Government think-tank Niti Aayog has released the draft of an architecture that could allow third parties access to information across sectors ranging from finance to healthcare, after seeking consent of the user.
In the draft of Data Empowerment and Protection Architecture (DEPA) released Thursday, the Aayog has sought feedback from stakeholders by October 1. At the core of the proposed architecture is the institution of a consent management system — which will allow the sharing of the information — with a view to provide better financial, health and telecom-related products and services to individuals and firms. “In a nutshell, DEPA empowers people to seamlessly and securely access their data and share it with third party institutions,” stated the draft report.
The framework is expected to become functional for the financial sector “starting fall 2020”, even though it had already been run in July 2019 through a closed user group-launch by major banks. In this sector, the consent managers will be known as Account Aggregators (AA).
“The sector already generates a high amount of structured and interoperable data regulated by strict standards — making it an ideal place to begin operationalising a consent based data sharing framework, and see the impact of consented data sharing on availability and accessibility of financial products to new, more vulnerable markets,” said the draft.
“This will be followed by launches in healthcare and telecom,” it added.
While it comes in the absence of overarching data protection regulations — the Personal Data Protection Bill is yet to receive final approval — the report claims that there are “domain specific laws” that enable the DEPA framework. For instance, DEPA in the financial sector is built on the foundation of RBI’s Banking Regulation Act and an RBI Master Directive.
“Just as the launch of UPI transformed India’s digital payments world irreversibly, it is expected that the RBI-driven Account Aggregator (AA) model will transform the way financial services are delivered through a unique architecture for consent-based data sharing. In the AA model, individuals can seamlessly share their financial data for the first time across banks, insurers, investors, tax collectors, and pension funds in a safe, secure, and consented manner,” Niti Aayog CEO Amitabh Kant said in a foreword to the report.
The first major government department to become a Government Information Provider (GIP) will be Goods and Services Tax (GST); future departments with data on individuals and MSMEs could adopt the specifications to improve the ease of doing business or create greater data portability of individual education, jobs, or transaction data.
India needs a paradigm shift in personal data management that transforms the current organisation-centric data sharing system to an individual centric approach that promotes user control on data sharing for empowerment, noted to the draft report, adding, “Based on the Personal Data Protection Bill 2019 and the planned Data Protection Authority, DEPA can be applied to various sectors. This could empower individuals with not just financial and healthcare data, but also telecom, educational, or jobs data to better improve access to opportunities.”
The draft explains that data currently exists in silos, arguing that gathering data in this environment is “cumbersome” and that individuals and small businesses “lack control” over their own data.
“The problem is not that companies are benefiting from individuals’ data; the problem is that individuals and small firms do not benefit. The mission of the DEPA is therefore to provide individuals and small businesses with the practical means to access, control, and selectively share personal data that they have stored across multiple institutional datasets – to maximise the benefits of data sharing for individual empowerment whilst minimising privacy risks and data misuse. By giving people the power to decide how their data can be used, DEPA enables an individual to control the flow of and benefit from the value of her personal data, relying on not only institutional data protection measures but also restoring individual agency over data use,” the report said.
The report stressed that Micro, Small and Medium Enterprises will stand to benefit after DEPA fully rolls out. Even pre-COVID, only about 8 per cent of the total MSMEs in the country had access to formal finance; the other 92 per cent are likely taking loans at onerous terms from ad-hoc sources, and are regularly facing working capital shortages. These small businesses are increasingly transacting digitally.
“If portability and control of data could allow an MSME owner to digitally share proof of the business’ regular historic tax (GST) payments or receivables invoices easily, a bank could design and offer regular small ticket working capital loans based on demonstrated ability to repay (known as Flow based lending) rather than only offering bank loans backed by assets or collateral. Flow based lending is the norm for individuals providing proof of salary to access home and car loans, yet these types of products are yet to take off at scale for MSMEs, partly due to frictions in accessing required data. The Account Aggregator framework could transform access to much-needed working capital credit for micro enterprises,” it said.
DEPA is also aimed at enabling better personal financial management services, wealth management, robo advisory, or different types of lending, insurance, and investment use cases and products that we may not be able to foresee today.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines