Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Data Empowerment & Protection Architecture (DEPA)

2,178 views

Published on

A presentation on a new framework to empower, not just protect user data by iSPIRT.

Accompanying talk available at : https://youtu.be/mwC1kjaWV6g?t=1h7m3s

Published in: Internet
  • Be the first to comment

Data Empowerment & Protection Architecture (DEPA)

  1. 1. Data Empowerment & Protection Architecture (DEPA) August, 2017 1
  2. 2. Since we don't trust anyone with it, put the users in control of their own data! Source : Calvin and Hobbes, Bill Watterson, 1995 2
  3. 3. Freedom to share their data EMPOWER USERS THROUGH CONSENT 3
  4. 4. TYPES OF CONSENT CONSENT TO COLLECT CONSENT TO SHARE 4
  5. 5. CONSENT TO COLLECT Example: Personalised Dictionary based on Keyboard Data Consent To Collect Collected Permissions My Personal Dictionary (Based on my Keyboard Data) 5
  6. 6. Non-Shareable Example: Aadhaar Biometrics Personal Data Example: KYC data, Marksheets, Driving License Generated Data Raw Location History, Bank Transaction History Derived (Intelligence) Personalized Keyboard Dictionary, Credit Score Public Dataset data.gov.in Anonymous Dataset Anonymized Loan Book, Anonymized Travel Data DATA CLASSIFICATION 6
  7. 7. User Consent - Required * Required * Required * - - Downstream Sharing - Limited Restricted Barred Barred - Regulatory Drivers Regulated by Law Free sharing or Regulated Pricing Free sharing or Regulated Pricing Market Pricing Market Pricing Regulated by Law Tech Tools & Standards Biometrics Security eKYC, Digital Locker, Electronic Data Consent (EDC) Electronic Data Consent (EDC) Electronic Data Consent (EDC) Anonymization Standards Open Data Standards Non Shareable Personal Data Generated Data Public Dataset Derived (Intelligence) Anonymous Dataset *Complying with ORGANS Principles = Open, Revocable, Granular, Auditable, Notice, Secure 7 DATA CLASSIFICATION
  8. 8. CONSENT TO SHARE Example: Consent based eKYC (by UIDAI) 1234 5678 9012 OTP Biometrics Access ONLY via authentication No more fake identities No more paper No Photocopies KYC Data Shared Electronically WITH CONSENT 8
  9. 9. TECHNOLOGY TOOLS FOR CONSENTED DATA SHARING ● Digital Locker System (DLS) ● Electronic Data Consent (EDC) 9
  10. 10. DATA SHARING via DIGITAL LOCKER SYSTEM The Digital Locker System (DLS) by MeitY is a modern technology for secure, inter-mediated data sharing. “Federated” approach: Not a single provider but a network of providers that interoperate A secure “one-stop shop” for channeling all consented data sharing related to the user Digital Locker SystemData Producer Data Consumer USERS Issues Digitally Signed Documents Accesses Documents Online Consents Access 10
  11. 11. Example: DIGILOCKER (by NeGD) List of DigiLocker Data Producers: ● Central Board of Secondary Education (CBSE) & Council For The Indian School Certificate Examinations (CISCE) Class 10 and Class 12 ○ Statement of Marks ○ Passing Certificate ○ Migration Certificate ● Unique Identification Authority of India (UIDAI) ○ Digital Aadhaar Card ● Ministry of Road Transport and Highways ○ Driving License ○ Vehicle Registration Certificate ● Ministry of Petroleum and Natural Gas (IOCL+BPCL+HPCL) ○ Digital LPG Subscription Voucher 11
  12. 12. TECHNOLOGY TOOLS FOR CONSENTED DATA SHARING ● Digital Locker System (DLS) ● Electronic Data Consent (EDC) 12
  13. 13. Electronic Data Consent (EDC) ● Consistent with current legal frameworks and compliant with IT Act ● User-Centric: User controlled data sharing ● Auditable and Non-Repudiable ● Trust of data established through digitally signed documents Data Consumers (Banks,Credits Providers etc) Consent Collector Data Producers (Banks,Telco, Hospitals,etc) Consent Flow Digitally signed consent artefact 13
  14. 14. TECHNICAL ARCHITECTURE OF DEPA Data Producers are also referred to as Data Producers in the EDC Technical Documentation DP #1 DP #2 DP #3 DP #4 Flow-Based Credit Skilling & Recruitment Content & Media Bots Consent Collector Data Producers Data Consumers Consent Flow Data Flow Data released based on consent Consent Artefact 14 Data Access Notifications
  15. 15. MeitY Consent Artefact v1 Compliant with the ORGANS Principles: Open, Revocable, Granular, Auditable, Notice, Secure <consentcollector> CC </consentcollector> <dataconsumer> DC </dataconsumer> <dataproducer> DP </dataproducer> <user type=”UID”> 123412341ABC </user> <datatype type=”transactional”> <attribute-list> … </attribute-list> <duration> 6 months </duration> <datalife> 10 days </datalife> <frequency> YEARLY </frequency> <revocable> YES </revocable> <access> VIEW| STORE| QUERY </access> </datatype> <datatype type=”profile”> </datatype> <loggingInfo> … </loggingInfo> <purpose code=””> LOAN </purpose> <signature> #@%%#@$$##$@ </signature> Identifier Section Data Section Logging Section Signature Section Purpose of Data Access 15
  16. 16. Data Consumers (Banks, Credits Providers, etc) Consent Collector Data Producers (Banks, Telco, Hospitals, etc) 1. Revocation Request 2. Revoke 3. OK Contains a “revocation URL” owned by Data Producer 4. Artefact Revoked The Consent Artefact specifies how to log both consent flows and data flows. This granular logging helps in auditing and monetisation. An Example Workflow for Revoking Consent 16 REVOCATION, AUDIT, NOTICE
  17. 17. EDC facilitates Virtual Data Room Access: • Read Data Access • Query Data Access SECURE DATA ACCESS EDC facilitates Virtual Data Room Access: • View Data Access • Query Data Access <consentcollector> CC </consentcollector> <dataconsumer> DC </dataconsumer> <dataproducer> DP </dataproducer> <user type=”UID”> 123412341ABC </user> <datatype type=”transactional”> <attribute-list> … </attribute-list> <duration> 6 months </duration> <datalife> 10 days </datalife> <frequency> YEARLY </frequency> <revocable> YES </revocable> <access> VIEW | STORE | QUERY </access> </datatype> <datatype type=”profile”> </datatype> <loggingInfo> … </loggingInfo> <purpose code=””> LOAN </purpose> <signature> #@%%#@$$##$@ </signature> 17
  18. 18. Credential Sharing Example: Users share passwords Physical Sharing Example: Users share Paper KYC data Low Low DEPA MEASURES BETTER ON SECURITY AND CONVENIENCE DEPA 18 Access Delegation Example: OAuth Security Risk User Effort High Medium High Low Medium Vendor Effort HighLowMedium Low Low 18
  19. 19. 19 Combiner INCLUDED IN DEPA ● Digital Locker System (DLS) ● Electronic Data Consent (EDC) ● Combiner NOT INCLUDED IN DEPA ● Regulatory Framework
  20. 20. USE-CASES FOR DATA EMPOWERMENT & PROTECTION ARCHITECTURE (DEPA) 20 AgricultureHealth Lending
  21. 21. Meet, Rohan. He’s the owner of Fab Furniture (a physical shop for furniture rentals with an online presence) and is now looking to take the next step to purchase more stock and inventory. He's been running Fab Furniture for more than two years but given that he doesn't have any significant assets, it's highly unlikely for him to gain access to a collateral-free loan (with decent interest rates) using the prevailing lending and credit rating process. 2121
  22. 22. Introducing, Lendr* Rohan applies for a Loan on Lendr Rohan consents to sharing his data with Lendr via Consent Collector Rohan receives a personalised Loan Offer! 22 *Please Note: Lendr is a fictional application built to showcase consented data sharing using EDC.
  23. 23. Rohan (Owner of Fab Furniture) applies for a loan on the app (Lendr*) Lendr initialises the Consent Collector Consent Collector collects consent for ABC Bank, Digital Locker, FurnitureRentals.com, XYZ Telecom, and Credit Bureau Rohan eSigns the Consent Artefacts Lendr takes the consent artefact to the respective Data Producers Lendr makes a personalised loan offer to Rohan Lendr uses this data to asses the risk of lending to Rohan Data Producers validate the artefact and return the data to Lendr Rohan accepts the loan offer Paperless-Presenceless-Cashless Loans Repayment happens digitally 23 FLOW BASED LENDING *Please Note: Lendr is a fictional application built to showcase consented data sharing using EDC.
  24. 24. CONSENT FLOW & DATA FLOW 24 Consent Collector Data Producers Data Consumers Consent Flow Data Flow Consent Artefact Money Flow Lendr DP #1 DP #2 DP #3 DP #4 Data Access Notifications
  25. 25. USE-CASES FOR DATA EMPOWERMENT & PROTECTION ARCHITECTURE (DEPA) 25 AgricultureLending Health
  26. 26. Lab Healthcare Providers Patient Lab Lab Reports Diagnostic Reports Lab Reports 26 TYPICAL HEALTH SCENARIO Lab
  27. 27. Place your screenshot here Place your screenshot here Place your screenshot here Patient books an appointment online and simultaneously consents to share medical reports with the doctor Doctor receives medical reports of the patient Using the Combiner, the Doctor views a combined record of all the patient’s medical reports 27 Introducing, Healthy* *Please Note: Healthy is a fictional application built to showcase consented data sharing using EDC.
  28. 28. Lab Hospital Patient Healthcare Providers Health Record Combiner Combined Master Records Electronic Consent Lab Combiner 28 UNLOCKING HEALTH RECORDS DATA
  29. 29. CONSENT FLOW & DATA FLOW Data Producers are also referred to as Data Producers in the EDC Technical Documentation 29 Consent Collector Data Producers Data Consumers Consent Flow Consent Artefact Healthy. Money Flow Data Flow Data Access Notifications
  30. 30. USE-CASES FOR DATA EMPOWERMENT & PROTECTION ARCHITECTURE (DEPA) 30 Lending Health Agriculture
  31. 31. Meet Devi. She owns a 1.5 acre farm on the outskirts of Itarsi in rural MP. She primarily grows wheat and has never sold to anyone other than the local adatiya For her, manual farm labour is currently in short supply, and getting pricier every season. To counter this, she’s enlisted the services of a FaaS (Farm mechanization as a Service) company. As a result, she’s been told she can get crop insurance to cover her against situations like last year’s drought. 3131
  32. 32. EVERY FARM OPERATION GENERATES DATA Harvesting Land Preparation Sowing / Transplanting Post-harvest farm management Crop Management Farmer 32
  33. 33. • Farmer eKYC • Mobile No. • FPO/SHG affiliations Post-harvest •Yield history •Local prices Land Preparation •Farm Location •Farm Size •Ownership Sowing •Cropping pattern •Seed history Crop Management •Fertilizer/inputs history •Soil moisture •Soil composition •Crop disease data Harvesting •Fertilizer/inputs history •Soil moisture •Soil composition 33 EVERY FARM OPERATION GENERATES DATA
  34. 34. MULTIPLE PLAYERS CAN USE THIS DATA TO PROVIDE BETTER SERVICES TO FARMERS Government Banks / NBFCs Insurance Input manufacturers Downstream markets Other supply chain players 34
  35. 35. Consent Collector Data Producers Data ConsumerConsent Flow Data Flow Data Producers are also referred to as Data Providers in the EDC Technical Documentation Consent Artefact Money Flow CONSENT FLOW & DATA FLOW + + 35 Data Access Notifications
  36. 36. Skills Trust & Formalization Health Cannot work if data is in silos. Data with ML/AI will be used to reduce information asymmetry & provide benefits Lending Education 36 CONSENTED DATA SHARING IS KEY TO DATA DEMOCRACY
  37. 37. CONSENTED DATA SHARING INVERTS DATA Data is used to sell things to the user Data to be used to empower the user 37
  38. 38. 38 Thank You!

×