All roads lead to SARAL ? or SUIIC ?
Can Digilocker morph into SARAL / SUIIC ?
Context :
( Times of India / 24 Aug 2023 )
Extract :
The government is crafting a mechanism to authenticate the identity of parents and their children through the online repository, DigiLocker.
Social media giants like Meta's Facebook Instagram, and Google's YouTube Kids will be able to directly access and verify the documentation of teenagers' parents stored in DigiLocker to secure parental consent.
Once a parent agrees to share information with a social media platform, a one-time password must be entered to provide consent. This consent will be recorded in the parental consent ledger.
The system necessitates parents to list all of their children. Upon matching the parent's and child's OTPs, they will be linked, and consent will be granted for the processing of the child's data.
The method of linking is still under consideration. Notifications will be sent to the concerned parent or guardian upon successful linking.
To mitigate these risks, the verification of identity and parental consent through DigiLocker aims to centralize the process and eliminate the need for platforms to individually request and store documents.
Within DigiLocker, a consent artifact will be established, resembling vaccination certificates or driving licenses. This artifact will display the recipients of parental consent for data processing. Parents can revoke consent any time.
Presently, DigiLocker is utilized by 180 million users, with 500,000 new users joining daily.
==============================
From print edition of Economic Times / TECHTONICS ( 27 Aug 2023 ) :
“ India’s New Digital Safety Net “
[ an interview with Shri Rajeev Chandrasekhar – Minister of State for Electronics and IT ]
Question :
One of the criticisms of the act has been the exemptions the government has granted to certain firms. What should be the basis to decide the categories of firms who can avail exemptions and under what obligations ?
Rajeev Chandrasekhar :
There are narrow exemptions envisaged in the act to reduce the hindrances to the innovation eco-system and the start up economy
These exemptions are not provisioned for any Significant Data Fiduciaries ( SDFs ). In addition to the volume and nature of the personal data processed, other criteria that could be considered are with respect to data fiduciaries working on new technology, new ideas, PRIVACY-ENHANCING technologies etc., and for a specified period. These criteria will be decided in consultation with start ups
Question :
A new right provided in India is the right to nomination. How and when can nominees be appointed ?
Rajeev Chandrasekhar :
Through DPDPA 2023, we are pioneering a NEW INTERNATIONAL STANDARD with respect to the rights of the individual in the digital space.
The nomination process can be initiated at any time after registration on a platform and can also be changed at any point
We will discuss these matters in upcoming industry consultations
Question :
The law empowers users to demand that personal data collected with their consent be corrected, updated, completed or erased. But how can this gap be addressed ?
Rajeev Chandrasekhar :
There is absolutely no differentiation in the obligation under the law for ANY ENTITY, be it private or government, as long as it’s a data fiduciary
That means, if you collect data – regardless of whether you are the government or a private entity – you will be liable to follow the law and carry out obligations that have been laid out for you as a data fiduciary
Question :
For the industry , going back to users for additional personal data or taking consent for new purposes is likely to become an expensive exercise. How can digital tools help reduce this expense ?
Rajeev Chandrasekhar :
There would be DEEP BEHAVIOURAL CHANGES in the way personal data is processed by data fiduciaries keeping in view the best interests of the citizens
Requirements for consent ( even for additional purposes ) is built into the ARCHITECTURE of the law
The industry may have to explore DIGITAL TOOLS to reduce technical and financial overload seeking consent. Also , the CONSENT ARCHITECTURE through a CONSENT MANAGER can modularise and ease this exercise
Question :
Can you explain verifiable consent and will this be feasible at scale ?
Rajeev Chandrasekhar :
Verifiable consent may be treated as consent obtained from the parent or lawful guardian , which can be verified if needed. Hence, the CONSENT RECORD should be stored and be linked to the individual for whom it is obtained
Dear Shri Chandrasekharji ,
In my following earlier e-mails , I have suggested ONE PLATFORM ( www.IndiaDataCustodian.gov.in ) for :
Ø Registration / Personal Data Submission , by all Indian Citizen
Ø That platform acting as the sole CONSENT MANAGER for all who register
Ø Consent Record will be MODULAR ( I have described in detail , 10 MODULES )
Ø Consent will be granted ( by the citizen ) or denied , separately for EACH MODULE
Ø A citizen could use a Mobile App ( DIGITAL TOOL ), to access her own Consent Record at any time to modify personal data , and / or “ grant / withdraw “ consent for any MODULE
Ø Above all , my detailed framework (of this platform ) would enable MONETIZATION of personal data
During your discussions with Industry / Stakeholders, I urge you to consider my proposal
With regards,
Hemen Parekh
www.hemenparekh.ai / 27 Aug 2023
My Earlier E Mails :
Ø Orderly Transition ? A Distant Dream …………………………………… 18 Aug 2023
Ø Stopping Data Leakage ? .. …………………………………………………….07 Aug 2023
Ø Consent Forms for Personal Data …………………………………………. 07 Aug 2023
Ø Dashboard for Data Owners …………………… ……………………………..04 Aug 2023
Ø Only Answer : a Statutory Warning ………………………………………… 10 Nov 2018
Ø Erasing Personal Data ? ………………………………………………………….. 21
Ø SARAL ( Single Authentic
Ø Digital Dividend from Demographic Data [ 4 D ]………… ……………. 14 Feb 2019
Ø Who watches the Watchmen ? …………………………………………………. 12 Jan 2019
Ø Monetizing User Data …………………………………………………………………
Ø Finland adopts “ SARAL “ ? ……………………………………………………….. 31 May 2023
Ø If DEPA = Foundation , then SARAL = Superstructure …………… 08 May 2022
Ø India embraces SUIIC : re-named as NATGRID …………………………….27 Apr 2023
Ø I am One , I will become Many ………………………………………………….. 0 6 Jan 2020
Ø DigiLocker = Single Unified Identity for Indian Citizen ? ………….. 08 Mar 2022
Ø Morphing of DigiLocker : Caterpillar to Butterfly ? ………….. ………..17 Mar 2022
Ø SUIIC : “ Your Unique Identity “ Platform - about to be born ? ….. 27 Apr 2022
Ø Meri Aawaz hi Meri Pehchaan Hai ……………………………………… …………04 July 2022
Ø MOSIP ( Modular Open Source
No comments:
Post a Comment