Governments around the world – and India in particular – are trying to build large data registries for effective delivery of a variety of public services. However, these efforts are often undermined due to serious concerns over privacy risks associated with collection and processing of personally identifiable information. While a rich set of special- purpose privacy-preserving techniques exist in computer science, they are unable to provide end-to-end protection in alignment with legal principles in the absence of an overarching operational architecture to ensure purpose limitation and protection against insider attacks. This either leads to weak privacy protection in large designs, or adoption of overly defensive strategies to protect privacy by compromising on utility.
We investigate the issues in designing an operational architecture for privacy-by-design based on independent regulatory oversight stipulated by most data protection regimes, regulated access control, purpose limitation and data minimisation.
- On health data architecture design. Prashant Agrawal, Subodh Sharma, Ambuj Sagar, Subhashis Banerjee. Book chapter in forthcoming book edited by Smriti Parsheera. Harper Collins. 2021. (https://www.cse.iitd.ac.in/~suban/reports/ndhm2.pdf)
- An operational architecture for privacy-by-design in large public service applications. Prashant Agrawal, Subodh sharma, Subhashis Banerjee. 2020 (working paper)
- Privacy concerns with Aadhaar. Subhashis Banerjee, Subodh Sharma. . Commun. ACM 62(11): 80, 2019. (https://cacm.acm.org/magazines/2019/11/240384-privacy-concerns-with-aadhaar/fulltext)
- Privacy and Security of Aadhaar: A Computer Science Perspective. Shweta Agrawal, Subhashis Banerjee and Subodh Sharma. Economic and Political Weekly, September 2017. (https://www.epw.in/journal/2017/37/special-articles/privacy-and-security-aadhaar.html)