{"id":123527,"date":"2021-08-04T20:56:09","date_gmt":"2021-08-04T15:26:09","guid":{"rendered":"https:\/\/blog.forumias.com\/?p=123527"},"modified":"2021-08-11T14:58:35","modified_gmt":"2021-08-11T09:28:35","slug":"privacy-checks-can-be-built-into-software-architecture","status":"publish","type":"post","link":"https:\/\/forumias.com\/blog\/privacy-checks-can-be-built-into-software-architecture\/","title":{"rendered":"Privacy checks can be built into software architecture"},"content":{"rendered":"<p><strong>Source<\/strong>: <span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/epaper.livemint.com\/Home\/ShareArticle?OrgId=485305510b&amp;imageview=0\" target=\"_blank\" rel=\"noopener\">Livemint<\/a><\/span><\/p>\n<p><strong>Relevance<\/strong>: P<span style=\"font-weight: 400;\">rotecting Right to Privacy and enabling digitization<\/span><\/p>\n<p><strong>Synopsis<\/strong>: <span style=\"font-weight: 400;\">India\u2019s Data Empowerment and Protection Architecture (DEPA) is becoming an important tool to strengthen the privacy framework in India. It not only gives us better control over our data transfers, but also covers nearly all the modern principles that are central to privacy.<\/span><\/p>\n<h5><strong>Principles central to privacy laws<\/strong><\/h5>\n<p>Central to privacy laws anywhere in the world is a set of principles that define how personal data can be collected and processed. These are:<\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Notice and consent<\/strong> \u2013 provides for informed consent of Individuals before collecting or processing of his\/her data<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Purpose limitation<\/strong> \u2013 to ensure that the purpose for which data is collected is described clearly\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Data Minimization<\/strong> \u2013 to collect only a limited set of data that is required for the fulfillment of a specific purpose<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Retention limitation<\/strong> \u2013 to ensure that data is not retained for more than required to achieve the purpose<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Use limitation<\/strong> \u2013 to ensure that data is used for the purpose for which it has been collected.<\/span><\/li>\n<\/ol>\n<h5><strong>Positives of DEPA<\/strong><\/h5>\n<p><span style=\"font-weight: 400;\">DEPA addresses three out of the five principles outlined above \u2013 Notice and consent clause, Purpose Limitation and data minimization. Let&#8217;s see how it does that.<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\"><strong>Notice and consent clause principle<\/strong>: <\/span>DEPA uses the MeITy <strong>electronic consent artefact<\/strong> to process data-transfer requests. What this means is that each time a data fiduciary makes a request for data, it has to provide information on what specific data it needs, the purpose to which that data will be put, and the duration for which it will be retained for the same. As a result, every data transfer request will provide users with <strong>due notice<\/strong> and can <strong>only be completed if consent is provided<\/strong> in relation to that specific request.\n<ul>\n<li>A <strong>consent artifact<\/strong> is simply <strong>a\u00a0machine-readable electronic document<\/strong> that specifies the parameters and scope of data share that a user consents to in any data sharing transaction<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"font-weight: 400;\"><strong>Purpose Limitation and data minimization<\/strong>: <\/span>Data-transfer requests under DEPA are based on pre-designed templates: data fiduciaries will have to choose from a set of such templates. These templates will be designed to cover a broad range of uses for which data might be requested, while still ensuring that <strong>only that much data as is necessary to fulfil those uses is requested.<\/strong>\n<ul>\n<li>By using consent templates, DEPA ensures that both the purpose limitation and data minimization principles are met.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h5><strong>Inadequacies of DEPA<\/strong><\/h5>\n<ul>\n<li><span style=\"font-weight: 400;\"><strong>No protection after data is collected<\/strong>: It doesn\u2019t seem to be capable of protecting what happens to the data after it is collected. There is nothing to prevent a data fiduciary (digital companies) from using the data for other purposes or retaining the data for longer than the agreed time.<\/span><\/li>\n<\/ul>\n<h5><strong>Suggestions<\/strong><\/h5>\n<ul>\n<li><span style=\"font-weight: 400;\"><strong>Incorporate technological safeguards: <\/strong>If DEPA is to be an end-to-end solution for privacy, we have to incorporate technological safeguards that address the issues of Use Limitation and Data Retention as well.<\/span><\/li>\n<li><span style=\"font-weight: 400;\"><strong>Use of innovative technologies<\/strong>: We need to use innovative technologies like <strong>Confidential Clean Room<\/strong> which restrict access of data for the specific purpose and also helps in providing solution to the issue of Data retention.<\/span><\/li>\n<\/ul>\n<p><strong>Conclusion<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">India\u2019s Data Empowerment and Protection Architecture offers a technological solution that embeds privacy principles directly into the technology architecture. Done right, this might well be the solution that regulators have been looking for.\u00a0\u00a0<\/span><\/p>\n<p><strong><span style=\"text-decoration: underline;\">Terms to know<\/span>:<\/strong><\/p>\n<ul>\n<li><span style=\"color: #0000ff;\"><strong><a style=\"color: #0000ff;\" href=\"https:\/\/forumias.com\/blog\/data-empowerment-and-protection-architecture\/\" target=\"_blank\" rel=\"noopener\">Data Empowerment And Protection Architecture (DEPA)<\/a><\/strong><\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Source: Livemint Relevance: Protecting Right to Privacy and enabling digitization Synopsis: India\u2019s Data Empowerment and Protection Architecture (DEPA) is becoming an important tool to strengthen the privacy framework in India. It not only gives us better control over our data transfers, but also covers nearly all the modern principles that are central to privacy. Principles&hellip; <a class=\"more-link\" href=\"https:\/\/forumias.com\/blog\/privacy-checks-can-be-built-into-software-architecture\/\">Continue reading <span class=\"screen-reader-text\">Privacy checks can be built into software architecture<\/span><\/a><\/p>\n","protected":false},"author":10328,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[1230,9],"tags":[8701,8702,8876,216,8703,8875,288],"class_list":["post-123527","post","type-post","status-publish","format-standard","hentry","category-9-pm-daily-articles","category-public","tag-data-empowerment-and-protection-architecture","tag-data-privacy","tag-depa","tag-gs-paper-3","tag-privacy","tag-privacy-related-issues","tag-right-to-privacy","entry"],"jetpack_featured_media_url":"","views":{"total":0,"cached_at":1700787255,"cached_date":1704690375},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/123527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/users\/10328"}],"replies":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/comments?post=123527"}],"version-history":[{"count":0,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/123527\/revisions"}],"wp:attachment":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/media?parent=123527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/categories?post=123527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/tags?post=123527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}