Technological developments over the last two decades have led to an explosion in the availability of data and their processing. Consumers often do not know the benefits of the data they generate, and find it difficult to assert their rights regarding the collection, processing and sharing of their data. We propose a data governance system that restores control to the parties generating the data, by requiring consent prior to their use by service providers.
The system should be open, with consent that is revocable, granular, auditable, and with notice in a secure environment. Conditions also include purpose and use limitation, data minimization, and retention restriction. Trust in the system and widespread adoption are enhanced by mandating specialized data fiduciaries. The experience with India’s Data Empowerment Protection Architecture (DEPA) suggests that such a system can operate at scale with low transaction costs.