Can Digilocker morph into SARAL / SUIIC ?
Context :
( Times of India /
24 Aug 2023 )
Extract :
The government is crafting a
mechanism to authenticate
the identity of parents and their children through the online repository,
DigiLocker.
Social media giants like Meta's Facebook Instagram, and
Google's YouTube Kids will be able to directly access and verify the documentation
of teenagers' parents stored in DigiLocker to secure parental
consent.
Once a parent agrees to share
information with a social media platform, a
one-time password must be entered to provide consent. This consent will be
recorded in the parental consent ledger.
The system necessitates parents to list all of
their children. Upon matching the
parent's and child's OTPs, they will be linked, and consent will be granted for
the processing of the child's data.
The method of linking is still
under consideration. Notifications will be sent to the concerned parent or
guardian upon successful linking.
To mitigate these risks, the
verification of identity and parental consent through DigiLocker aims to centralize the process and eliminate the need for platforms to
individually request and store documents.
Within DigiLocker, a consent artifact will be established, resembling vaccination
certificates or driving licenses. This artifact will display the recipients of
parental consent for data processing. Parents can revoke consent any time.
Presently, DigiLocker is utilized
by 180 million users, with 500,000 new users joining daily.
==================================================
From print
edition of Economic Times / TECHTONICS ( 27 Aug 2023 ) :
“ India’s New Digital Safety Net “
[ an interview with Shri Rajeev Chandrasekhar – Minister
of State for Electronics and IT ]
Question :
One of the criticisms of the act has been the exemptions the government
has granted to certain firms. What should be the basis to decide the categories
of firms who can avail exemptions and under what obligations ?
Rajeev Chandrasekhar
:
There are narrow exemptions envisaged in the act to reduce the
hindrances to the innovation eco-system and the start up economy
These exemptions are not provisioned for any Significant Data Fiduciaries
( SDFs ). In addition to the volume and nature of the personal data processed,
other criteria that could be considered are with respect to data fiduciaries
working on new technology, new ideas, PRIVACY-ENHANCING
technologies etc.,
and for a specified period. These criteria will be decided in consultation with
start ups
Question :
A new right provided in India is the right to nomination. How and when
can nominees be appointed ?
Rajeev Chandrasekhar :
Through DPDPA 2023, we are pioneering a
NEW INTERNATIONAL STANDARD with
respect to the rights of the individual in the digital space.
The nomination process can be initiated at any time after registration on a platform and can
also be changed at any point
We will discuss these matters in upcoming industry consultations
Question :
The law empowers users to demand that personal data collected with their
consent be corrected, updated, completed or erased. But how can this gap be
addressed ?
Rajeev Chandrasekhar :
There is absolutely no differentiation in the obligation under the law
for ANY ENTITY, be it
private or government, as long as it’s a data fiduciary
That means, if you collect data – regardless of whether you are the
government or a private entity – you will be liable to follow the law and carry
out obligations that have been laid out for you as a data fiduciary
Question :
For the industry , going back to users for additional personal data or
taking consent for new purposes is likely to become an expensive exercise. How
can digital tools help reduce this expense ?
Rajeev Chandrasekhar :
There would be DEEP BEHAVIOURAL CHANGES in the way personal data is processed
by data fiduciaries keeping in view the best interests of the citizens
Requirements for consent ( even for
additional purposes ) is built into the ARCHITECTURE of the law
The industry may have to explore DIGITAL
TOOLS to reduce technical and financial overload seeking consent. Also ,
the CONSENT ARCHITECTURE through a CONSENT MANAGER can modularise and ease this exercise
Question :
Can you explain verifiable consent and will this be feasible at scale ?
Rajeev Chandrasekhar :
Verifiable consent may be treated as consent obtained from the parent or
lawful guardian , which can be verified if needed. Hence, the CONSENT RECORD should be stored and be linked to the individual for whom
it is obtained
Dear Shri Chandrasekharji ,
In my following earlier e-mails , I have suggested ONE PLATFORM
( www.IndiaDataCustodian.gov.in
) for :
Ø Registration / Personal Data Submission , by all Indian Citizen
Ø That platform acting as the sole CONSENT MANAGER for all who register
Ø Consent Record will be MODULAR (I have described
in detail 10 MODULES
)
Ø Consent will be granted ( by the citizen ) or
denied , separately
for EACH MODULE
Ø A citizen could use a Mobile App ( DIGITAL TOOL ), to access her own Consent Record at any time to modify personal data , and / or “ grant / withdraw “
consent for any MODULE
Ø Above all , my detailed framework (of this platform
) would enable MONETIZATION of personal data
During your discussions with Industry / Stakeholders, I urge you to consider
my proposal
With regards,
Hemen Parekh
www.hemenparekh.ai /
27 Aug 2023
My Earlier E Mails :
Ø Orderly
Transition ? A Distant Dream …………………………………… 18 Aug 2023
Ø Stopping Data Leakage ? ..
…………………………………………………….07 Aug 2023
Ø
Consent Forms
for Personal Data …………………………………………. 07 Aug 2023
Ø
Dashboard for
Data Owners …………………… ……………………………..04 Aug 2023
Ø Only Answer : a Statutory Warning ………………………………………… 10 Nov 2018
Ø
Erasing Personal
Data ?
……………………………..……………………….. 21 Apr 2023
Ø
SARAL ( Single Authentic Registration
for Anywhere Login )…. 10 Feb 2019
Ø
Digital
Dividend from Demographic Data [ 4 D ]…………
………. 14 Feb 2019
Ø
Who watches the
Watchmen ? ……………………………………………. 12 Jan 2019
Ø
Monetizing User
Data ……………………………………………………………… 08 July 2023
Ø
Finland adopts “
SARAL “ ? …………………………………………………… 31 May 2023
Ø
If DEPA =
Foundation , then SARAL = Superstructure ………… 08 May 2022
Ø
India
embraces SUIIC : re-named as NATGRID …………………….27 Apr 2023
Ø
I am One , I
will become Many ………………………………………….. 06 Jan 2020
Ø DigiLocker =
Single Unified Identity for Indian Citizen ? ……… 08
Mar 2022
Ø Morphing of
DigiLocker : Caterpillar to Butterfly ? ………….. ……17 Mar 2022
Ø SUIIC : “ Your
Unique Identity “ Platform - about to be born ? 27
Apr 2022
Ø Meri Aawaz hi
Meri Pehchaan Hai ……………………………………… ……04 July 2022
Ø MOSIP ( Modular Open Source Identity Platform )………………..11 Sept 2022
Ø DigiLocker 2.0 =
I am One, I will become Many ……………….. 04 Feb 2023
I have not read the blog post you mentioned, but I can give you some general observations on the relative merits of the DPDPA processes and your proposal.
The DPDPA processes are designed to be comprehensive and secure. They involve a number of steps, including:
- Registration of individuals with the Unique Identification Authority of India (UIDAI)
- Issuance of Aadhaar cards to registered individuals
- Use of Aadhaar cards for authentication purposes
The DPDPA processes have been criticized for being too complex and bureaucratic. They have also been criticized for being a threat to privacy.
Your proposal is simpler and more streamlined than the DPDPA processes.
It would involve the creation of a single, unified identity platform that could be used for a variety of purposes, such as authentication, e-KYC, and e-governance.
Your proposal has the potential to be more efficient and less costly than the DPDPA processes.
However, it is important to consider the security implications of a single, unified identity platform.
Ultimately, the best approach to identity management in India is a matter of debate.
The DPDPA processes and your proposal each have their own strengths and weaknesses.
The best approach may vary depending on the specific needs of the Indian government and its citizens.
No comments:
Post a Comment