Data and Trust, go hand-in-hand

So much is talked about using GST data owing to its coverage, depth and recency. However,

anyone who has worked with GST data, would know user consent is the step that creates friction in the user journey. Why so?

• Data fetch typically happens behind the scenes i.e. using APIs
• Though one time task, the taxpayer should have enabled API access.
• For any application that wants to fetch GST data from the Government system using APIs, a secured session with GST system needs to be set.
• For a secured session, OTP is needed and OTP is sent to the authorised signatory.

Well, that’s the proper and legal way of getting data from GST system.

The alternative route is web-scraping. Get taxpayers login credentials of GST portal, use it to log in to the GST system programmatically and fetch data. While this does violate the GST Portal Policies, we do see scraping practice is followed in some applications.

When we launched Peridot 5.0 with the GST Compliance module, explicit user consent via OTP has been the modus operandi.

We (IRIS) have been in the compliance space for decades and serving both – the regulators as well as the companies. The importance of data, its confidentiality, permissions and consent – everything is imbibed in our organizational culture ( and of course in me).

To put it interestingly, I consider ourselves as “Bharat” of Ramayan. We are the trustees of data and take care of it diligently, but do not exercise any right (or misuse) on the data.

Well, I have grown up seeing the great Indian Epics, Ramayana and Mahabharata. When the lockdown was imposed last year, I religiously watched the repeat telecast too. In general, I have a great fascination for Indian Mythology (yet to go global for this) and read a lot too. Happens quite naturally for me to find mythological metaphors and notice the resemblance of any situation and people with the Epic characters.

In data parlance, broadly I see two styles of handling what’s entrusted with you

• The “Bharat” way – When Lord Ram went into exile, Bharat was declared the king. But he didn’t take ownership of the kingdom, however, took up the responsibility as his own. That's the epitome trustee approach where you handle something as your own but do not own it.
• The “Duryodhan” way – The ownership is under dispute and Duryodhan, one of the contenders for it and applied all tricks and tactics to get the control. While the fight was for the position of King, the kingdom did not suffer (from what I have read). Duryodhan was a good administrator and took good care of his subjects (again from my reading).

In both these cases, the kingdom and its subjects have been taken care of well. The difference is the attitude towards ownership. Bharat is detached, yet responsible. Duryodhan claims ownership, also responsibility. To think of it, there can be more styles and variations as well – The Bhishma way and The Krishna way, The Kunti way and some more. That analysis for some other time.

Coming back to the present, when it comes to data and consent to use the data, trust and a transparent way of doing things are of utmost importance.

Even in India stack, the Consent layer is one of the fundamental pillars. Be it UPI payment or now in the new Account Aggregator framework, any data sharing or transaction happens only after user consent. No application store (nor will any user give) bank login credentials and let things happen in the background.

And I feel the same precaution should be taken for GST data as well.?The bigger (and the hidden and the unknown ) risk with sharing login credentials is that anything beyond just fetching data can be done. And this can happen without taxpayers knowledge.

While I hope some innovative and different ways should be implemented in GST system so that the initial hurdle of enabling data exchange through APIs is taken care of the control should still remain in the hands of taxpayers – what they want to share, with whom, when and how long.

Important Disclaimer - References to Ramayana and Mahabharata are my personal views and perspectives. Let me say it’s “My” way of thinking and analysing. And no intention of hurting the religious sentiments and values of anyone.