Thanks for sharing that Adrian
It’s very interesting - all the more so because it’s apparently live and working in the worlds most populous democracy. Some thoughts occur to me
1 - It doesn’t say how the key management works for that encrypted flow of private data works. Orchestrated by the consent manager but not visible by the consent manager. I guess it must be asymmetric encryption based on public key discovery of data users
2 - it doesn’t say how the commercial model works. Who pays for the consent manager service? The data user maybe? Or is the consent manager a government run public good utility?
3 - although it’s different, I’m not entirely sure how / whether it’s better than a VC / EDV model where the subject is also the consent Manager? It might have something to do with the question about commercial incentives. Possibly the most interesting thing about the Indian model is not the tech pattern but the commercial model for a fee-charging consent manager who’s profit motives are to protect the data subject’s data rather than to profit from the aggregation / analysis / resale of it
Not expecting you to answer these questions Adrian - just sharing them as they occur to me ;)
Kind regards
Steven Capell
Mob: 0410 437854
> On 10 Sep 2022, at 12:55 am, Adrian Gropper <agropper@healthurl.com> wrote:
>
> https://www.brookings.edu/blog/future-development/2022/09/08/give-people-control-of-their-data/
>
> Builds around delegation to an intermediary that does not see the data itself.
>
> Adrian