How Karnataka e-Sahamati framework streamlines consent management for data sharing

How Karnataka e-Sahamati framework streamlines consent management for data sharing

By Sameer Sachdeva

Imagine a scenario where the details of crops being grown by 75 lakh farmers is made available to an agriculture aggregator. The farmers will get the best price for their crops and aggregator will overcome its logistics barriers. Imagine another scenario, an IT firm wants to hire an engineer with a specific skillset and a platform provides contacts of students with relevant skillset. In both cases the information, whether from farmers or students will be subject to consent and government who is custodian of this information may get some revenue out of this information shared with the private sector. All this and more are attempted by Government of Karnataka through the e-Sahamati framework being introduced by the state government. The e-Sahamati framework, has been developed by the e-governance department with the help of National Informatics Centre (NIC).

Under the framework the students should give a consent that their marks sheet and personal information be shared with the recruiters. Similarly, farmers must agree to share their crop information with the aggregator. With such experiments, the data is becoming the new oil and State of Karnataka will be the first state in the country which is monetizing the data.

The authenticity of data will be there as the datasets will be shared by the government and universities and will include digital signatures. This move will weed out middlemen and fake documents. Many permutation and combinations can be worked out on sharing of data. Some companies would like data of toppers with their contact details, while others may want to look into their skillset. At the level of students, they will not need to get their certificates attested or verified by the issuing university and employers will be ensured of the varsity. The users will be able to share their data using the Aadhaar.

A request has to be sent for data to the content manager of e-Sahamati so that the data can be sent to the companies. The data of only, consenting users will be shared through this platform and rest of the data will remain with the data fiduciary, which is government in this case. The system will also become transparent and weed out corruption.

The students willing to share the documents digitally with the employers or universities need to raise a request on e-Sahamati via the app or the web portal. The consent manager will forward the consent to the data fiduciary. Government, education department, university or even a college can be data fiduciary in this case. Once the consent is received, the encrypted data is then sent to e-Sahamati which, in turn, is shared with the employer.

Initially, Secondary School Leaving Certificate marks cards since 2003, Pre-University Course (PUC) since 2008 and degrees for the last 10 years will be made available through the e-Sahamati platform.

The system of revoking the consent is also there in the e-Sehamati platform. But overall e-Sahamathi per se is data blind. It is not aware what data is being shared over the platform and therefore there are no Data Protection concerns. The privacy concerns are addressed as the consent management framework is in place. Also, once the Personal Data Protection (PDP) Bill is approved by the Parliament, all provision of PDP will apply to it.

And the users can be added with more datasets being brought to the platform. Take for example a cab company wants verified information on Driving Licenses of the driver, it can tie up with the e-Sahamati platform and the backend the Transport Department of the State can become data fiduciary and provide the information.

Take for example a social media company like Koo. It gives a yellow tick-mark to all verified accounts. Using the e-Sahamati framework it can verify a lot of its users who are students / farmers in State of Karnataka and give them a yellow tick which will mean those accounts are verified.

In case of farmers, the crop aggregator can come to know the source of produce and thereafter can overcome many logistical barriers.  The e-Sahamati framework is based on the Data Empowerment and Protection Architecture (DEPA) released by the National Institution for Transforming India (NITI Aayog) in August 2020.

e-Sahamati is different than Digi-Locker as in case of Digi-Locker the documents are uploaded by the individuals. While in case of e-Sahamati after the consent is received the data comes directly from the Government and is considered safer. The Karnataka Government is soon planning to roll out a mobile app, e-Sahamathi, which is a tool to empower citizens to own, control and share their data with various private and public companies to get jobs or seek admission in universities or colleges.

Under the system, a citizen has to login using his Aadhaar number and share his/her data with companies by making a request to the Consent Manager of e-Sahamathi. The Consent Manager would send the data to the companies/universities or any other entity. Universities and companies have to register with e-Sahamathi to be able to access the data. The new system would eliminate physical verification of certificates and avoid delay. Data would be given for the purpose for which consent is given by a citizen. It provides only the minimal data with accuracy and ensures lawfulness, fairness and transparency.

The facility would be helpful for companies during the recruitment process. Submission of certificates through universities using the digital platform would eliminate submission of fake certificates by candidates. The Government gives a right to Universities to collect a fee from an individual or a company for submission of certificates at their discretion. A committee headed by the additional chief secretary would monitor applications and enroll firms after payment of the requisite fee.  The platform would also provide shareable data, such as jobs under MGNREGA scheme and weather forecast as an open Application Programming Interface (API). A retailer can access details such as a farmer’s name, his crop, landholding, location etc., on a real-time basis of only those farmers who have consented.

The consent framework can further be used by Insurance Companies, Banks and other financial institutions. This can be used where-ever there is data with government and there is usage of that data for some other agency (private or public).

This article first appeared in ET Government,