Topics In Demand
Notification
New

No notification found.

Blog
Online Policy Roundtable on Data Empowerment and Protection Architecture

October 20, 2020

332

0

NASSCOM interacted with the industry during an online policy roundtable organized by NASSCOM on 16 October 2020, to discuss NITI Aayog’s draft discussion paper on Data Empowerment and Protection Architecture (DEPA). The roundtable saw participation from companies who are both actual (for instance, existing Account Aggregator licensees) and potential stakeholders in the DEPA framework. For background on DEPA, please read here.

The program for the roundtable was as follows:

  • Overview of DEPA, by NASSCOM team
  • Learning from the Account Aggregator Experience (Speakers: Krishna Prasad, CEO, Onemoney and Prashant Paliwal, CEO, Yodlee Finbit)
  • Learning from an Information Provider/User: Improving the DEPA (Speaker: Ashish Singhal, Head of Credit Business, Experian)
  • Discussion on Areas of Concern

The discussion during the roundtable, raised several points with respect to the implementation roadmap for DEPA mission and the foreseeable challenges in the operationalization of DEPA. In particular, the following issues were highlighted by participants:

Operationalising DEPA

  • There is a need to ensure timely onboarding of stakeholders, especially, information providers to get the DEPA operational as soon as possible;
  • There is a need for alignment of incentives amongst various stakeholders (data principal, consent manager, information provider and information user) in order to ensure that the quality of service is maintained across the ecosystem, and data sharing happens effectively;
  • There is a need to ensure both high-quality and high-variety data sharing, in order to develop some of the solutions envisaged under the draft discussion paper. Currently the DEPA stops at enabling the availability of data, without considering ways of enabling higher-variety and quality of data;
  • While the discussion paper highlights that the consent manager would be a separate entity engaged only in the business of consent management and it will also be data blind, there is need for detailing in the paper to ensure implementation
  • Simplifying the architecture for asking for granular consent without making it too burdensome on the data principal;

 

Institutional Coordination for DEPA

  • There is a need to highlight the role of sectoral regulators in implementing the DEPA and the need for creation of a dedicated channel of communication between the regulator and stakeholders for continuous improvement, given the evolutionary nature of DEPA;
  • Sectoral regulators should enable participation of more entities as an information provider/user (for example, credit bureaus), and providing an enabling legislative framework for leveraging the consent-based data sharing framework in the most valuable way;
  • There is a need to establish data security standards that need to be followed by stakeholders, and the need for an authority to monitor the implementation of these standards (possibly the Data Protection Authority (DPA) proposed to be established under the Personal Data Protection Bill, 2019); and
  • There is a need for greater awareness among data principals about their rights and consequences of sharing or not sharing data, the availability of consent management services etc.

The issues mentioned above, and additional issues are being examined by NASSCOM, as we work to formulate a comprehensive response to the DEPA draft discussion paper. We appreciate the inputs that have already been sent to us in this regard and request Members who haven’t sent their inputs yet, to share their inputs latest by 6 November 2020 to garima@nasscom.in.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Garima Prakash
Manager, Public Policy and Government Affairs

Reach out to me for all things policy about e-commerce, international trade, export controls, start-ups and fintech

© Copyright nasscom. All Rights Reserved.