing, because we need more job creators.

However, in India, innovation is often not the starting point in our thought process for our entrepreneurial journey. Most of our innovators and entrepreneurs are not thinking of how we can solve the problem with a radically different solution or approach. Most of our aspiring entrepreneurs do not think of creating or inventing new products and solutions.

That’s why we see India falling to 76th position this year in the global innovation index. Even within the BRICS nations, we are the lowest-ranked country on this index. Interestingly, while all other BRICS nations have strengthened their position, India has slipped 10 points from 66 last year, to 76 this year.

This has to change.

There is nothing wrong in building a strong me-too business. However, me-too concepts or even incremental innovations on existing concepts limit your own options and opportunities. On the other hand, innovation expands your possibilities, options, and opportunities, significantly. It provides you a fresh new canvas to paint on, rather than trying to fit your signature on a painting that already has other signatures.

But, for innovation to become a part of our mainstream thinking, we need to create an enabling ecosystem and a conducive environment for innovators and entrepreneurs to convert their ideas into products and businesses. I am glad to note that things are improving on this front. A number of private initiatives are creating the infrastructure and resources for entrepreneurs to innovate. Initiatives like Innofest, of which I am a committed patron, which celebrate and showcase innovation, are important to bring innovation at the center of our thought process.

Innofest is a festival of innovation, ideas and inspiration, to be held in Bengaluru on the 22nd of August 2015. I will be there. I hope to see you there too.

#IndiaCanInnovate @Inno_fest

Just Imagine

Today is India’s 66th Independence Day and the environment around, seems, to be generally shorn of excitement, energy and optimism. However, as is customary on such occasions, a call to the people – all of us – is, well, called for: to galvanise us all to action, to put our shoulders to the wheel of policy making that will make economic activity explode.  Such calls for action and indeed, the action, itself require us all to imagine an India that is radically different from the one that we see and experience each day around us.

Nandan Nilekani wrote “Imagining India” in 2008 and one of the things he imagined has since been actualised in the form of the Aadhar / UID project that provides an Identity card and number to every resident of India. Over 600million people would be recipients of this card by next year, 2014. In and as of itself, this would have been a gargantuan exercise, amongst the very largest in the world. But that by itself wouldn’t be as interesting as what the prevalence of the Aadhar infrastructure can enable.  Identity is a fundamental pre-requisite for any kind of financial transaction and the Aadhar project enables that.  “Know your customer” ( KYC) norms can now be easily done for all kinds of activities eg. From opening a bank account to applying for a gas connection to a phone to availing a loan to purchasing insurance. Hundreds of millions of people who operated in the informal or extra-legal financial services market will now come under the more benign, formal, organised and recognised regime.

Much earlier in the 1980s, Sam Pitroda imagined an India transformed with the creation and establishment of a nationwide telecom infrastructure.  Today, we all are witness to the remarkable benefits that this imagination has brought about. Over 900 million phone subscribers in just over two decades.

Even earlier, in the 1960s Dr Verghese Kurien imagined a young country that would be self-sufficient in milk. Operation Flood made India, formerly a milk deficient country, the world’s largest producer of milk accounting for over 17% of global output with an entire infrastructure, from rural to urban, tradition and technology to markets and branding.

Each of the above examples showcases the huge long term national benefits of creating big platforms – Unique Identity, Telecom, Milk Production and Distribution – through the sheer power of imagination, entrepreneurial energy, policy making, political will and savvy marketing. Platforms are soft and hard infrastructure – policy, rules of engagement and collaboration, co-opting of existing stakeholders, creation and harnessing of technology, innovative processes and business models. Such platforms while usually created and established by the government to serve public good, interest and national security, it is the subsequent entry of private entrepreneurs that enables the proliferation and development of additional technologies and services. For example, the mother of all platforms today, the internet, had its origins in the US Department of Defence Advanced Project Network.

So as we enter our 67th year as a nation, what is it that we can imagine? Indeed, what should we imagine? Very briefly,

i)               Education: In the age of MOOCs and Wikis, why cannot India have a national programme for education using and deploying the latest technologies? Video based learning, local languages with local examples, with the best teachers, with online testing? This will require the creation of a massive technology backbone, co-opting of existing institutions, training, establishment of processes and rules, financial incentives, payment and collection mechanisms for the entry and exit of private entities.

ii)              Healthcare is another area that requires enormous intervention along the lines being discussed. Telemedicine, remote diagnostics, new innovative low cost devices for self testing and medication, education and awareness, mobile clinics, logistics for moving patients and equipment, innovative payment systems, policy, regulation and oversight are areas that have to come together.

iii)            A marketplace for logistics providers – air, land and sea – across the value chain, integrated with warehouses, C&F agents, insurance providers, payments and settlements, processes for transparent pricing. Can be very useful for agriculture and industry.

There obviously are many more possibilities (viz. defence and space) and initiatives that can be imagined that will help all of us Indians and India. Can we set the ball rolling and start the process of engagement with various stakeholders – government, industry bodies, entrepreneurs and others – to help create platforms that can create a new India? Can we create and curate ideas for platforms that have the immense potential to fundamentally transform India.  Just Imagine.