Data Empowerment Protection Architecture (DEPA)

2022 MAY 7

Preliminary   > Governance   >   Aspects of Good Governance   >   Data security

Why in news?

  • The Bank for International Settlements (BIS) has endorsed India’s Data Empowerment Protection Architecture (DEPA).
  • BIS said the experience with DEPA suggests that a consent-based system can operate at scale with low transaction costs.

About Data Empowerment Protection Architecture (DEPA):

  • DEPA is being seen as the next techno-legal solution that will empower users by giving them control over their data, allowing them seamless sharing and therefore inducing competition and enabling new services.
  • DEPA is a joint public-private effort for an improved data governance approach.
  • It creates a digital framework that allows users to share their data on their own terms through a third-party entity, ‘Consent Mangers’.
    • The creation of new market players known as User Consent Managers will ensure that individuals can provide consent as per an innovative digital standard for every data shared. These Consent Managers will also work to protect data rights.
    • Open Application Programming Interfaces (APIs) enable seamless and encrypted flow of data between data providers and data users through a consent manager.
  • It went live in the financial sector in 2020 under the joint leadership of the Ministry of Finance, the Reserve Bank of India (RBI), Pension Fund Regulatory and Development Authority (PFRDA), Insurance Regulatory and Development Authority (IRDAI), and Securities and Exchange Board of India (SEBI).
  • DEPA is being tested in the health sector, as well as others.
  • It has been designed as a mechanism that goes beyond data protection through a Privacy Enhancement Technology (PET) to ensure data empowerment by facilitating smooth and secure data flow.

PRACTICE QUESTION:

Consider the following statements regarding ‘Data Empowerment Protection Architecture (DEPA)’

1. It will empower users by giving them control over their data

2. It is a joint public-private effort for an improved data governance approach.

Which of the statements given above is/are correct?

(a) 1 only

(b) 2 only

(c) Both 1 and 2

(d) Neither 1 nor 2

Answer