Glossary
C
Consent Manager
A consent manager is an entity that acts as a consent collector for the user and mediates personal data flows from PDPs to PDCs. Our architecture allows multiple entities to play the role of a CM and each must have its own front-end (a mobile app, a Web app, or a human agent who interfaces with a mobile/Web app) for interacting with users. A CM cannot access data of users, even in encrypted form, unless it is also an PDC and accesses information in that capacity. Its role is primarily to enable consent collection, based on which data is shared from PDPs to PDCs. It also enables discovery of PDPs from which user data can be shared. Consent managers are a key mechanism for ensuring privacy by design in our architecture.
D
Data Principal
The person to whom the data belongs.
Delegatee
The person appointed by the Data Principal to take actions. A delegatee can delegate this to another delegatee if Data Principal allows.
G
Guardian
The person who is appointed by the Data Principal or by legal means to take actions on Data Principal's behalf.
N
Nominee
The person who takes over the account of the Data Principal post his death.
P
Personal Data Consumer
A Personal Data Consumer(PDC) is an entity that seeks digital data from the Data Principal, in order to provide services. The PDC places the request for the need of data with the CM which triggers the process of consent collection from the Data Principal. PDCs include hospitals, health technology companies, banks, financial technology companies, govt departments, employment exchanges or any entity that is interested in delivering services to the Data Principal based on his data. These entities could have their own systems or use a third party service provider to be part of the network.
Personal Data Provider
A data provider (PDP) is an entity that collects or generates digital data and stores it in a software system. Essentially PDPs are custodians of the Data Principal’s data. PDPs could be clinical establishments like hospitals, health service providers, insurance companies, banks, tax authorities, schools, Universities, Govt. Agencies, etc. These establishments act as custodians of the Data Principal’s data and they rely on Consent managers for the purpose of collecting consent from the Data Principal for the purpose of data sharing. A PDP could host its own software system or could use a third party service provider to participate in the ecosystem.