Artificial Intelligence (AI) today is rapidly changing the face of technology. But with the ability to create devices and systems capable of autonomous decisions, arises the need for legislation to monitor AI. Amazon’s now scrapped AI recruiting tool is a prime example where it was discovered that the AI tool had a bias towards men since it had been trained on 10 years of data when men held most tech positions. As we constantly move towards a more technology integrated world, the need for the right balance in legislation grows more important. It needs to protect the rights of the citizens alongside ensuring that it is not a hindrance to technology and business growth. The world is dealing with AI advances in myriad of ways, with it being significantly impacted by the culture and region. To understand this, let us look at some cases in the US, European Union, & China in order to understand where India stands midst the global movement to bring in new legislation.
Trends & Legislations Around The world
Recently, 13 states across the US placed a ban on the use of facial recognition technology by the police. Interestingly, 12 of these 13 cities were democrat-elect, implying the cultural difference within a country itself.
The European Union is the gold standard when we talk about data privacy and laws governing the various aspects of technology. To protect individuals’ rights and freedom the article 22 of the GDPR, “Automated individual decision making, including profiling,” has ensured the availability of manual intervention in automated decision making in cases where individual’s rights and freedoms are affected. The first paragraph, “The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her,” and the third paragraph, “the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision,” provides the right for manual intervention to individuals. This is instrumental in situations where decisions made by an AI system impacts an individual.
China is one example where AI technology is used as a tool of oppression. The Chinese government has complete control over the data across the nation and uses facial recognition technology as a tool of authoritarian control to monitor and profile a minority.
The question that arises is, why do we need to look at these different legislations?
In today’s globalised economy and lifestyle, these legislations directly impact organisations and their style of working. Start-ups and SME find it much more difficult to deal with the regional changes due to the lack of a uniform global legislation or standards. This is why it is important for India to ensure that we have a legislation which fits well in the global context.
Legislation In India
India’s 2019 PDPB is stuck in parliamentary procedures. Organisations are still waiting for the day it is passed so that they are given a timeline to comply with the new regulations under the PDPB.
Let’s take a look at some of the provisions in the Bill related to consumers data. These provisions are instrumental in protecting the consumers rights. They also impact the way organizations conduct business, specifically start-ups and SMEs.
The Bill gives consumers the rights to access, correct and erase their data in its current form (Refer: Clause 19 of the PDPB “Right to data portability” under Chapter 5 “Rights of the data principal”). This is something that all organizations will have to comply within the timeline stipulated by the government. From a commercial perspective, data transference will be a major challenge, with its impact being harder on start-ups and SMEs. This does provide an avenue for new companies to provide services that help complying with the PDPB laws but will also impact start-ups and SMEs that rely on the consumer’s data and inferences of the data.
There is also a provision for organisations to be included in a Sandbox created by the authority. Organizations included in the Sandbox will have exemptions for 12 months, with possible extensions to a total of 36 months. But the exact functioning, the selection process of organizations or any benefits that would be provided to SMEs, is unclear.
Lastly, provisions around data localization and storage dictates that organisations should store the data physically within the country. This has incited a lot of arguments on both sides. From an organisational perspective, however, it might lead to companies setting up new data centres for local data storage which may result in increased pricing for the services offered impacting start-ups and SMEs.
All these discussions boil down to the fact that technology is evolving quickly and as a nation, it is crucial for the law to take this into account. The PDPB is a monumental step for India when it comes to the protection of its citizen’s privacy and rights. However, the impact it may have on business opportunities directly impacts our nation’s development.