DEPA — Data Empowerment and Protection Architecture: Complete 101 Guide Last updated: March 2026
What is DEPA? DEPA (Data Empowerment and Protection Architecture) is India’s framework for secure, consent-based data sharing between entities, enabling individuals to share their data while maintaining control.
Core Principles Data Sovereignty: Individual owns their data Consent-Based: Explicit permission for sharing Purpose Limitation: Data used only for stated purpose Minimal Data: Share only necessary information How DEPA Works Architecture 1 User → Consent Manager → Data Provider → Data Consumer → Service Key Components Component Function Consent Manager User controls data sharing Data Provider Holds user’s data (banks, etc.) Data Consumer Requests data for service Account Aggregator Bridges data flow Use Cases Financial Services Use Case Data Shared Loan Application Bank statements, credit score Insurance Health records, vehicle info Investment Tax returns, holdings Other Services Employment verification Rental applications Government scheme eligibility Cross-border data sharing Data Types Categories Type Examples Financial Bank statements, transactions Health Medical records, prescriptions Educational Degrees, certificates Government Tax returns, ID records Privacy Protection Safeguards Explicit consent required Time-limited data access No data retention by consumer Audit trail of all access Right to revoke consent Consumer Rights Control who accesses your data Know what data is shared Revoke consent anytime File complaints for misuse Data portability