FB pixel

How India can adhere to the Digital Personal Data Protection Act

How India can adhere to the Digital Personal Data Protection Act

In India, stakeholders are confused on how the recently established Digital Personal Data Protection (DPDP) Act will apply to parental consent and age verification requirements. A possible solution is for the nation to leverage India Stack’s APIs to enable data permissions for its citizens, according to The Hindu Business Line.

The DPDP Act requires the national government to establish the Data Protection Board of India. The board would hold standards for data fiduciaries in light of India Stack, the multi-layered DPI infrastructure that has slowly grown since the 2009 launch of the Aadhaar digital ID program.

India Stack consists of a set of open-source APIs and digital public goods to implement identity, data, and payment services to the general population to facilitate economic growth. As India’s DPI infrastructure developed, the country’s volume of data dramatically increased, creating a need for a corresponding regulatory framework.

The Data Empowerment and Protection Architecture (DEPA) is the framework behind the data layer of India Stack. It leverages APIs to empower citizens to control how their data is used.

An API acts as an intermediary between systems. It uses definitions and protocols to enable different apps to communicate with each other to achieve a function, sometimes while remaining completely invisible on the user interface.

One way an API can be used is by establishing layers of security between the requesting application and the infrastructure of the responding service by requiring authentication. When a website requests an individual’s location, for instance, a user has the option to allow or deny the request.

DEPA is designed to give citizens a secure way to share their data with third parties. Individuals must provide consent for each piece of personal information through a ‘consent manager,’ or an account aggregator. Users consent by signing a machine-readable e-document called an ‘artifact,’ that outlines how they want their data to be shared.

Currently, most applications of the consent manager system deal with the financial sector. However, in light of the DPDP, India could potentially adopt a similar manager for data beyond finance. The country may also benefit from adopting a framework similar to the EU’s European Digital Identity (eID), which enables minors to use a digital ID wallet to disclose their age without other data.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News


OFIQ report outlines evaluation techniques for algorithm accuracy and reliability

The Open Source Face Image Quality (OFIQ) project, led by the German Federal Office for Information Security, has published a…


Google Wallet plans for biometric authentication, broad ID document support revealed

Google Wallets are expanding from payments and biometric ID documents like mobile driver’s licenses and passports to “Everything else.” An…


Digital ID and SSI to cause radical shift in travel experience by 2035

Verifiable digital credentials and digital wallets took center stage at the recent Phocuswright Europe conference in Barcelona, with professionals from…


Testing for biometric identity verification still maturing

Biometrics testing is a rapidly maturing field, but there is more to effective identity verification than an accurate matching algorithm,…


Youverse upgrades liveness detection, achieves 100% success rate in iBeta test

Youverse has announced a fourfold improvement in its liveness detection capabilities. The company boasts that the update aims to upgrade…


‘Highly effective age assurance’ poorly defined in Ofcom consult, says AVPA

The Age Verification Provider’s Association (AVPA) has issued an extensive response to the UK regulator’s consultation on “Protecting children from…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Featured Company