Consent, control, compliance: Behind the 3 principles of identity, account aggregation

Though physical and digital identity proofs like Aadhar may have reached every Indian, there are many when it comes to storage, sharing and the know-your-customer (KYC) process of these digital identities.

While some of these issues may get streamlined when the government brings out the rules for the Digital Personal Data Protection Act, 2023, the sector offers unique opportunities for startups in the identification and account aggregation domain, believes Keshav Reddy, Founder of privacy-focused digital identity platform Equal.

“Today, data sharing is quite broken. People store their data in photo applications, email attachments, Google Drive, etc. Most store data in a bad way, then share it in a bad way, and merchants accept the data in the same format way,” Reddy spoke at TechSparks Bengaluru 2024, YourStory's flagship startup-tech summit. 

Giving a sense of the magnitude of the problem, Reddy said Indians perform 100 billion data-sharing transactions every month. This includes KYC, health data, and financial data. “On average, you are sharing some form of data 70 times a year. It's frequent. It's recurring. Sometimes it's the same data, sometimes in different formats at different points in time,” he added. 

Elaborating on the role of Equal, Reddy said, “We are an aggregator of KYC data. We enable workflows in KYC to make it simple when you go for a loan, onboarding in education, buying a vehicle, etc.”

OneMoney, which Equal invested in in August this year, is an account aggregator that enables people to seek loans and personal finance services. “With OneMoney, now as a group, we do 46% of India’s bank data sharing,” Reddy proclaimed. 

Also Read

Investment requires proper understanding and assessment of risks, concur experts at TechSparks

He said both the products are governed by three principles: consent, control and compliance.

Reddy said under consent, a type of data is taken from customers for a certain purpose and duration. The customers can specify the frequency and range in which the data processor can access and use this data. At any point, the users can revoke the consent. 

The second principle is control. Once a customer has given consent, they can still have control over it. Eventually, the systems will be simplified for users and our customers to revoke their consent.  

“Companies like ours are going to productise it in a way that it's really easy for you to use,” Reddy said.

The third is compliance. Each company, whether fintech, non-fintech regulated, non-regulated, or any organisation or individual who accesses data, needs to have the highest levels of ethical as well as moral boundaries. All these features are part of Equal and OneMoney, Reddy indicated.