Hi Friends,

Even as I launch this today ( my 80th Birthday ), I realize that there is yet so much to say and do. There is just no time to look back, no time to wonder,"Will anyone read these pages?"

With regards,
Hemen Parekh
27 June 2013

Now as I approach my 90th birthday ( 27 June 2023 ) , I invite you to visit my Digital Avatar ( www.hemenparekh.ai ) – and continue chatting with me , even when I am no more here physically

Saturday, 5 September 2020

Released : Govt Policy for Selling Personal Data




Something I was pleading for past 3 years , by arguing :

“ If my personal data is my exclusive property, and I am its sole owner, then allow me / enable me to make money
  by selling it “

To present my case, I sent several emails ( listed below ) to our Cabinet Ministers / NITI Aayog .

I also presented a CONCEPTUAL FRAMEWORK ( a portal to be called…www.IndiaDataCustodian.gov.in )

I am glad that NITI Aayog have just released following DRAFT POLICY , which incorporates my concept :

Draft Empowerment and Protection Architecture   / Executive Summary     (  Aug 2020 )


NITI has invited comments from public by 01 Oct 2020 ( send to Anna Roy / NITI : annaroy@nic.in )

======================================================================

Heart of the Policy :

The DEPA infrastructure provides a simple and transparent mechanism for making data exchange visible and explicit in ways that benefit all parties – either through enhanced services or direct monetary profits from sharing data.

Consent Managers can facilitate a data exchange by charging a nominal fee.

However, since most individuals are accustomed to free services, Consent Managers could subsidise or relinquish the service fee charged to the data principals by charging the data users (much like a subscription model).





=================================================

What was your CONCEPT ?


( Source : Digital Dividend from Demographic Data [ 4 D ]……………………………. 14 Feb 2019 )


Ø  SARAL will become the DATA REPOSITORY of  500 million current Indian internet users and will keep growing

Ø  This  DATABASE  will become the single largest ( and searchable ) Demographic Profile in entire World

 Data Buyers will be allowed to search this database and compile / download  “ Target  Demographic Profiles “,
 upon online payment of published “ Sale Price “  to  SARAL / Single  Authentic  Registration  for Anywhere  
 Login


Ø  Such profiles will not reveal the identities of the registered Indian users ( of SARAL ). The compiled profiles will be anonymized / aggregated

Ø  SARAL will immediately distribute the Sale Income among the users whose data got included in the downloaded Demographic Profie ( DBT into bank accounts of users )

======================================================================

What was your earlier suggestion, if any ?


Following is extract from my email 3 years ago { source : Privacy For Sale  /  26 Aug 2017 } :

The Supreme Court announced two days back ,

“ Right to Privacy “ is a Fundamental Right

Implication ?

Notwithstanding anything written elsewhere in this judgement, a person shall have unrestricted / unfettered right to SELL his own PRIVATE data to anyone for a monetary consideration ( or for bartering his / her private data for someone else’s data ? )

PREAMBLE

Every citizen has a right to Sell / Barter his personal information for monetary considerations

Any citizen or a commercial enterprise, will be at liberty to BUY such personal data from any such willing person
for commercial purpose

   
PLATFORM  


Such SELL / BUY service will have to be online, on platforms such as : www.PrivacyForSale.com 

Such online platforms can be set up by any entity (individual or a company ) and will need to be registered with Ministry of Information Technology / Ministry of Law / Income Tax Department etc and will require GST registration too

=======================================================================


What other E Mails did you send to Cabinet Ministers / NITI Aayog on this policy ?

 

2017

Right to Sell My Soul ?   ………………………………………………………………………………………………………………..[ 27 Aug 2017 ]

2018

A Matter of Motive   ……………………………………………………………………………………………………………………….[ 04 Aug 2018 ]

Wealth of Nations   ………………………………………………………………………………………………………………………..[ 17 Aug 2018 ]

Only Answer : a Statutory Warning   …………………………………………………………………………………………..[ 10 Nov 2018 ]


2019

Data is the New Oil   ………………………………………………………………………………………………………………………[ 30 Jan 2019 ]

SARAL  [ Single  Authentic  Registration ( for )  Anywhere  Login ]………………………….………………..[ 10 Feb 2019 ]

Taxing the Data Thieves ?   ……………………………………………………………………………………………………………[ 04 Mar 2019 ]

Bulk Data Sharing / Selling Policy ?  ……………………………………………………………………………………………..[ 12 Mar 2019 ]

2020

First Step : Second Step : Third Step …………………………………………………………………………………………..[ 23 July 2020 ]

Let me make money by selling my Health Data  ………………………………………………………………………..[ 02 Sept 2020 ]

 

======================================================================

Do you have any QUESTIONS re this DRAFT Policy ?

     Yes

Ø  Policy talks about several TYPES of personal data such as, Financial – Health – Jobs – Urban etc

{ I could not find any explicit mention of my Online Behavior Data ( Search –Purchase – Messaging – Gaming – Status Posting etc ) } on Social Media / E Commerce sites etc


Will different Consent Managers (no doubt Start-ups ), specialize as EXCHANGES for each TYPE of personal data ?


Could there be a Consent Manager ( like my Financial Wealth Manager ), who would take care of my ALL TYPES of personal data ? – so that, for each TYPE of data, I do not have to run to different Consent Managers ?



Ø  For each TYPE of personal data, could there be dozens of Consent Managers, competing among themselves to “ Market / Sell “ my personal data to Online Buyers ?


Ø  The policy talks about, “ account portability “. Will that allow me to do the following ?


     Just as banks compete against one another for my FIXED DEPOSITs , by offering higher interest rates, prompting

     me to move my money from one bank to another, I be able to move “ My Personal Data “ from one Consent

     Manager to another Consent Manager, who is offering me a higher SALE PRICE


 

Ø  How much money can user ( possibly ) make by selling personal data ?

My estimate :  $ 4 / month , from each website ( x 100 = $ 400 pm = Rs 30,000 per month )

[  https://myblogepage.blogspot.com/2019/02/saral.html  ]

 

Ø  What tempts you to reveal Private Details online ?


Research By :  Prof S Shyam Sundar, Co-Director, Media Effects Research Lab, [ sss12@psu.edu ]


What the learned Professor says could well be a “influencer “ but nothing beats “ Making Money “ ( from selling the only thing they have left to sell ), as the most powerful motivator, for the poor jobless ( due to pandemic ) citizen of India


=======================================================================


POLICY  :

HIGHLIGHTS :

Ø  Forward by Shri Amitabh Kant

#  ….everyday Indians need control over their own personal data to improve their lives. They should be
       able to leverage their digital history to access growth opportunities offered by different institutions

#    Beyond the financial sector, DEPA also presents opportunities in health, jobs, and urban data.

#    DEPA builds the right infrastructure. It inverts the traditional Western model where data is simply
      used to advertise and sell products, to one where data can be used to empower a billion Indians.


Ø  Executive Summary

#    Today millions of Indians are creating electronic transaction histories and becoming  data-rich’  at
       historic rates, even before becoming economically rich or even financially stable

#     DEPA is founded on the premise that individuals themselves are the best judges of the ‘right’ uses of
       their personal data, rather than competing institutional interests. They should not struggle to access
       and share their data

#    A new type of private Consent Manager institution ensures that individuals can provide consent as per
      an innovative digital standard for every granular piece of data shared securely (using newly created
      standard APIs).


These Consent Managers should also work to protect your data rights. 


This architecture replaces costly and cumbersome data access and sharing practices that disempower
      individuals, such as bulk printout notarisation and physical submission, screen scraping,
      username / password sharing, and terms and conditions forms providing blanket consent.


 Consent managers can proactively look out for individual data interests (for example, by making sure you have consented to data shared, innovating on modes of obtaining consent for a diverse population


The Consent Manager approach works in practice as follows:

• Consent Managers hold consent logs that determine how data can flow from data sources to data users
  in an authorised system.

• Consent Managers are data blind. They only enable the transaction, but are unable to read, store or
  analyse the data.

• For personal data management, it is sufficient for the authorisation consents to be centralised in the
  account. Data can flow directly between the source and the user.

• Due to account portability, individuals can easily choose and change their Consent Manager operator
  service. The service provider lock-in is minimal.

The DEPA infrastructure provides a simple and transparent mechanism for making data exchange visible and explicit in ways that benefit all parties – either through enhanced services or direct monetary profits from sharing data.

Consent Managers can facilitate a data exchange by charging a nominal fee.

However, since most individuals are accustomed to free services, Consent Managers could subsidise or relinquish the service fee charged to the data principals by charging the data users (much like a subscription model).

Information Providers could go on to charge a service fee in the future, but in the financial sector they have agreed to provide data without a charge for the time being.

Finally, a competitive ecosystem of Consent Managers in each sector could keep prices manageable but cover costs to ensure profits.


#   Consent managers can compete to reach different customer segments with accessible and inclusive
     modes of obtaining informed consent. They can also experiment with different business models. While
     consent cannot be the only backstop, it is a powerful first step to empowering individuals with data.

#    DEPA is a new Indian model of data governance that can be shared with the world -- one that is
      evolving, and targets individual empowerment, economic recovery and growth, and a competitive
     data democracy



Ø  The Data Empowerment and Protection Architecture

#   Data Silos

             In a world where an exponentially increasing number of companies and institutions control an
             individual’s data as custodians or fiduciaries, going to each actor individually to access and move data
             interoperably across data users is a model that will not scale


       #   Risk of Inaction

            Unless an evolvable, interoperable, and secure data sharing framework is implemented, newly
            generated data on Indians will at best remain in silos without benefiting individuals who urgently
            require it to access better services, and at worst be misused without individuals’ knowledge and
            consent.


            #    A Paradigm Shift towards Data Empowerment

                  India needs a paradigm shift in personal data management that transforms the current organisation-
                  centric data sharing system to an individual centric approach that promotes user control on data
                  sharing for empowerment.

                   By giving people the power to decide how their data can be used, DEPA enables an individual to control
                 the flow of and benefit from the value of her personal data, relying on not only institutional data
                 protection measures but also restoring individual agency over data use.


           #    An Evolving DEPA Framework

                 The Data Empowerment and Protection Architecture (DEPA) is a strategy for data empowerment
                 towards economic well-being for all.


           #    A New Class of Institutions

                 The PDP Bill introduces the concept of “consent managers” to manage a data principal’s
                 consent for data sharing through an accessible, transparent and interoperable platform. These consent
                 managers are ‘data blind’ and will not see or use personal data themselves; rather they will serve as a
                 conduit for encrypted data flows


           #    Technology Foundation

                 The Consent Artefact: is a technology Standard for programmable consent to replace the all-permissive
                 terms and conditions forms.

                The consent individuals provide is designed on principles acronymed ORGANS:

                [ what I described in

                 SARAL  [ Single  Authentic  Registration ( for )  Anywhere  Login ]………………………….[ 10 Feb 2019 ]


  :
               #  Open standards (ensuring all institutions use the same approach interoperably);

               #  Revocable (by individuals);

               #  Granular (provided for each time you share data, stipulates how long data can be accessed, etc.);

               #  Auditable (in machine readable logs of consent provided), provide
               #  Notice to all parties, and

               #  Secure by design.


          #    Guiding Principles

                These principles are:

o    promoting informed consent for every data transaction (rather than blanket consent for data use)

o    building in accountability

o    building an open infrastructure

o    building incentive alignment between new public or private institutions and the needs of individuals around their data

o    ensuring accessibility and affordability of data sharing

o    remaining technology agnostic

o    supporting data minimization

o    ensuring reciprocity of data use and data provision


Ø  An “India way” for the World on Data

             We are confident DEPA will be a transformative platform that shows a new India model on data protection,
             sharing, consent and privacy quite distinct from other models around the world

             The India model of data governance is one that is inclusive, sensitive to the needs of the poor,
             technologically innovative and robust,

             Simple access or control of user data will no longer be a source of competitive advantage;

             Institutions will have to create value through better analysis and more sophisticated predictions based on
            data, as well as improve accessibility for users.

            Finally, because the standards underpinning DEPA are open, the architecture can be applied to other
           countries - an institutional framework can be designed to globalise this standard and apply it to other
           markets facing similar challenges.

=======================================================================

Dear Shri RaviShankar Prasadji / Shri Amitabh Kantji,


Thanks for this truly REVOLUTIONARY INNOVATION

Without doubt, this will enable millions of poor / middle class Indians to monetize their Personal Data

As repeatedly stated in my earlier emails : This innovation is better than any Universal Basic Income ( UBI ) scheme , - and without imposing any burden on the exchequer


With regards,

Hemen Parekh  /  hcp@recruitGuru.com /  06 Sept 2020