Governance for Data Empowerment Open House

Sahamati and the Vidhi Centre for Legal Policy collaborated to organize the Governance for Data Empowerment open house, focusing on crucial themes related to the governance of India’s Account Aggregator (AA) ecosystem. The event held on 22nd August 2023 at the Bangalore International Centre (BIC) was divided into two key segments: distinguished guest speakers delving into essential aspects of architect governance in the Data Empowerment ecosystem and a roundtable discussion among the open house attendees on pertinent governance themes for the AA ecosystem.

Renowned figures such as Nandan Nilekani, Dr. Pramod Varma, Rahul Matthan, and R. Gandhi shared invaluable insights during their presentations. Dr. Arghya Sengupta and Manjushree RM from the Vidhi Centre shed light on the pertinent themes discussed in their ‘Nurturing a User-Driven Governance Entity (N.U.D.G.E.) for the Account Aggregator Ecosystem’ report.

Governance of DPIs: India’s Approach

Nandan Nilekani, co-founder of Infosys and Founding Chairman of Unique Identification Authority of India (UIDAI), was the keynote speaker at the open house. He delved into the evolution of digital interventions & their governance in India and its eventual culmination into the digital public infrastructure.

The digital interventions in India have evolved from portals to platforms to protocols. The portals digitized incumbent processes, increasing transparency and cutting through systemic inefficiencies. Whereas Platforms offered a specific service delivery to the public. But portals and platforms had a top-down approach with a singular service and solution. Solving societal problems required technology protocols to create an open network as a playground for multiple service providers to innovate and compete, creating versatile solutions for diverse needs.

Parallelly, governance of the interventions evolved from Managed Service Providers (MSPs) or vendors through Requests for Proposals (RFPs) to National Information Utilities (NIUs) as not-for-profit private companies with a public purpose. With the protocol paradigm, the governance model is shifting towards market-led entities such as Sahamati and FIDE, the Foundation for Interoperability in Digital Economy, that usher activity-driven governance. These organizations operate on participatory self-governance and incremental, iterative change, reflecting a more dynamic and responsive approach to network ecosystems.

This progressive approach fosters a more flexible and adaptable governance structure for a cross-sectoral network such as the Account Aggregator (AA) ecosystem. It encourages a collaborative and inclusive environment, enabling more agile responses to a networked ecosystem’s evolving needs and challenges.

DPDP Act 2023: Implications for the AA Framework

Rahul Matthan, founder-partner of Trilegal and head of TMT practice, addressed the workshop on the implications of the Digital Personal Data Protection (DPDP) Act 2023 on the Account Aggregator (AA) ecosystem. He emphasized the importance of categorizing consent managers (CMs) as a distinct class of entities within the country’s data protection and empowerment landscape.

This transition signifies a significant stride in laying the foundation for a robust and effective data protection regime in India, fostering innovative solutions and the dynamic implementation of data protection principles. The pioneering implementation of Consent Managers through the Account Aggregator (AA) framework in the financial sector has exemplified this progressive approach.

Further, diving into the electronic consent artefact, Rahul emphasized the significance of a techno-legal approach and the pivotal role of technology in defining legal rights. He illustrated a fully digital ecosystem characterized by digitally signed transactions, serving as tangible evidence in dispute resolution. This transformative approach could streamline the laborious process of seeking legal dispute resolution.

Need for a Governance Model for the AA Ecosystem

Dr. Arghya Sengupta, the founder and Research Director at Vidhi Centre for Legal Policy, established the foundation for presenting the “Nurturing a User-Driven Governance Entity for the Account Aggregator Ecosystem in India (NUDGE)” report. He emphasized the urgent requirement for crafting a governance model specifically suited to the unique context of Account Aggregators (AAs) in India.

Dr. Sengupta proposed a triad of recommendations: first, the licensure of Account Aggregators as consent managers under the jurisdiction of the data protection board; second, the acknowledgment of Sahamati as the self-governing entity for the financial ecosystem within the scope of RBI’s Account Aggregator Master Directions; and third, the inclusion of references to the RBI Account Aggregator Master Directions in the upcoming Data Protection Rules to establish an unambiguous governance structure.

Dr. Sengupta illustrated the concept of the “India Fractal” – a networked architecture wherein Account Aggregators serve as crucial nodes, enabling the smooth exchange of data and creating intricate connections across diverse data stacks. He emphasized the overarching goal of Account Aggregators: to empower individuals as the rightful custodians of their digital personal data.

Summary of the Vidhi’s Report Findings

Manjushree RM, Senior Resident Fellow of the Law and Technology Team at the Vidhi Centre for Legal Policy, and one of the authors of the Vidhi report, explored the crucial role of governance within the Account Aggregator (AA) ecosystem.

She underscored the need for a trust network to enhance consumer confidence in sharing financial data. Identifying three significant barriers hindering the widespread adoption of data-sharing systems—consumer apprehension, the complexities of valuing data, and the lack of awareness and digital literacy, she emphasized the importance of an overarching governance strategy that prioritizes the public at the core of the digital public infrastructure (DPI).

She highlighted the significance of successful models like Aadhaar and UPI, which involve dedicated institutions and public-private partnerships. She also commended the consumer-centric approach of the Open Network for Digital Commerce (ONDC) and its diverse stakeholder involvement. Manjushree emphasized the shift from traditional government paradigms to more agile frameworks centered on user-centricity.

The Vidhi report proposed exploring innovative legal structures, such as social impact companies, to distribute the ecosystem’s costs among stakeholders equally. Similarly, she stressed the need for dedicated nodal entities for governance to promote cross-border adoption and ensure accountability.

Manjushree outlined key recommendations for the AA ecosystem in India, including transitioning Sahamati into a recognized governance entity and a central facilitative body to enhance communication among all AA ecosystem participants and continuously reassessing governance initiatives, recognizing the intrinsic link between governance and technology.

Building Network Trust for Governance

Dr. Pramod Varma, the Chief Architect of Aadhaar & India Stack, CTO EkStep Foundation, and the co-chair at the Centre for Digital Public Infrastructure (CDPI), offered insights during the Governance for Data Empowerment workshop co-hosted by Sahamati and Vidhi Centre for Legal Policy. He delved into the necessity of ushering in network trust in protocol-driven network ecosystems.

Dr. Varma highlighted the impact of unbundling transaction chains, noting the emergence of diverse stakeholders necessitates a building block approach. This method facilitates tailored solutions and underscores the pivotal role of trust in decentralized networks. He advocated for leveraging technology to enhance governance, emphasizing the integration of policies-as-code into protocols.

Moreover, he delved into the challenges faced by centralized networks and facilitators, proposing that adopting a network governance model could alleviate these issues. This model strives to decentralize governance, ensuring that governance APIs complement technical interoperability. In conclusion, Dr. Pramod Varma’s discourse highlights the urgency of reimagining governance in the digital age, where citizens are central and decentralization is paramount.

Role of Company Structure in Governance

Shri R. Gandhi, former Deputy Governor of the Reserve Bank of India and Financial Sector Policy Expert and Adviser, explored the nuanced role of company structure in governance, specifically emphasizing its significance within the Account Aggregator (AA) ecosystem. He highlighted a crucial distinction from platforms, noting that protocol-based networks, such as the AA ecosystem, involve multiple participants plugging in. This complexity necessitates a novel governance approach that can effectively accommodate the diverse expectations of these stakeholders.

Gandhi shed light on how a company structure can adeptly integrate commercial interests with the well-being of the ecosystem, especially in a cross-sectoral dynamic of the AA ecosystem. He emphasized that a user-led entity holds the authority to influence policies, delineate services, and establish governance rules, thereby aligning profit motives with the broader welfare of the network. He contended that such a structure supports commercial viability while anchoring the ecosystem.

Roundtable Discussion

The roundtable discussions revolved around governance themes for India’s Account Aggregator (AA) ecosystem, underscoring the multifaceted nature of governance within the AA ecosystem, encompassing cybersecurity, transparency, interoperability, incentive structures, and Sahamati’s evolving role. The participants had diverse opinions on how governance should be structured and what priorities it should address, all contributing to shaping the AA ecosystem in India. Here is a summarized overview of the key points discussed:

• Urgency of Governance: Participants acknowledged the urgency of establishing effective governance structures within the AA ecosystem. Concerns about cybersecurity vulnerabilities, data exposure, and the need for a central nodal agency to manage regulators were highlighted.
• Balancing Data Democratization and Consumer Protection: The discussion emphasized the importance of balancing data democratization with consumer protection. Ensuring users understand how their data is accessed and utilized is essential for building trust within the ecosystem.
• Incentivizing Participation: To encourage Financial Information Providers (FIPs) to participate in the AA ecosystem, participants discussed the need for well-defined incentive structures that align with FIPs’ interests.
• Interoperability: The existential risk of interoperability gaps between the AA protocol and the network was recognized. Ensuring interoperability was deemed crucial for creating legitimacy and trust within the ecosystem.
• Sahamati’s Evolving Role: Participants discussed Sahamati’s potential transition into a user-driven governance entity, aligned with Vidhi’s proposal. Sahamati’s roles were identified as both operational and governance-oriented.
• User Feedback and Open-Source Governance: The importance of user feedback in shaping open-source project governance was acknowledged. Effective governance mechanisms and transparency were deemed essential for the growth and sustainability of open-source projects.
• Financial Viability: The need to address the financial viability of network participants, including AAs, was highlighted to support the last-mile reach of AAs and ensure their ongoing participation.
• Decentralized Governance and ODR: The discussion touched on the need for decentralized governance models and Online Dispute Resolution mechanisms to promote transparency and inclusivity.
• Thematic Governance Frameworks: It was suggested that governance frameworks should be designed thematically, catering to the specific needs and roles of different AA network participants.
• Communication of Governance Structure: Participants stressed that a well-defined governance structure should be effectively communicated to all stakeholders to ensure transparency and understanding.

Conclusion

The cross-sectoral nature of the AA ecosystem, with its involvement in various industries and sectors, emphasizes the necessity of establishing a central governing body to facilitate network governance, ensuring the ecosystem operates smoothly and adheres to ethical and regulatory standards. The roundtable discussion centered on the imperative need to cultivate a user-driven governance entity within the Account Aggregator (AA) ecosystem, aligning with the recommendations in the Vidhi report. This push for user-driven governance was underscored by a heightened sense of urgency, largely due to the impending implementation of the Digital Personal Data Protection Act in 2023.

Check out the complete event here and read the complete NUDGE report published by Vidhi Centre for Legal Policy here: Nurturing a User-Driven Governance Entity (N.U.D.G.E.) for the Account Aggregator Ecosystem