Something I was pleading for past 3 years , by arguing :
“ If my personal data is my exclusive property, and I
am its sole owner, then allow me / enable me to make money
by selling it “
To present my case, I sent
several emails ( listed below ) to our Cabinet Ministers / NITI Aayog .
I also presented a CONCEPTUAL FRAMEWORK ( a portal to
be called…www.IndiaDataCustodian.gov.in )
I am glad that NITI Aayog have just released following
DRAFT POLICY , which
incorporates my concept :
Draft
Empowerment and Protection Architecture
/ Executive Summary
(
Aug 2020 )
NITI has invited comments from public by 01 Oct 2020 ( send to Anna Roy / NITI : annaroy@nic.in )
======================================================================
Heart of the
Policy
:
The DEPA infrastructure
provides a simple and transparent mechanism for making data exchange visible
and explicit in ways that benefit all parties – either through enhanced
services or direct
monetary profits from sharing data.
Consent Managers can
facilitate a data exchange by charging a nominal fee.
However, since most
individuals are accustomed to free services, Consent
Managers could subsidise or relinquish the service fee charged to the data
principals by charging the data users (much like a subscription model).
=================================================
What was your
CONCEPT ?
( Source : Digital
Dividend from Demographic Data [ 4 D ]…………………………….
14 Feb 2019 )
Ø
SARAL will become the DATA REPOSITORY of 500
million current Indian internet users and will keep growing
Ø This DATABASE will become the single largest ( and searchable
) Demographic Profile in entire World
Data Buyers will be allowed to search
this database and
compile / download “ Target Demographic Profiles “,
upon online
payment of published “ Sale Price “ to SARAL / Single Authentic Registration for Anywhere
Login
Ø
Such profiles will not reveal
the identities of the registered Indian users ( of SARAL ). The compiled
profiles will be anonymized / aggregated
Ø SARAL will immediately distribute the Sale
Income among the users whose data got included in the downloaded Demographic Profie ( DBT into bank accounts of users )
======================================================================
What was your
earlier suggestion, if any ?
Following is extract from my email 3 years ago {
source : Privacy
For Sale / 26
Aug 2017 } :
The Supreme Court announced two days back ,
“ Right to Privacy “ is a Fundamental Right
Implication ?
Notwithstanding anything written elsewhere in this judgement, a person
shall have unrestricted / unfettered right to SELL his own PRIVATE data to anyone for a monetary consideration ( or for bartering
his / her private data for someone else’s data ? )
PREAMBLE
Every citizen has a right to Sell / Barter his personal information for monetary considerations
Any citizen or a
commercial enterprise, will be at liberty to BUY such personal data from
any such willing person
for commercial purpose
PLATFORM
Such SELL / BUY service
will have to be online, on platforms such as : www.PrivacyForSale.com
Such online platforms can
be set up by any entity (individual or a company ) and will need to be
registered with Ministry of Information Technology / Ministry of Law / Income
Tax Department etc and will require GST
registration too
=======================================================================
What other E Mails did you send to Cabinet Ministers
/ NITI Aayog on this policy ?
2017
Right to Sell My
Soul ? ………………………………………………………………………………………………………………..[
27 Aug 2017 ]
2018
A Matter of
Motive ……………………………………………………………………………………………………………………….[
04 Aug 2018 ]
Wealth of
Nations ………………………………………………………………………………………………………………………..[
17 Aug 2018 ]
Only Answer : a
Statutory Warning …………………………………………………………………………………………..[ 10 Nov
2018 ]
2019
Data is the New Oil ………………………………………………………………………………………………………………………[
30 Jan 2019 ]
SARAL [ Single Authentic Registration ( for ) Anywhere Login ]………………………….………………..[
10 Feb 2019 ]
Taxing the Data
Thieves ? ……………………………………………………………………………………………………………[ 04
Mar 2019 ]
Bulk Data Sharing /
Selling Policy ? ……………………………………………………………………………………………..[ 12 Mar
2019 ]
2020
First Step : Second
Step : Third Step …………………………………………………………………………………………..[ 23
July 2020 ]
Let me make money by
selling my Health Data ………………………………………………………………………..[ 02 Sept 2020 ]
======================================================================
Do you have any QUESTIONS re this DRAFT Policy ?
Yes
Ø
Policy talks about several TYPES of personal data such as,
Financial – Health – Jobs – Urban etc
{ I could not find any explicit mention of my Online Behavior Data ( Search –Purchase – Messaging –
Gaming – Status Posting etc ) } on Social Media / E Commerce sites etc
Will different Consent Managers (no
doubt Start-ups ), specialize as EXCHANGES for each TYPE of personal data ?
Could there be a Consent
Manager ( like my Financial Wealth Manager ), who would take care of my ALL
TYPES of personal data ? – so that, for each TYPE of data, I do not have to run
to different Consent Managers ?
Ø For each TYPE of personal data, could there be dozens of Consent Managers, competing
among themselves to “ Market / Sell “ my personal data to Online Buyers ?
Ø The policy talks about, “ account portability “.
Will that allow me to do the following ?
Just as banks compete against one another
for my FIXED DEPOSITs , by offering higher interest rates, prompting
me
to move my money from one bank to another, I be able to move “ My Personal Data
“ from one Consent
Manager to another Consent Manager, who is offering
me a higher SALE PRICE
Ø How much money can user ( possibly ) make by selling personal data ?
My
estimate : $ 4 / month , from each website ( x 100 = $ 400 pm = Rs
30,000 per month )
[ https://myblogepage.blogspot.com/2019/02/saral.html ]
Ø What
tempts you to reveal Private Details online ?
Research
By : Prof S
Shyam Sundar, Co-Director, Media Effects Research Lab, [ sss12@psu.edu ]
What the learned
Professor says could well be a “influencer “ but nothing beats “ Making Money “ ( from
selling the only thing they have left to sell ), as the most powerful motivator,
for the poor jobless ( due to pandemic ) citizen of India
=======================================================================
POLICY :
HIGHLIGHTS :
Ø Forward by Shri Amitabh Kant
# ….everyday Indians need control over their
own personal data to improve their lives. They should be
able to leverage their digital history to access growth opportunities offered
by different institutions
# Beyond the financial sector, DEPA also
presents opportunities in health, jobs, and urban data.
# DEPA builds the right infrastructure. It
inverts the traditional Western model where data is simply
used to advertise and sell products, to
one where data can be used to empower a billion Indians.
Ø Executive Summary
# Today
millions of Indians are creating electronic transaction histories and becoming ‘data-rich’ at
historic rates, even before becoming
economically rich or even financially stable
# DEPA is founded on the premise that individuals themselves are the best judges of the ‘right’
uses of
their personal data,
rather than competing institutional interests. They should not struggle to
access
and share their data
# A new type of private Consent Manager
institution ensures that individuals can provide consent as per
an
innovative digital standard for every granular piece of
data shared securely (using newly created
standard APIs).
These Consent Managers should also work to
protect your data rights.
This architecture replaces costly and cumbersome
data access and sharing practices that disempower
individuals, such as bulk printout
notarisation and physical submission, screen scraping,
username / password sharing, and terms and conditions forms providing blanket consent.
Consent
managers
can proactively look out for individual data interests (for example, by making
sure you have consented to data shared, innovating on modes
of obtaining consent for a diverse population
The Consent Manager
approach works in practice as follows:
• Consent Managers hold consent logs that determine how data can flow from data sources to data users
in an
authorised system.
• Consent Managers are data blind. They only enable the transaction, but are unable to read, store or
analyse
the data.
• For personal data
management, it is sufficient for the authorisation consents to be centralised
in the
account. Data can flow
directly between the source and the user.
• Due to account
portability, individuals can easily choose and change
their Consent Manager operator
service. The service provider lock-in is
minimal.
The DEPA infrastructure
provides a simple and transparent mechanism for making data exchange visible
and explicit in ways that benefit all parties – either through enhanced
services or direct
monetary profits from sharing data.
Consent Managers can
facilitate a data exchange by charging a nominal fee.
However, since most
individuals are accustomed to free services, Consent Managers could subsidise
or relinquish the service fee charged to the data principals by charging the data users
(much like a subscription model).
Information Providers
could go on to charge a service fee in the future, but in the financial sector
they have agreed to provide data without a charge for the time being.
Finally, a competitive ecosystem of Consent Managers in each sector could
keep prices manageable but cover costs to ensure profits.
# Consent managers can
compete to reach different customer segments with accessible and
inclusive
modes of obtaining informed consent. They can
also experiment with different business models. While
consent cannot be the only backstop, it is a
powerful first step to empowering individuals with data.
# DEPA is a new Indian model of data
governance that can be shared with the world -- one that is
evolving, and targets individual empowerment,
economic recovery and growth, and a competitive
data democracy
Ø The Data Empowerment and Protection
Architecture
# Data Silos
In a world where an exponentially
increasing number of companies and institutions control an
individual’s data as custodians or
fiduciaries, going to each actor individually to access and move data
interoperably across data users is a model
that will not scale
#
Risk of Inaction
Unless an evolvable, interoperable,
and secure data sharing framework is implemented, newly
generated data on Indians will at best remain
in silos without benefiting individuals who urgently
require it to access better
services, and at worst be misused without individuals’
knowledge and
consent.
# A
Paradigm Shift towards Data Empowerment
India needs a paradigm shift in personal data management that transforms
the current organisation-
centric data sharing system to an individual centric approach
that promotes user control on data
sharing for empowerment.
By giving people the power to decide how
their data can be used, DEPA enables an individual to control
the
flow of and benefit
from the value of her personal data, relying on not only
institutional data
protection measures but also restoring
individual agency over data use.
# An Evolving DEPA
Framework
The Data Empowerment and Protection
Architecture (DEPA) is a strategy for data empowerment
towards economic well-being
for all.
# A New Class of
Institutions
The PDP Bill introduces the
concept of “consent managers” to manage a data principal’s
consent for data sharing through an
accessible, transparent and interoperable platform. These consent
managers
are ‘data blind’ and will not see or use personal data themselves; rather they
will serve as a
conduit for encrypted data flows
#
Technology Foundation
The Consent Artefact: is a
technology Standard for programmable consent to replace
the all-permissive
terms and conditions forms.
The consent individuals provide
is designed on principles
acronymed ORGANS:
[ what I described
in
SARAL [ Single Authentic Registration ( for ) Anywhere Login ]………………………….[
10 Feb 2019 ]
:
# Open standards (ensuring all
institutions use the same approach interoperably);
# Revocable (by individuals);
# Granular (provided for each time you
share data, stipulates how long data can be accessed, etc.);
# Auditable (in machine readable logs of
consent provided), provide
# Notice to all parties, and
# Secure by design.
#
Guiding Principles
These principles are:
o
promoting informed consent for every data transaction (rather than blanket consent for data use)
o
building in accountability
o
building an open infrastructure
o
building incentive alignment between new public or private
institutions and the needs of individuals around their data
o
ensuring accessibility and affordability of data sharing
o
remaining technology agnostic
o
supporting data minimization
o
ensuring reciprocity of data use and data provision
Ø An “India way” for the World on Data
We are confident DEPA will be a
transformative platform that shows a new India model on data protection,
sharing, consent and privacy quite distinct
from other models around the world
The India model of data governance is one that is
inclusive, sensitive to
the needs of the poor,
technologically innovative and robust,
Simple access or control of user
data will no longer be a source of competitive
advantage;
Institutions will have to create
value through better analysis and more sophisticated predictions based on
data, as well as improve accessibility for
users.
Finally, because the standards
underpinning DEPA are open, the architecture can be applied to other
countries - an institutional
framework can be designed to globalise this standard and apply it to other
markets facing similar challenges.
=======================================================================
Dear Shri RaviShankar Prasadji / Shri Amitabh Kantji,
Thanks for this truly
REVOLUTIONARY INNOVATION
Without doubt, this will
enable millions of poor / middle class Indians to monetize
their Personal Data
As repeatedly stated in my
earlier emails : This innovation is better than any Universal
Basic Income ( UBI ) scheme , - and without
imposing any burden on the exchequer
With regards,
Hemen Parekh / hcp@recruitGuru.com / 06 Sept 2020