A presentation on a new framework to empower, not just protect user data by iSPIRT.
Accompanying talk available at : https://youtu.be/mwC1kjaWV6g?t=1h7m3s
5. CONSENT TO COLLECT
Example: Personalised Dictionary based on Keyboard Data
Consent To Collect Collected Permissions My Personal Dictionary
(Based on my Keyboard Data) 5
6. Non-Shareable
Example: Aadhaar
Biometrics
Personal Data
Example: KYC data,
Marksheets, Driving License
Generated Data
Raw Location History, Bank
Transaction History
Derived (Intelligence)
Personalized Keyboard
Dictionary, Credit Score
Public Dataset
data.gov.in
Anonymous Dataset
Anonymized Loan Book,
Anonymized Travel Data
DATA CLASSIFICATION
6
7. User Consent - Required * Required * Required * - -
Downstream
Sharing
- Limited Restricted Barred Barred -
Regulatory
Drivers
Regulated by
Law
Free sharing or
Regulated
Pricing
Free sharing or
Regulated
Pricing
Market Pricing Market Pricing
Regulated by
Law
Tech Tools &
Standards
Biometrics
Security
eKYC, Digital
Locker,
Electronic Data
Consent (EDC)
Electronic Data
Consent (EDC)
Electronic Data
Consent (EDC)
Anonymization
Standards
Open Data
Standards
Non
Shareable
Personal
Data
Generated
Data
Public
Dataset
Derived
(Intelligence)
Anonymous
Dataset
*Complying with ORGANS Principles = Open, Revocable, Granular, Auditable, Notice, Secure 7
DATA CLASSIFICATION
8. CONSENT TO SHARE
Example: Consent based eKYC (by UIDAI)
1234 5678 9012
OTP
Biometrics
Access ONLY via authentication
No more fake identities
No more paper
No Photocopies
KYC Data
Shared Electronically
WITH CONSENT
8
9. TECHNOLOGY TOOLS FOR CONSENTED DATA
SHARING
● Digital Locker System (DLS)
● Electronic Data Consent (EDC)
9
10. DATA SHARING via DIGITAL LOCKER SYSTEM
The Digital Locker System (DLS) by
MeitY is a modern technology for
secure, inter-mediated data
sharing.
“Federated” approach: Not a
single provider but a network of
providers that interoperate
A secure “one-stop shop” for
channeling all consented data
sharing related to the user
Digital Locker
SystemData
Producer
Data
Consumer
USERS
Issues Digitally
Signed
Documents
Accesses
Documents
Online
Consents
Access
10
11. Example: DIGILOCKER (by NeGD)
List of DigiLocker Data Producers:
● Central Board of Secondary Education
(CBSE) & Council For The Indian School
Certificate Examinations (CISCE) Class 10
and Class 12
○ Statement of Marks
○ Passing Certificate
○ Migration Certificate
● Unique Identification Authority of India
(UIDAI)
○ Digital Aadhaar Card
● Ministry of Road Transport and Highways
○ Driving License
○ Vehicle Registration Certificate
● Ministry of Petroleum and Natural Gas
(IOCL+BPCL+HPCL)
○ Digital LPG Subscription Voucher
11
12. TECHNOLOGY TOOLS FOR CONSENTED DATA
SHARING
● Digital Locker System (DLS)
● Electronic Data Consent (EDC)
12
13. Electronic Data Consent (EDC)
● Consistent with current legal
frameworks and compliant with
IT Act
● User-Centric: User controlled
data sharing
● Auditable and Non-Repudiable
● Trust of data established
through digitally signed
documents
Data
Consumers
(Banks,Credits
Providers etc)
Consent
Collector
Data
Producers
(Banks,Telco,
Hospitals,etc)
Consent Flow
Digitally signed consent
artefact
13
14. TECHNICAL ARCHITECTURE OF DEPA
Data Producers are also referred to as Data Producers in the EDC Technical Documentation
DP #1
DP #2
DP #3
DP #4
Flow-Based
Credit
Skilling &
Recruitment
Content &
Media
Bots
Consent
Collector
Data Producers Data Consumers
Consent
Flow
Data Flow
Data released
based on consent
Consent
Artefact
14
Data Access
Notifications
15. MeitY Consent Artefact v1
Compliant with the ORGANS Principles: Open, Revocable, Granular, Auditable, Notice, Secure
<consentcollector> CC </consentcollector>
<dataconsumer> DC </dataconsumer>
<dataproducer> DP </dataproducer>
<user type=”UID”> 123412341ABC </user>
<datatype type=”transactional”>
<attribute-list> … </attribute-list>
<duration> 6 months </duration>
<datalife> 10 days </datalife>
<frequency> YEARLY </frequency>
<revocable> YES </revocable>
<access> VIEW| STORE| QUERY </access>
</datatype>
<datatype type=”profile”> </datatype>
<loggingInfo> … </loggingInfo>
<purpose code=””> LOAN </purpose>
<signature> #@%%#@$$##$@ </signature>
Identifier Section
Data Section
Logging Section
Signature Section
Purpose of Data Access
15
16. Data
Consumers
(Banks, Credits
Providers, etc)
Consent
Collector
Data
Producers
(Banks, Telco,
Hospitals, etc)
1. Revocation Request
2. Revoke
3. OK
Contains a “revocation URL”
owned by Data Producer
4. Artefact Revoked
The Consent Artefact
specifies how to log
both consent flows
and data flows.
This granular logging
helps in auditing and
monetisation.
An Example Workflow for Revoking Consent
16
REVOCATION, AUDIT, NOTICE
17. EDC facilitates Virtual
Data Room Access:
• Read Data Access
• Query Data Access
SECURE DATA ACCESS
EDC facilitates Virtual Data
Room Access:
• View Data Access
• Query Data Access
<consentcollector> CC </consentcollector>
<dataconsumer> DC </dataconsumer>
<dataproducer> DP </dataproducer>
<user type=”UID”> 123412341ABC </user>
<datatype type=”transactional”>
<attribute-list> … </attribute-list>
<duration> 6 months </duration>
<datalife> 10 days </datalife>
<frequency> YEARLY </frequency>
<revocable> YES </revocable>
<access> VIEW | STORE | QUERY </access>
</datatype>
<datatype type=”profile”> </datatype>
<loggingInfo> … </loggingInfo>
<purpose code=””> LOAN </purpose>
<signature> #@%%#@$$##$@ </signature>
17
18. Credential Sharing
Example: Users share
passwords
Physical Sharing
Example: Users share Paper
KYC data
Low
Low
DEPA MEASURES BETTER ON SECURITY AND
CONVENIENCE
DEPA
18
Access Delegation
Example: OAuth
Security Risk
User Effort High
Medium High
Low Medium
Vendor Effort HighLowMedium
Low Low
18
20. USE-CASES FOR DATA EMPOWERMENT & PROTECTION
ARCHITECTURE (DEPA)
20
AgricultureHealth
Lending
21. Meet, Rohan. He’s the owner of Fab Furniture (a physical shop for furniture rentals
with an online presence) and is now looking to take the next step to purchase more
stock and inventory.
He's been running Fab Furniture for more than two years but given that he doesn't
have any significant assets, it's highly unlikely for him to gain access to a
collateral-free loan (with decent interest rates) using the prevailing lending and credit
rating process.
2121
22. Introducing, Lendr*
Rohan applies for a Loan on Lendr Rohan consents to sharing his data
with Lendr via Consent Collector
Rohan receives a personalised Loan
Offer!
22
*Please Note: Lendr is a fictional application built to showcase consented data sharing using EDC.
23. Rohan (Owner of
Fab Furniture)
applies for a loan
on the app (Lendr*)
Lendr initialises
the Consent
Collector
Consent Collector
collects consent for
ABC Bank, Digital
Locker,
FurnitureRentals.com,
XYZ Telecom, and
Credit Bureau
Rohan eSigns
the Consent
Artefacts
Lendr takes the
consent artefact
to the respective
Data Producers
Lendr makes a
personalised
loan offer to
Rohan
Lendr uses this data to
asses the risk of
lending to Rohan
Data Producers
validate the artefact
and return the data to
Lendr
Rohan accepts the loan
offer
Paperless-Presenceless-Cashless Loans
Repayment happens
digitally
23
FLOW BASED LENDING
*Please Note: Lendr is a fictional application built to showcase consented data sharing using EDC.
24. CONSENT FLOW & DATA FLOW
24
Consent
Collector
Data Producers Data Consumers
Consent
Flow
Data Flow
Consent
Artefact
Money Flow
Lendr
DP #1
DP #2
DP #3
DP #4
Data Access
Notifications
25. USE-CASES FOR DATA EMPOWERMENT & PROTECTION
ARCHITECTURE (DEPA)
25
AgricultureLending
Health
27. Place your screenshot here
Place your screenshot
here
Place your screenshot here
Patient books an appointment online and
simultaneously consents to share medical reports with
the doctor
Doctor receives medical reports of
the patient
Using the Combiner, the Doctor views a
combined record of all the patient’s medical
reports
27
Introducing, Healthy*
*Please Note: Healthy is a fictional application built to showcase consented data sharing using EDC.
29. CONSENT FLOW & DATA FLOW
Data Producers are also referred to as Data Producers in the EDC Technical Documentation
29
Consent
Collector
Data Producers Data Consumers
Consent
Flow
Consent
Artefact
Healthy.
Money Flow
Data Flow
Data Access
Notifications
30. USE-CASES FOR DATA EMPOWERMENT & PROTECTION
ARCHITECTURE (DEPA)
30
Lending Health
Agriculture
31. Meet Devi. She owns a 1.5 acre farm on the outskirts of Itarsi in rural MP. She
primarily grows wheat and has never sold to anyone other than the local adatiya
For her, manual farm labour is currently in short supply, and getting pricier every
season. To counter this, she’s enlisted the services of a FaaS (Farm mechanization as a
Service) company. As a result, she’s been told she can get crop insurance to cover her
against situations like last year’s drought.
3131
32. EVERY FARM OPERATION GENERATES DATA
Harvesting
Land
Preparation
Sowing /
Transplanting
Post-harvest
farm
management
Crop
Management
Farmer
32
33. • Farmer eKYC
• Mobile No.
• FPO/SHG
affiliations
Post-harvest
•Yield history
•Local prices
Land Preparation
•Farm Location
•Farm Size
•Ownership
Sowing
•Cropping pattern
•Seed history
Crop Management
•Fertilizer/inputs history
•Soil moisture
•Soil composition
•Crop disease data
Harvesting
•Fertilizer/inputs history
•Soil moisture
•Soil composition
33
EVERY FARM OPERATION GENERATES DATA
34. MULTIPLE PLAYERS CAN USE THIS DATA TO PROVIDE
BETTER SERVICES TO FARMERS
Government Banks / NBFCs Insurance
Input
manufacturers
Downstream
markets
Other supply
chain players
34
35. Consent
Collector
Data Producers Data ConsumerConsent Flow
Data Flow
Data Producers are also referred to as Data Providers in the EDC Technical Documentation
Consent
Artefact
Money Flow
CONSENT FLOW & DATA FLOW
+
+
35
Data Access
Notifications
36. Skills
Trust
&
Formalization
Health
Cannot work if data is in silos.
Data with ML/AI will be used to
reduce information asymmetry &
provide benefits
Lending
Education
36
CONSENTED DATA SHARING IS KEY TO DATA DEMOCRACY
37. CONSENTED DATA SHARING INVERTS DATA
Data is used to
sell things to the user
Data to be used to
empower the user
37