Guiding Principles
The DEPA Training Framework is based on the foundational principles of ADEPTS, which stands for Accountability, Democratization, Evolvability, Privacy, Transparency, and Security. Let's dive into each of these principles:
Accountability
In the framework, we wish to provide means for citizens and the society to hold TDPs and TDCs accountable for the datasets they share and models they train.
Democratize data access
Fostering growth and innovation in a data-driven economy hinges on organizations' ability to access and integrate diverse datasets, derive valuable insights, and create innovative solutions. DEPA seeks to lay the foundation for such an economy by promoting the open sharing of metadata and regulated sharing of substantial datasets on a fair, reasonable, and non-discriminatory (FRAND) basis.
Evolvability
Technologies that enable safe and secure data sharing are constantly evolving. Technologies such as confidential computing and differential privacy require constant re-evaluation. We want our design to be simple and easily adaptable: it should allow for capabilities to be incrementally built and rapidly adapted to align with current realities. Moreover, it should be possible to monitor systems at scale to inform policy adjustments. The design should also remain flexible to accommodate future data policies and emerging technology frameworks.
Privacy and Security
Combining sensitive information from disparate sources elevates privacy risk. Contemporary data privacy laws such as GDPR and DPDP Bill, 2023 mandate a legal basis for sharing and processing such data. In the DEPA inference cycle, legal basis is provided by informed and granular consent from the data principal. However, consent is not practical for bulk data sharing because bulk data is not owned by a single individual.
An alternate approach is to establish that data consumers (a) have a legitimate interest in acquiring and processing the data, and (b) the interest does not infringe the rights of the data principals, including the right to privacy. This necessitates minimizing the risk of re-identification or harm to data principals.
Transparency
We wish ensure transparency of all significant actions performed by participants (TDPs, TDCs and CCR providers), subject to justifiable confidentiality requirements of each party. Transparency ensures that all stakeholders such as regulators (e.g., the Data Protected Board) and non-government organizations have appropriate visibility into the actions of TDPs and TDCs. This transparency enhances trust and accountability within the ecosystem.