Page 51 - Banking Finance August 2025
P. 51
ARTICLE
Secure Multiparty Computation (sMPC) - As the name
suggests, this technique allows multiple entities to carry on
computations on data sets ensuring that data confidentiality
is maintained to certain extent. The underlying information
is protected from the parties involved in the computation.
As such sMPC can help aggregate sensitive data without
requiring any data contributor to disclose their own data.
sMPCs are immensely useful to manage the risk of privacy
infringement when organizations are required to share their
datasets with external entities for analysis or when processes
demand that external experts be appointed to analyze
datasets.
Secret Sharing Schemes - Secret sharing schemes are
technologies which manage secrets by distributing it into
multiple entities which work together. In this scheme, data
is divided into multiple fragments called "shares". The already been notified by the government in January,2025.
original data can only be restored when a certain number The final rules, which will operationalize the Digital Personal
of shares are collected. Due to this property, information Data Protection Act, 2023, are expected to be released
about the original data cannot be obtained unless a certain soon. Hence, banks need to ensure that they build a robust
number of participants collude to gather the shares. framework for protecting digital personal data that they
collect in the process of providing banking service. Some of
Homomorphic Encryption - The alternative method for the key areas where PETs will be of immense use in this
secure computation is homomorphic encryption. In general, regard are detailed below:
binary operations like addition and multiplication cannot be
performed on encrypted data. But by use of homomorphic (A) Consent Management
encryption, operations can be performed while the data is To comply with DPDPA, banks are required to get their
encrypted (i.e. operations are done on the cyphertext of a customers valid, informed and explicit consent prior to
value). Upon decryption, the resultant data (plaintext) collecting or processing personal data. Further, they should
obtained matches with the result that is expected if also establish systems and procedures for withdrawal of
operation had been carried out on the original value. consent.
Zero Knowledge Proof (ZKP) - It is a method of verification Role of PETs:
wherein the verifying authority gets to know whether the To guarantee tamper-proof consent records, platforms for
data subjects claim is true or false without revealing any
automated consent management can be used. Artificial
additional information. For instance, if an individual is
Intelligence -powered PETs can assist users in dynamically
required to prove that he is over 18 years of age for availing
managing consent preferences and at the same time
a service, the service provider can use ZKP for verifying the maintain transparency. PETs such as Zero -Knowledge Proofs
same without collecting any age proof or without knowing allow for verification of consent status without disclosing
the user's real identity. Effective use of ZKP can help unnecessary personal data. In the Indian context, Ministry
organizations during implementation of data minimization of Electronics & Information Technology (MeitY) has
principles. It can do away with the need to collect additional introduced an Electronic Consent Framework wherein use
documents for routine uses such as verifying information as of "consent artefact" for sharing of data is suggested.
part of any Application process.
(B) Data Principal Rights Management.
How can banks leverage PETs for
DPDPA requires that banks provide rights to data principals
compliance with DPDPA? (owner of the personal data) for accessing, amending, and
The draft Digital personal Data Protection rules have removing their personal data. In this regard, Identity and
46 | 2025 | AUGUST | BANKING FINANCE
