BIS said the experience with DEPA suggests that a consent-based system can operate at scale with low transaction costs.
In DEPA, data subjects – through a granular data consent system – are expected to control what data they wish to share, with whom and for how long.
India has shown that this kind of digital public infrastructure allows nations to leapfrog and adopting DEPA, or the account aggregator framework, can tremendously benefit nations in financial, healthcare, skilling and other sectors, it said in a joint paper with think-tank iSPIRT.
ET has reviewed the paper, titled ‘The design of a data governance system’.
Citizens from those countries that have not been able to benefit from the system in a structured manner will gain with such frameworks, said Siddharth Tiwari, chief representative for Asia and the Pacific at BIS and one of the authors of the paper.
Discover the stories of your interest
“India’s experience with Aadhaar has shown that this kind of digital public infrastructure allows nations like India to leapfrog in terms of access to bank accounts of the general population,” Tiwari said.
He, however, said that borrowing from the formal financial sector was still lagging, not only in India but also in advanced economies.
“The spread of proper data governance consent frameworks could enhance development of credit markets across the world,” Tiwari added.
At the national level, it said DEPA reflects the proposition that data subjects (consumers, small and medium enterprises and in some instances service providers) should have a stake in what is created.
Other countries, too, are waking up to the potential of such a framework.
As part of a consultative process to affirm the importance of privacy and data-driven innovation through open, inter-operable technical protocols, a collective of senior policymakers met virtually for the first time on August 31 last year.
Participants included representatives from the European Commission, Norway, Switzerland, and India, in addition to officials from Rwanda, Japan, France, and Australia.
Several Indian innovations such as Aadhaar, the Unified Payments Interface (UPI) and vaccination platform CoWin, among others, have been emulated by several countries.
In fact, Google wrote to the US Federal Reserve Board detailing the success of UPI-based digital payments in India and recommending that the Fed launch a new interbank real-time gross settlement service on the same lines.
While speaking about the goal of the paper, co-author Sharad Sharma said it was aimed at making people understand that one can get protection and privacy but can also get innovation of data.
He said that traditionally, it has always been one or the other.
If you prioritize privacy, as Europe has, you risk sacrificing innovation. On the other hand, if you promote innovation at all costs as in the United States, you end up sacrificing privacy, he said.
“India’s DEPA model attempts to resolve this by offering a solution that ensures privacy while at the same time enabling innovation. In addition, it provides a federated data system resilient to data breaches through which users get a single view of their data. This paper explains these concepts in more detail,” Sharma, who is also co-founder at iSPIRT Foundation, added.
The paper has been authored by Tiwari, Sharma, Siddharth Shetty of iSPIRT and Frank Packer, regional adviser, BIS representative office for Asia and the Pacific.
For developed countries, there are various sectors where the idea of consented data flows is missing in a particular subset, said Rahul Matthan, a partner with law firm Trilegal.
For instance, he said that the skilling sector in France would appreciate a DEPA-like model. The DEPA framework sits well with Europe’s regulations, he added.
“Everyone is under the gun as far as data regulations are concerned,” Matthan said. “They are reluctant to look to technology for the solution because they’re nervous that they may not have fundamental privacy principles built into them. In a sense, DEPA with the way it has been constructed based on the electronic consent artefact, allows for these solutions.”