The Data Privacy Framework must focus on striking a balance between digital economy and privacy without deterring the growth and use of technology
Today, Artificial Intelligence (AI) tools are being widely used for various applications across sectors. The BFSI sector too is aggressively integrating AI, machine learning and deep learning algorithms into its existing products and services to process large amounts of data. Having said that, the next question that arises is how these organisations are going to adopt responsible data management practices and develop technologies that protect data privacy.
Let’s hear from industry experts if Indian organisations are adopting leading practices to monitor, assess and manage privacy-related risks as the country gears up to comply with privacy and data protection regulations.
Regulations must help drive innovation while protecting privacy of individuals
“The privacy regulations proposed by the Sri Krishna Committee will force data protection by design and not as an afterthought in addition to introducing policies that will help organisations architect technology stacks to protect and safeguard personal data. A key consideration of the Data Privacy Framework must focus on striking a balance between the digital economy and privacy without deterring the growth and use of technology. The data localisation mandate that aims at securing critical data should ensure that innovation does not take a backseat or become a trade barrier,” says Venkat Krishnapur, Vice-President of Engineering and Managing Director, McAfee India.
“The regulations should also aim to take into account the relevant data needs of AI engines in order to derive meaningful inferences from the data set for the betterment of processes and outcomes and help drive innovation whilst at the same time protecting the privacy and rights of individuals,” he adds.
“This policy will impact all the functions of an organisation's operations. Hence, more guidance and support are needed to accelerate efforts towards driving this transformation. Organisations must take up a proactive approach that goes beyond only the regulatory requirements and develop a culture of privacy by design. The commitment towards secure handling of their customer’s personal data will help achieve trust, which in turn will act as a key enabler of growth. This makes the case for Data Leakage Solutions where such applications mitigate the risks of data compromise even stronger than ever before,” says Krishnapur.
Right balance between right to privacy and ease of doing business is key
“Personal data has emerged as the single most important roadblock for the evolution of information technology to take place. The long awaited and the much-needed Personal Data Protection Bill, 2018 is expected to be passed in the Indian Parliament in June 2019, after the general elections are over. Although the bill has been drafted along the lines of EU GDPR, considerations have been given to the unique data privacy and data protection requirements of India and methods to address the same. Explicit consent by the individual, privacy as a fundamental right, mandate on data localization and penalties for breach are the some of the key imperatives captured in the Bill,” explains Sriram T V, Head of Business Development & Consulting, Juniper Networks, India and SAARC.
“The expert committee has made an attempt to plug the loopholes of the prevailing data protection framework and formulate a data protection law that will cater to the dynamic needs of Digital India. Data is a critical asset in the digital economy and hence the Bill has to be fine-tuned to achieve the right balance between an individual’s right to privacy and the ease of doing business in India. Last, but not the least, the success of the new law will depend on its effective implementation and ease of adoption," he adds.
Regulation on usage of customer data is still lax in India
“In a typical AI implementation, key aspects center around purposes of personal data processing, legal basis of the data and audits and controls around the access of the data. For ex., AI may cause the processing of data for purposes other than original set, an age profile on a loan application may cause the system to promote certain other product that the client has no interest in buying,” says Jaya Vaidhyanathan, President, Bahwan CyberTek.“Europe’s GDPR regulations concerning data privacy, are currently in the way of AI implementation as they expressly prohibit usage of certain customer data. In this regard, regulation on usage of customer data is still relatively lax in India, presenting both opportunities (development of better AI systems that consume more data for optimal decision making on behalf of humans) and challenges (litigation around breach of privacy),” she adds.