Open House Discussion on FIU usage of AA Consent
Continuing the spirit of open dialogue, Sahamati conducted an Open House Discussion on FIU usage of AA Consent.
As the AA ecosystem grows, newer types of FIU licenses and newer use cases for data fetches will continue to proliferate. In the spirit of self-governance, Sahamati discussed guardrails to protect against unreasonable data pulls and potential breaches.
The agenda for the event covered topics such as defining guidelines for FIU usage of AA, ensuring transparency, and implementing course corrections in case of deviations.
Good usage of AA would be in a manner that complies with generally accepted principles of Data Privacy. It involves adhering to certain limitations and ensuring transparency. It mainly covers three principles:
- Consent has to be for a purpose the FIU’s charter legitimizes
- Consent has to be for a purpose that is known to the individual at the time of data collection
- Only “minimum necessary” data, as is proportionate to the purpose, is collected (FI Types, Fetch Type, Consent Type, Data Range)
- Not “processed” longer than is necessary for the purpose (Has no impact on the requirement of “Storage” for compliance with regulations)
Sahamati has launched a transparency initiative, wherein each FIU is expected to make the consent parameters transparent to customers and the community. Quarterly disclosure of consent templates used by each FIU is proposed to be shared through the Sahamati website for other AA community members, policy-makers, and regulators.