The launch of India’s Data Empowerment and Protection Architecture (DEPA), a consent management tool, has generated both excitement and concern among stakeholders.


About the Data Empowerment and Protection Architecture (DEPA)

  • It is a joint public-private effort (launched by NITI Aayog in 2020) for an improved data governance approach that creates a digital framework allowing users to share their data on their own terms.
      • The data is shared through a third-party entity, namely the Consent Mangers (CMs) that individuals provide consent as per an innovative digital standard for every granular piece of data shared securely.
  • DEPA enables consented sharing of consumer data from Data Providers (entities which collect or generate consumer data) to Data Consumers (other entities which wish to provide a service or a product based on the data) via Consent Managers.


Need for DEPA

  • Currently, data is in control of the giant companies who have captured most of the marketplace all over the world and make profits more than the GDP of a few countries.
  • This has affected small scale enterprises to survive in such a tech-savvy marketplace.
  • Hence, to sustain competition in the market, NITI Aayog came up DEPA framework to enable SMEs to utilise the existing data that is available in silos. That is with the existing players from the industry such as fintech, e-commerce, healthcare or insurance bringing out new products and services in the market.


Significance of DEPA

  • It empowers users by giving them control over their data, allowing them seamless sharing while ensuring privacy and therefore could help to build trust in digital technologies and data governance.
  • It also replaces costly and cumbersome data access and sharing practices that disempower individuals, such as physical submission, username/password sharing, and terms and conditions forms providing blanket consent.
  • DEPA will also induce competition and enable new services. For instance, with DEPA, individuals and small businesses will be able to use their digital records to access affordable loans, insurance, savings, and better financial management products.
  • With DEPA, individuals can seamlessly share their financial data for the first time across banks, insurers, investors, tax collectors, and pension funds in a safe, secure, and consented manner.
      • This has the power to transform the availability and affordability of financial products.
      • Beyond the financial sector, DEPA also presents opportunities in health, jobs, and urban data.
  • The innovation models like DEPA can be important alternatives to proprietary solutions that are governed by big tech companies.


Risks associated with DEPA

  • Security concerns — If the consent management tool is not properly implemented or managed, there is a risk that personal information could be misused or misappropriated.
      • For example, in the health sector, there is a risk that sensitive medical information could be misused or exploited for commercial purposes.
      • Also, in agriculture, there is a risk that market information could be manipulated for the benefit of certain actors.
  • Inconsistent application — Concerns are being raised that DEPA implementation may be inconsistent across different sectors and jurisdictions, which could undermine its effectiveness and create confusion among citizens.
  • Operational issues — There are also concerns related to issues of infrastructure, connectivity and the availability of a skilled human workforce for the DEPA framework.
  • Issue related to ownership and governance of data — The questions related to rights of data providers and the responsibilities towards them also remain unaddressed.


Other concerns related to data governance

  • Many commentators argue for the opening of data “silos” to capture the potential wealth of data sharing between governmental offices, corporations and citizens.
      • However, while opening up some data silos may be useful in promoting citizen participation and increasing access to information, others may jeopardise trust and security.
      • In this milieu, the issue of data sovereignty has gained significance.
  • Data sovereignty refers to the principle that a country has the right to control the collection, storage, and use of data within its borders and also to the informational self-determination of citizens over their data.


Way forward

  • Addressing the challenges related to DEPA –
      • To realise the potential benefits of DEPA and minimise the risks, it should be implemented in a transparent, consistent, and secure manner.
          • This could be done by close collaboration between the government, the private sector, civil society, and other stakeholders and developing clear effective regulations and standards.
      • The concerns related to data governance must be addressed by developing ethical and responsible data governance practices, effective and accountable oversight mechanisms, etc.
  • The sharing of sensitive personal or financial information may be harmful to individuals and society as a whole and may also lead to discrimination, exclusion, and unforeseen negative consequences.
  • Therefore, it is important for India to navigate a middle way between restrictive data sovereignty and limitless data flow, and define which data, for which purposes, can be shared and used by whom.
  • In doing so, India must respect and protect the fundamental right to privacy with a robust data protection law, and balance the interests of all stakeholders, including governments, businesses, and citizens.
  • The investment should also be pursued in the necessary digital infrastructure and skills to ensure that data is collected, stored, and used in a responsible, secure and accountable manner so that a resilient data governance regime can be accomplished.
  • The advances in financial inclusion and the successful implementation of the UPI in India must be replicated successfully in other areas such as health and agriculture.



As the world becomes increasingly digital, the G-20 has recognised the need for international cooperation and collaboration in addressing the challenges, opportunities and risks posed by the rapid growth of data and digital technologies. In this, India has a unique opportunity (as the G20’s President) to develop and implement a data governance regime that can become a model for other countries.


SourceThe Hindu


QUESTION – The establishment of Data Empowerment and Protection Architecture is a step in the direction of maximising the potential of data utilisation for the greater good of economy whilst democratising the access to data for intermediaries and users. Discuss how?