Understand the ORGANS Framework Before Building Privacy-Preserving Apps
In today’s digital landscape, the people of India contribute significantly to digital transactions and the resultant data generation. However, until now, there is no formal framework for managing this data, and the ownership, privacy, security, and consent that comes with them.
All that will likely change with the introduction of a new technology standard called ORGANS. In particular, ORGANS enables individuals to give their consent for using their data in a specific way. In addition, it empowers individuals to own their data and selectively share it with just the entities they want, thereby preserving their data’s privacy and security.
Read on to know all about the ORGANS standard and how it can change the way companies collect data from individuals.
What is the ORGANS Framework?
ORGANS is an acronym for,
- O -> Open Standards
- R -> Revocable by individuals
- G -> Granular
- A -> Auditable
- N -> Notice to all parties involved
- S -> Secure
Let’s talk a bit about each of these attributes.
Open Standards
Interoperability is a crucial building block as it enables different systems and organizations to “talk” to each other and better process the information that flows through them. This interoperability is essential in our current Web 2.0 and future Web 3.0 apps because it enables data to be shared easily across systems. When all organizations embrace the open standards envisioned in ORGANS, data flow and usability will be seamless.
Revocable
Data privacy is all about putting individuals in control of their data. With ORGANS, every user can determine their data usage and, more importantly, enjoy the choice to revoke access to their data anytime.
Granular
Personal data comes in many forms, from email addresses to employment letters. Users must have the option to selectively share only data that’s pertinent for a specific use case. For example, if a user has to submit proof of age to enter a nightclub, then date of birth alone is enough. The user doesn’t even have to share their first and last name.
This ability to share just the required data is an essential part of preserving the data privacy of individuals.
Auditable
The data shared by individuals should be readable by humans and machines for quick, easy, and cost-effective verification. Also, the organization collecting the data can store the confirmations in secure records/logs (machine and human-readable form) for easy reference and auditing.
Notice
ORGANS advocates transparency and accountability in data sharing and handling. To this end, ORGANS emphasizes sending notices to all concerned parties if data changes, is revoked, etc.
Secure
Any application built on the ORGANS framework must be secure by design. Though ORGANS doesn’t lay down specific technologies for implementing security, it’s safe to say that many next-gen technologies like verifiable credentials fit this requirement.
In a nutshell, ORGANS is a framework for creating applications that promote data ownership, privacy, and security.
What does ORGANS mean for you?
You may wonder how ORGANS can change your data privacy and security as a user. Simply put, you go from accepting the terms and conditions of an online service to determining what data organizations can use, for how long, and for what purpose. As a result, you create and share portable digital identities and credentials while staying in control of your data continuously.
Source: NITI
From an organization’s standpoint, building applications based on ORGANS can be a game-changer for your business. These futuristic applications not only put data privacy at the heart of your operations, but can also help you earn the trust of your customers. Not to mention that such applications will meet future compliance standards and can, overall, provide a competitive advantage for your organization.
Affinidi’s Consent Manager
Affinidi’s Consent Manager follows the ORGANS principles to empower you to create consent policies and handle your customers’ consent for using your services and applications. This plug-and-play solution can integrate with your existing or future applications and scale well with your business growth.
For more details on how you can use Affinidi’s Consent Manager, please reach out to us.
