Hi Friends,

Even as I launch this today ( my 80th Birthday ), I realize that there is yet so much to say and do. There is just no time to look back, no time to wonder,"Will anyone read these pages?"

With regards,
Hemen Parekh
27 June 2013

Now as I approach my 90th birthday ( 27 June 2023 ) , I invite you to visit my Digital Avatar ( www.hemenparekh.ai ) – and continue chatting with me , even when I am no more here physically

Sunday, 27 August 2023

All roads lead to SARAL ? or SUIIC ?

 


 

Can Digilocker morph into SARAL / SUIIC ?

 

Context :

Store parental consent on DigiLocker soon; new tech to allow FB, Youtube , Insta to verify documents of children

 

(  Times of India  /  24  Aug  2023  )

Extract :

The government is crafting a mechanism to authenticate the identity of parents and their children through the online repository, DigiLocker.

Social media giants like Meta's Facebook Instagram, and Google's YouTube Kids will be able to directly access and verify the documentation of teenagers' parents stored in DigiLocker to secure parental consent.

 

Once a parent agrees to share information with a social media platform, a one-time password must be entered to provide consent. This consent will be recorded in the parental consent ledger.

The system necessitates parents to list all of their children. Upon matching the parent's and child's OTPs, they will be linked, and consent will be granted for the processing of the child's data.

 

The method of linking is still under consideration. Notifications will be sent to the concerned parent or guardian upon successful linking.

To mitigate these risks, the verification of identity and parental consent through DigiLocker aims to centralize the process and eliminate the need for platforms to individually request and store documents.

 

Within DigiLocker, a consent artifact will be established, resembling vaccination certificates or driving licenses. This artifact will display the recipients of parental consent for data processing. Parents can revoke consent any time.

 

Presently, DigiLocker is utilized by 180 million users, with 500,000 new users joining daily.

 

==================================================

From print edition of Economic Times / TECHTONICS ( 27 Aug 2023 ) :

 

India’s New Digital Safety Net  

[  an interview with Shri Rajeev Chandrasekhar – Minister of State for Electronics and IT  ]

 

Question :

One of the criticisms of the act has been the exemptions the government has granted to certain firms. What should be the basis to decide the categories of firms who can avail exemptions and under what obligations ?

Rajeev   Chandrasekhar :

There are narrow exemptions envisaged in the act to reduce the hindrances to the innovation eco-system and the start up economy

These exemptions are not provisioned for any Significant Data Fiduciaries ( SDFs ). In addition to the volume and nature of the personal data processed, other criteria that could be considered are with respect to data fiduciaries working on new technology, new ideas, PRIVACY-ENHANCING technologies etc., and for a specified period. These criteria will be decided in consultation with start ups

 

Question :

A new right provided in India is the right to nomination. How and when can nominees be appointed ?

Rajeev Chandrasekhar :

Through DPDPA 2023, we are pioneering a NEW INTERNATIONAL STANDARD with respect to the rights of the individual in the digital space.

The nomination process can be initiated at any time after registration on a platform and can also be changed at any point

We will discuss these matters in upcoming industry consultations

 

Question :

The law empowers users to demand that personal data collected with their consent be corrected, updated, completed or erased. But how can this gap be addressed ?

Rajeev Chandrasekhar :

There is absolutely no differentiation in the obligation under the law for ANY ENTITY, be it private or government, as long as it’s a data fiduciary

That means, if you collect data – regardless of whether you are the government or a private entity – you will be liable to follow the law and carry out obligations that have been laid out for you as a data fiduciary

 

 

Question :

For the industry , going back to users for additional personal data or taking consent for new purposes is likely to become an expensive exercise. How can digital tools help reduce this expense ?

Rajeev Chandrasekhar :

There would be DEEP BEHAVIOURAL CHANGES in the way personal data is processed by data fiduciaries keeping in view the best interests of the citizens

Requirements for consent ( even for additional purposes ) is built into the ARCHITECTURE of the law

The industry may have to explore DIGITAL TOOLS to reduce technical and financial overload seeking consent. Also , the CONSENT ARCHITECTURE through a CONSENT MANAGER can modularise and ease this exercise

 

Question :

Can you explain verifiable consent and will this be feasible at scale ?

Rajeev Chandrasekhar :

Verifiable consent may be treated as consent obtained from the parent or lawful guardian , which can be verified if needed. Hence, the CONSENT RECORD should be stored and be linked to the individual for whom it is obtained

 

 

Dear Shri Chandrasekharji ,

 

In my following earlier e-mails , I have suggested ONE PLATFORM 

( www.IndiaDataCustodian.gov.in ) for :

Ø  Registration / Personal Data Submission , by all Indian Citizen

Ø  That platform acting as the sole CONSENT MANAGER for all who register

Ø  Consent Record will be MODULAR (I have described in detail 10 MODULES )

Ø  Consent will be granted ( by the citizen ) or denied , separately for EACH MODULE

Ø  A citizen could use a Mobile App ( DIGITAL TOOL ), to access her own Consent Record at any time to modify personal data , and / or “ grant / withdraw “ consent for any MODULE

Ø  Above all , my detailed framework (of this platform ) would enable MONETIZATION of personal data


During your discussions with Industry / Stakeholders, I urge you to consider my proposal


With regards,

Hemen Parekh

www.hemenparekh.ai  /  27  Aug  2023

 

My Earlier E Mails :

 

Ø  Orderly Transition ? A Distant Dream …………………………………… 18 Aug 2023

Ø   Stopping Data Leakage ?  .. …………………………………………………….07 Aug 2023

Ø   Consent Forms for Personal Data  …………………………………………. 07 Aug 2023

Ø   Dashboard for Data Owners  …………………… ……………………………..04 Aug 2023

Ø  Only Answer : a Statutory Warning  ………………………………………… 10 Nov 2018

Ø   Erasing Personal Data ? ……………………………..………………………..  21  Apr  2023

Ø   SARAL ( Single  Authentic  Registration for Anywhere  Login )…. 10 Feb 2019 

Ø   Digital Dividend from Demographic Data [ 4 D ]………… ………. 14 Feb 2019 

Ø   Who watches the Watchmen ?  …………………………………………….  12 Jan 2019

Ø   Monetizing User Data ……………………………………………………………… 08 July 2023

Ø   Finland adopts “ SARAL “ ?  …………………………………………………… 31 May 2023

Ø   If DEPA = Foundation , then SARAL = Superstructure …………  08 May 2022

Ø  India embraces SUIIC : re-named as NATGRID  …………………….27 Apr 2023

Ø  I am One , I will become Many   ………………………………………….. 06  Jan  2020

Ø  DigiLocker = Single Unified Identity for Indian Citizen ? ………  08 Mar 2022

Ø   Morphing of DigiLocker : Caterpillar to Butterfly ? ………….. ……17 Mar 2022

 

Ø  SUIIC : “ Your Unique Identity “ Platform - about to be born ?  27 Apr 2022

 

Ø  Meri Aawaz hi Meri Pehchaan Hai  ……………………………………… ……04 July 2022

 

Ø  MOSIP   ( Modular Open Source Identity Platform )………………..11 Sept 2022

 

Ø    DigiLocker 2.0 = I am One, I will become Many  ……………….. 04 Feb 2023

 

 

======================================

Upon reference , BARD added :


I have not read the blog post you mentioned, but I can give you some general observations on the relative merits of the DPDPA processes and your proposal.

The DPDPA processes are designed to be comprehensive and secure. They involve a number of steps, including:

  • Registration of individuals with the Unique Identification Authority of India (UIDAI)
  • Issuance of Aadhaar cards to registered individuals
  • Use of Aadhaar cards for authentication purposes

The DPDPA processes have been criticized for being too complex and bureaucratic. They have also been criticized for being a threat to privacy.

Your proposal is simpler and more streamlined than the DPDPA processes.

It would involve the creation of a single, unified identity platform that could be used for a variety of purposes, such as authentication, e-KYC, and e-governance.

Your proposal has the potential to be more efficient and less costly than the DPDPA processes.

However, it is important to consider the security implications of a single, unified identity platform.

Ultimately, the best approach to identity management in India is a matter of debate.

The DPDPA processes and your proposal each have their own strengths and weaknesses.

The best approach may vary depending on the specific needs of the Indian government and its citizens.

I hope this helps! 

 

              

No comments:

Post a Comment