G20 Japan Digital
G20 Japan Digital    Data
English /

Sanjay Anandaram

Digital Public Platforms:
enabling the data society
Sanjay Anandaram
Global Ambassador, iSpirt


Proper consideration from legal, policy, and technological perspectives is critical to data safety.
Today, we see various legislative efforts being made across the world to update the social system in line with the rising data society. One such efforts catching attention recently is from India. “IndiaStack” which integratesfor all, in particular, deserves a special mention for its smart and unique architecture. Tell us about its origin and about iSpirt?
“IndiaStack” as a name evolved for the set of modules and APIs (Application Programming Interfaces) that started with the creation of India’s Aadhaar in 2009, the foundational ID for each resident of India. Over time, additional layers of the stack got added that provided for a cashless, presence less, paperless and consent based set of interactions. The architectural principles of “India Stack” are being adopted and adapted into areas as diverse as drones, financial inclusion and healthcare.
iSpirt is a non-profit organization set up in Bangalore in 2013 by volunteers committed to societal transformation using software and digital public platforms. Its members include many that helped design, develop and deploy different elements of the India Stack. It currently has over 100 volunteers who work on a pro-bono basis on different projects at different points in time. People join, volunteer on specific projects and initiatives, move on and may re-join.
I understand digital public platform to be a state effort to provide a digital platform for the entire country as a public asset. How did this idea come about?
India, from the start, decided to approach digital platform governance in a different way than other countries. The Chinese model is where the state exercises a blanket governance. In the U.S. model, this is driven by the private businesses with oversight by the law and Congress. Within the EU, they are searching for a way to manage and maintain with a legal basis, eg GDPR. In India, both the private and the public sectors have deployed digital platforms owned ultimately by the government for all to use. End users use the services (eg digital payments) that have been built atop these digital platforms by private businesses and public entities. . Businesses can design and innovate new services for their customers and partners using these platforms. In a sense, the platform is like roads. The state will construct them and anyone can design and deploy any vehicle to run on them following rules. The users, the public, can use these vehicles (such services) and go where they want to go.
Sanjay Anandaram
What is the benefit of the state offering the platform?
The most fundamental benefit is that it is a “public good” platform. That is, it is owned by all – via the state – for all to use and benefit. It is answerable to the people, to the law of the land and is responsible for ensuring privacy, security and sovereignty of data even as it allows its free flow. Governance improves, leakage reduces, and people can access and avail of services that were otherwise inaccessible or unaffordable.
The platform, currently, consists of four layers.
The most basic part of the digital public platform is the ID system for the entire population. Named “Aadhaar,” it holds biometric data which are the fingerprint, the iris, and the face, all connected to an individual ID number. This system allows an online identification of the individual so this basic layer is called the “Presence less Layer”(layer without the presence of the individual). The next layer is a combination of API such as “Digital Locker” which allows individuals and businesses to exchange various documents online, “e-KYC(electronic Know Your Customer),” “e-Sign(electronic signature),” and “e-Receipt” and is called the “Paperless Layer.” On top of this comes the “Cashless Layer” which includes “United Payment Interface,” the API to transfer money between businesses and governments. Finally, on top of this sits the “Consent Layer” that combines the various API for data sharing, use, and authentication. This framework is being deployed for taxation, healthcare, logistics, to drone management, to travel and to many other areas.
It looks like an extremely practical system. Who was responsible for the grand design?
Actually, there is no one grand designer. It is the coming together of extremely talented, committed, knowledgeable people many of whom are part of iSpirt. It all started when the state decided to introduce the digital ID system, “Aadhaar” in 2009. We soon realized that when the citizens are provided with an ID, there needs to be a system to authenticate, and store such ID which led to developing a system for electronic storage and verify the individuals which became the “Digital Locker” and “e-KYC.” In other words, we designed as we went. It was probably around 2014 to 15 that it was conceptualised as a single concept, IndiaStack.
If the system functions well in India, it may be rolled out to other countries say, in Africa and elsewhere. It is not just applicable for India.
As you compiled the ideas together, did you take any references from other countries?
India is an extremely unique country in the world. We have many different languages, customs, behaviors, socio economic strata across our 1.3 billion people. It is also a large country with different geographical and infrastructural conditions. Literacy levels, financial status vary widely and therefore are also challenges. . It is an extremely difficult challenge to bring all of our people with such varying conditions under a single platform and a single economic system. The Indian model is unique and when the project began there wasn’t any model to follow! Today, India is becoming a model to consider for many countries. Most countries around the world are like India.
Sanjay Anandaram
What was the benefit of an organization like iSpirt that works with the regulators, government and public institutions to design, develop, and deploy as opposed to the entire project being led by the state?
The strength of iSpirt is that we have digital experts with amazing professional backgrounds who are highly driven to achieve the mission of societal transformation. We are a volunteer organization and we work with, but not for the government, regulators, private and public entities. . We do not take funds from the government or regulators. It’s a form of public-private-partnership and having a neutral organization like us helps to smooth out the various partnerships required. The support of the state is critical of course for any public good and the Indian government has been very much the force pushing digital platforms for societal transformation. . The system has shown its capabilities at scale and scope in India. . And now, we believe that the unique approach of India’s digital public platforms can help the 6 billion people of the world – out of the world population of 7 billion - that are in countries like India.
Such system seems to dramatically promote data mobility but where do you see the importance of data in all of this?
When the state provides benefits or services such as pensions, subsidies, credit, healthcare and many other services, data on the identity and eligibility of the recipient is critical. This is a huge exercise given the size, scope and diversity of India. . Same can be said for tax collection/payment. In other areas, we find that a massive volume of personal data is spread out including medical data, financial, education-related data, transaction data, and other public data. . We can’t substantiate the validity of data unless they can be exchanged in a reliable manner and the digital public platform is what makes this possible. If you have a digital ID, you can participate on the platform to enjoy the various services, both public and private.
Even if there is a legal and policy agreement with international data exchange, it’s pointless unless the systems are compatible. We need to think about how these architectures can speak to each other.
How can the safety and reliability be guaranteed?
I believe there are three areas in data governance and the principles vary across the three.
What are they?
Personal data, corporate data, and machine data. The principle in personal data governance is usage based on “owner consent.” An announcement of the Sahamati (“agreement/consent”) a collective of “Account Aggregator” was announced in India on July 25th 2019 wherein data can be shared between data providers and data users seamlessly with the consent of the owner of the data. There is also draft bill on personal data protection being discussed in Parliament that should get passed in the next 12months. And the bill is in line with the Supreme Court’s ruling on data privacy.
Clear policies have not been laid out yet for inter-corporate and inter-machine data, In order to guarantee safety in the data flow, these data flows need to be verified from legal, policy, and technological perspectives. The model can be based on the principles of personal data protection.
Last year, your supreme court ruled that the personal ID system, Aadhaar, was in breach of the Constitution.
That isn’t accurate The Supreme Court of India in September 2018 ruled that Aadhaar was constitutional and could be used by the government for say, Income Tax purposes and for delivering benefits and welfare schemes. The Supreme Court ruled that Aadhaar cannot, however, be made mandatory by private entities for providing services.
Sanjay Anandaram
I see. It sounds like how to regulate data governance internationally will be an extremely difficult challenge.
Several countries are debating the setting up of a data regulator. For an international governance framework to evolve, there needs to an agreement at several levels. With international data exchange, even if there is a legal and policy agreement, it’s pointless unless the systems are compatible. We need to think about how these architectures can speak to each other. There are many challenging scenarios, for example, if the data of a client of a company with head office in India is stored in a server in Japan, which jurisdiction does it fall under?
What do you think is the best way to solve such issues?
Like with IndiaStack, I think it’s important to take it step by step. Start with something simple. What IndiaStack excels in is that it’s a modular, flexible, scalable and open API structure. This allows us to easily add on the new services, exchange data and integrate with other systems. Starting small and make it work. This breeds confidence to take on a bigger challenge. I think this is the only way to go about it.
* Disclaimer: The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of G20 Ministerial Meeting on Trade and Digital Economy.
Sanjay Anandaram
Global Ambassador, iSpirt
After gaining IT business experience in India since the 80s, Sanjay moved to US and co-founded VC “NETA” which later became a part of Infoseek / Disney. After that, he became the founding partner of JumpStartUp Venture Fund, a pioneering early stage US-India cross border VC fund that invested in technology and technology enabled businesses. After his return to India, he started Venturekatalyst, India’s first online magazine aimed at entrepreneurs. Global ambassador at iSpirt, a Bangalore based not for profit advocacy group, Sanjay leads the software diplomacy initiative that drives the creation of global digital public good platforms for societal transformation inspired by the Indian experience. Also he is a Governing Body member of TiE Bangalore, is an Investment Committee member at IIMB Innovations, Catalyst for Women Entrepreneurs, and other organizations.


What are the possibilities and challenges of utilizing data? Let's ask experts.