DEPA — Data Empowerment and Protection Architecture: Complete 101 Guide#
Last updated: March 2026
What is DEPA?#
DEPA (Data Empowerment and Protection Architecture) is India’s framework for secure, consent-based data sharing between entities, enabling individuals to share their data while maintaining control.
Core Principles#
- Data Sovereignty: Individual owns their data
- Consent-Based: Explicit permission for sharing
- Purpose Limitation: Data used only for stated purpose
- Minimal Data: Share only necessary information
How DEPA Works#
Architecture#
1
| User → Consent Manager → Data Provider → Data Consumer → Service
|
Key Components#
| Component | Function |
|---|
| Consent Manager | User controls data sharing |
| Data Provider | Holds user’s data (banks, etc.) |
| Data Consumer | Requests data for service |
| Account Aggregator | Bridges data flow |
Use Cases#
Financial Services#
| Use Case | Data Shared |
|---|
| Loan Application | Bank statements, credit score |
| Insurance | Health records, vehicle info |
| Investment | Tax returns, holdings |
Other Services#
- Employment verification
- Rental applications
- Government scheme eligibility
- Cross-border data sharing
Data Types#
Categories#
| Type | Examples |
|---|
| Financial | Bank statements, transactions |
| Health | Medical records, prescriptions |
| Educational | Degrees, certificates |
| Government | Tax returns, ID records |
Privacy Protection#
Safeguards#
- Explicit consent required
- Time-limited data access
- No data retention by consumer
- Audit trail of all access
- Right to revoke consent
Consumer Rights#
- Control who accesses your data
- Know what data is shared
- Revoke consent anytime
- File complaints for misuse
- Data portability