Data protection law is the need of the hour to protect privacy in the era of AI

Solutions in the Artificial Intelligence (AI) domain depend on large amounts of data on individuals, entities and communities. Currently, this data collection happens without proper consent of users. Hence, protection of user privacy in an AI-dominated era assumes significance as the data collection is occurring in a non-transparent manner. There are two major aspects of collection and usage of data. First, companies are inappropriately using it as they gain insights about consumers. Second, companies are amassing large data sets in a bid to gain, and consequently build, an unfair competitive advantage. The 17th parliamentary elections are an example of both these issues. In the just-concluded elections, some political parties used data to understand voter behaviour by data mining of social media. Major parties have also amassed large amounts of data on users and are using them to gain a competitive edge while infringing upon citizens’ privacy. These companies have IT tools to analyse the obtained data. This information helps the companies to build a first mover advantage when it comes to driving business value. [caption id=“attachment_6694281” align=“alignnone” width=“1280”]  CCTVs breaching privacy[/caption] S Gopalakrishnan, joint secretary, Ministry of Electronics and Information Technology (MeitY), explained the dire need of a regulator and legal safety net to protect user’s data. “We need a consent mechanism, law and regulator. The AI needs data, which includes personal information. Based on personal data, a profile of an individual can be created, and that may lead to the user’s loss. We need a regulator and regulations to protect personal data. A privacy bill will lead to seamless evolution of these technologies. In the absence of a data protection bill and regulator, there can be a breach and users can and will be harmed. Ideally, a good data protection law will adapt to new emerging technologies,” he said. Companies need to create awareness among users to safeguard their privacy and online rights Dr Lovneesh Chanana, Vice President (Digital Government), Asia Pacific and Japan, SAP, agrees with the challenge posed by emerging technologies. “The potential of emerging technologies calls for responsible use for both technical and social domains. User awareness is the key to safeguard privacy rights.” A legally binding data protection framework is the need of the hour. The data protection legislation, as proposed by Justice Srikrishna Committee is timely, and the new government must implement it pronto. There are seven core principles such as Informed consent, technology agnosticism, data controller accountability, data minimisation, holistic application, deterrent penalties and structured enforcement that must be followed for data protection. The legislation should also look into international best practices like the European Union’s General Data Protection Regulation (GDPR) guidelines while framing the law. Anurag Saxena, global head of Strategic Initiatives, Microsave, has a word of caution about privacy laws. He says, “We cannot put every emerging technology platform in one bucket when we talk about privacy. Artificial Intelligence, IoT and Blockchain are three different packets. If we go by design, blockchain is all about the decentralised ledger and decentralisation is something which protects privacy. When it comes to AI and IoT, it’s more about user experience. It all depends on the way you design the solution. It is possible to protect the privacy because it is designed in a way we don’t want to use the data of individual or to identify the individual.” From the above, it is clear that technology can prevent or interfere in privacy. Therefore, there is a strong need of a regulator. Some countries have gone ahead and also established sectoral regulators. Japan and Germany have developed new frameworks applicable to specific AI issues such as regulating next generation robots and self-driving cars respectively. There is a real need of education to companies and users of applications while dealing with privacy issues in the era of AI. Also, the AI developers should adhere to international standards and ethics. The Global Initiative on Ethics of Autonomous and Intelligent Systems of the IEEE has a chapter on ‘Personal Data and Individual Access Control in Ethically Aligned Design’. Indian enterprises and developers need to build these standards into AI design itself. In order to promote the AI, MeitY is planning to set up a ‘National Centre on Artificial Intelligence’. The ministry has set up four committees on AI which include: • Committee on Platforms and Data for Al • Committee on Leveraging Al for identifying National Missions in Key Sectors • Committee on Mapping Technological capabilities, Key Policy enablers required across sectors. Skilling and Re-skilling, R & D • Committee on Cyber Security, Safety, Legal and Ethical Issues The report of these committees has been examined and based on the recommendations, MeitY is setting up a ‘National Centre on Artificial Intelligence’. However, the immediate task of the new government that will be formed will be to work out the Data Protection Bill. The report and the draft Bill were placed in the public domain and comments were sought, feedback has been received. Now, steps are afoot to bring about data protection legislation.