Open in app

Sign in

Write

Sign in

FUTURE OF DATA SHARING

#5| Roundtable— with Policy Experts

with Arrka, CGAP, Spice Route, Tandem Research

D91 Labs
D91 Labs
Published in
6 min readSep 15, 2020

--

This roundtable was conducted as a part of ‘Future of data sharing’ sponsored by Facebook and was attended by Arrka, CGAP, Spice Route, Tandem Research. The following are opinions and thoughts that arose out of our discussion on why should account aggregators exist, how should the consent workflow be, and the additional roles of an Account Aggregators.

Account Aggregators

  • The challenges and opportunities around Account Aggregator (AA) ecosystem system are currently speculative as they aren't yet operational.
  • The AAs might not cause harm to the customers as they cannot access they aren't allowed to process the data without explicit consent from the user.
  • This makes the AAs a mere data transfer service (more like a courier service in the real world) from the source to the destination upon user’s will and wish. Think of them like Dunzo for data.
  • The ecosystem becomes effective only when all the players in the ecosystem accept data sharing through AAs as a source of truth and trust thus providing trust and control over one’s personal data.
  • If the financial institutions request for physical documents despite AAs, then the system could render ineffective.

Data Sharing

  • The recent study by Dalberg, CGAP and Dvara Research called ‘Privacy on Line’ tells us that ‘Indians don't care about Privacy’ as a myth.
  • On the other hand, a PII (Personally Identifiable Information) is essential while dealing with financial services. If a user doesn't share the information they might not be able to avail the service.
  • The recent conversations around Privacy with the introduction of Aarogya Setu has bought some of these conversations to the mainstream.
Aarogya Setu has triggered discussions on Data Usage & Privacy of Personal as well as collective, anonymised data.

How might we establish a balance between data sharing and access to financial services at scale while protecting the consumers interests?

  • How do you make the customer an offer he can’t refuse?
  • How do you ensure that a customer does not sell his soul for a ‘free’ slice of pizza?

RBI Regulation

  • If the AAs are mere delivery of data from one place to another, why should they be regulated? In other words, which courier service in the country is regulated? Can these regulations choke innovation in the ecosystem?
  • If they can’t aggregate data, why are they even called Account Aggregators?
  • AAs are basically ‘Consent Managers + Channels’ for Data Transfer between FIPs & FIUs.

Modifications and elaborations required:

  • Data standardisation needs to be established that maps specific data types for the request purpose. For example ‘How much data is good enough data for a short ticket size loan of Rs. 500.’
  • Not all types of data should require consent to access.
  • How much accountability should lie with the AA’s?
  • They are not the custodians for data and consent.

What happens to a user’s data once a service has already been used?

How should the consent workflow be?

It is not about the volume of data being exchanged, it is about the terms of the exchange.

Choice Architecture

  • Data Minimization: You don’t need 3 ID cards to prove you are 18+ yrs. Can we make the request of the information more efficient by asking only what is required?
  • Can the user be given a single access dashboard for all the accepted, rejected and failed transactions?

Consent flow needs to be contextualized for diverse users. Consent Fatigue should be addressed. Asking for consent should be more efficient, less repetitive.

Access Tracking

Additional Roles of AAs

What are the additional roles that the AAs could take over?

  • They could record consent preferences of the user and show them only requests based on it.
  • There could be a DND equivalent for consents for unsolicited requests that would avoid spams and scams.
  • User should be given access to the control knob of the data flow and should also be given visibility into what happened to the data that was earlier shared to FIU (Financial Information User)

Data Blindness is a sheer disability for AAs. AAs cannot be the sole party responsible for:

  • Data Minimization
  • Purpose Limitation
Consumer concerns are broader when it comes to personal data

Adoption of AAs

In the AA ecosystem which actors take the responsibility to educate the users about the Account Aggregators?

Customer Education is critical

  • Responsibility for it needs to be shared by multiple parties.
  • We need to enable efficient data-based decision making.

What other kinds of transactions can AAs enable?

  • Present: Cash Flow Lending
  • Future: Employment Record, Health Data

Financial Information Users (FIUs) & Financial Information Providers (FIPs)

Only Regulated entities should be able to participate in the AA Ecosystem ensuring security and privacy compliance across an organization is a huge task (will require evaluation + redesign of structure + processes across n levels)

Simplify for FIUs

  • Regulations need to be in place to avoid an organisation to collect and store excessive data than required in the context.
  • All the organisation shall give control and visibility to the users about how their data is being used.
  • Users might tend to share incorrect or incomplete data and hence data standardisation becomes critical.

FIPs

  • Costs of data storage are usually offset by the value of user data or revenue from value-based services for FIP/FIU customers and we know that.
  • Users value privacy with respect to their personal data (Privacy as Service).

Future of Data Sharing:

‘Future of Data Sharing’ aims at designing a playbook for consented sharing to enable financial services in India. The objective of this research is to develop a design toolkit with the upcoming public infrastructure Account Aggregators as the main theme in focus. The toolkit will host resources and assets around designing better user experiences for data sharing and data portability.

Future of Data Sharing is sponsored by Facebook and executed in collaboration with D91 Labs, DICE, Parallel Labs, and TTC Labs

Check out our Research Series

About D91 Labs

This research was executed and documented by D91 labs. D91 labs is an open-source initiative by setu.co to help Bharat build great fintech products. We organize and publish user research, insights, and frameworks for fintech in India. Please follow us on medium for more exciting stories and insights on Bharat.

Psst! We are looking for collaborators and contributors to D91 labs. If you are interested, please drop your details here, and we will reach out to you.

Collaborate with D91 labs

Fods Roundtable
Account Aggregators
Privacy
Fintech
Policy

--

--

D91 Labs
D91 Labs

Written by D91 Labs

240 Followers
Editor for

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams