What is DEPA?
The Data Empowerment and Protection Architecture (DEPA) empower every Indian with control over their data, and democratises access and enables the portability of trusted data between service providers. This architecture will help Indians in accessing better financial services, healthcare services, and other socio-economically important services. DEPA is more commonly known as the ‘Consent Layer of India Stack’.
The rollout of DEPA for financial data and telecom data is taking place through Account Aggregators that are licensed by RBI. It already covers all asset data, liabilities data, and telecom data.
The purpose of the session is to understand the technological, institutional, market and regulatory architecture of DEPA, it impacts on existing data consuming businesses and how people could contribute to this new data sharing infrastructure that’s being built in India.
The session will be anchored by Siddharth Shetty (Data Empowerment And Protection Architecture Lead & Fellow, iSPIRT Foundation)
DEPA Unleashed
DEPA is a new approach, a paradigm shift in personal data management and processing that transforms the current organization centric system to a human-centric system. By giving people the power to decide how their data can be used, DEPA enables the collection and use of personal data in ways that empower people to access better financial, healthcare, and other socio-economically important services in a safe, secure, and privacy-preserving manner.
In the fight for data, the individual has lost control over how their personal data is collected, shared, and used. This can be a very disempowering experience for the user, who now has no means of gathering and using their data for their benefit. It also inevitably prevents the user from accessing essential financial services and inhibiting their participation in the market.
India, who is a step ahead of the curve, recognises the need to empower the user with their own data. The Indian government has operationalised the values stated above by encouraging and mandating organisations to seek the consent of the user to use and share their data and seeded the idea of data access fiduciaries, organisations envisioned to enable personal management of consent. The first manifestation of Data Access Fiduciaries is for financial data through the NBFC-Account Aggregator
NBFC Account Aggregator Ecosystem |
The Account Aggregator enables users to maintain and use their financial data as they see fit.
In the past, it was tremendously hard for an Indian to get a statement of his bank account; when applying for a loan, he had to share either unverifiable paper records or his banking password with the lender, not knowing what data might be extracted. With Account Aggregators, customers can allow certain financial data to be shared safely. And because the Account Aggregators operate on a fee-for-transaction business model and are legally prohibited from storing or selling data, users can rest assured that their privacy is respected.
The Account Aggregator performs two main functions. It assists and enables the user to access their financial data easily and it helps manage consent.
For a quick overview of the Data Empowerment and Protection Architecture and NBFC Account Aggregator, you may watch this Future State webinar: https://youtu.be/mxFe5404jY8 Future State has also put together a Data Empowerment Starter Kit: https://spark.adobe.com/page/cGGiu1XTUNrle/ |
Session Flow
- Overview of the Data Empowerment and Protection Architecture (DEPA)
- Technology Architecture
- Institutional Architecture of Data Access Fiduciaries
- Market Architecture of the entire Ecosystem
- Q & A
Location
Residency Road, Bangalore
Time
5:30pm – 7pm
How to participate?
We’re inviting fintech entrepreneurs, product managers, developers and anyone else who is looking to understand the potential of the Data Empowerment and Protection Architecture.
If you want to further your understanding of the Consent Layer of the India Stack, click here to register for the session.
Due to limited seating, we will be unable to accommodate all applicants. (Confirmation emails with venue details will be sent across by 15th May 2019)
Key Resources
Policy
- Account Aggregator Master Directive by RBI: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10598&Mode=0
- Public Credit Registry by RBI: https://rbi.org.in/scripts/PublicationReportDetails.aspx?ID=895
Technology
- Electronic Consent Framework by MeitY: http://dla.gov.in/sites/default/files/pdf/MeitY-Consent-Tech-Framework%20v1.1.pdf
- API Standards: https://api.rebit.org.in/list
- Financial Information Standard: https://api.rebit.org.in/schema
In addition to Financial Data, the Account Aggregator approach is being adopted for:
- Healthcare Data: http://www.niti.gov.in/writereaddata/files/document_publication/NHS-Strategy-and-Approach-Document-for-consultation.pdf
- Telecom Data: https://www.trai.gov.in/sites/default/files/RecommendationDataPrivacy16072018_0.pdf (Recommendation – 3.3 C)
- Urban Data: https://sites.google.com/view/iudx-technical/home
- Private Data: Srikrishna Report for Privacy Bill: http://pibphoto.nic.in/documents/Others/2018727xcxzcx151.pdf (Page 39, Chapter 3F)
- The Draft Privacy Bill lists 4 Rights for a Data Principal, one of which is the Right to Data Portability: (1) The data principal shall have the right to— (a) receive the following personal data related to the data principal in a structured, commonly used and machine-readable format— (i) which such data principal has provided to the data fiduciary; (ii) which has been generated in the course of provision of services or use of goods by the data fiduciary; or (iii) which forms part of any profile on the data principal, or which the data fiduciary has otherwise obtained. (b) have the personal data referred to in clause (a) transferred to any other data fiduciary in the format referred to in that clause.
Reading List
- Data To The People – Nandan Nilekani – Foreign Affairs
- Who controls your data? India may pass a law ensuring that you do – Vasant Dhar – Washington Post
- India Must Become the Worlds First Data Democracy – Nandan Nilekani – The Week
- India can offer a radically new way of looking at data – Nandan Nilekani – The Print
- India must embrace Data Democracy – Nandan Nilekani – Product Nation
- The best way forward for privacy is to open up your data – Tanuj Bhojwani – Product Nation
- Rights-based data protection framework for financial information – RBI Committee on Household Finance