Insights

Real experiences and insights that shape outcomes

img

India Stack – Data Management and Security

January 31, 2023

Data Sharing

The consent layer of the India Stack puzzle focuses on establishing a new model for data governance in India. Enshrined in a policy framework known as the Data Empowerment and Protection Architecture (DEPA), the ‘data’ layer of India Stack aims to restore the ownership and control over user data to its rightful owners.

The past decade has changed the global conversation around individual privacy and data ownership significantly. Seminal legislation like the General Data Protection Regulation (GDPR) in the European Union, Open Banking in the UK, and the California Consumer Privacy Bill in the United States have sought to empower individual citizens with agency and control over their personal data. DEPA represents India’s attempt at creating a secure consent-based data-sharing framework’ to accelerate the financial inclusion of its citizens.

DEPA Framework

3-pillars of DEPA Framework

    1. A landmark Personal Data Protection Bill gives Indian citizens a number of rights pertaining to their data
  1. An electronic consent artifact, which establishes a standardized and programmable digital template for capturing user consent to share their personal data with third parties
  2. A new category of regulated entities is known as ‘consent managers’ (Account Aggregators [AA]). They play the role of traffic cops in a typical data value chain. They provide an interface to facilitate the ‘easy sharing and consumption of data from various entities with user consent’.

The rollout of DEPA for financial data and telecom data is taking place through Account Aggregators that RBI licenses. It already covers all asset data, liabilities data, and telecom data.

Account Aggregator

The Account Aggregator performs two main functions. It assists and enables the user to access their financial data easily and it helps manage consent. The Account Aggregator framework seeks to change that by providing a catalyst for India’s new data democracy, where the time and cost of retrieving and sharing user data will no longer be a hindrance in building sustainable financial products. Consumers can approve/manage/revoke all their consent agreements in one place. At the same time, institutions can clearly define their data requests at a granular level. Individuals and businesses have the ability to prove any data about themselves in a permissionless and verifiable manner.

Account Aggregator

The entire AA system is interoperable by design, so a service provider that integrates with one AA app can make data requests to users of any other app. This takes away the need for custom integrations with different banks. It also gives users the freedom to use whichever AA they want to.

While initially earmarked to be piloted in the financial services industry, the grander vision is to enable consent-based data sharing across a number of important sectors like healthcare and e-commerce where ordinary citizens will have the ability to leverage their own data to avail of relevant products and services like loans, telemedicine, portfolio advisory and a litany of other use cases that are waiting to be developed.

Role of Account Aggregator

The Account Aggregator enables users to maintain and use their financial data as they see fit. In the past, it was tremendously hard for an Indian to get a bank account statement; when applying for a loan, he had to share either unverifiable paper records or his banking pass­word with the lender, not knowing what data might be extracted. Customers can allow sharing of certain financial data safely with the help of Account Aggregators. Users retain their privacy as the Account Aggregators operate on a fee-for-transaction business model. There are legal provisions that prohibit AAs to store or sell data.

Conclusion

The fiduciary responsibilities of the account aggregator to access the financial data are governed by the APIs at a technical level with the DEPA framework. Users have the legal protection of their personal data as per the bill enacted by the government of India.

Grep Digital is leveraging the India Stack extensively to build identity, and payments solutions. Connect with us to partner in your adoption of the India Stack and build seamless solutions.

Credits: https://indiastack.org , https://ispirt.in

Insights

Tag Cloud

Related Insights

July 3, 2023
Cybersecurity – Building a Secure Software Platform

Introduction In today's digital landscape, where data breaches and cyber threats are prevalent, ensuring robust cybersecurity measures is crucial for protecting sensitive informat

Read more
August 25, 2022
Crypto Tax Filing in India: Key Points Explained

The crypto tax law mandates that the taxpayer cannot carry forward cryptocurrency losses. Representative image Cryptocurrency Tax in India (FY 2022-2023): The Union Budget 2022 pr

Read more
December 5, 2022
Seven Considerations for Successful E-Governance Projects

  Introduction e-Governance projects play a vital role in transforming public service delivery and promoting efficient governance through the effective use of technology. Ho

Read more
September 26, 2023
Leverage Data for Net Zero Goals

Introduction Data Management Solutions play and important role in meeting the net zero targets. In the global quest to combat climate change, green energy utility providers play a

Read more
August 25, 2022
Understanding the Draft India Data Accessibility & Use Policy, 2022

What are the main provisions of the draft document? Is the Government going to monetize public data? The story so far: The Ministry of Electronics and Information Technology (MEIT

Read more

Start Your Journey Now

    Address

    Technogrep Solutions LLP
    HD-022, WeWork Pavilion,
    62/63 The Pavilion Church Street,
    MG Road, Bangalore,
    India-560001

    ✉ info @ grepdigital.com

    © Copyright 2026 Technogrep Solutions LLP
    Powered by Centum Technologies