In recent times, we have seen many Generative AI incidents which were not good for society to come across, like deep fakes. Generative AI is based on a large language model and uses deep learning and large sets of data to generate new content. In India, the integration of AI technologies across sectors is very rapid. Generative AI has the potential to add $1.2- 1.5 trillion to India’s GDP over seven years according to EY under a report titled “AIdea of India: Generative AI’s potential to accelerate India’s digital transformation”. Minister of State for Electronics and Information Technology stated the government’s intent to regulate AI to safeguard "digital citizens". The current state of Generative AI in India paints a picture of innovation and promise. Generative AI applications are unlocking new possibilities, yet they come with challenges. The absence of dedicated Generative AI regulations raises questions about governance, ethics, and societal impact of technologies...
Parliament of India passed Digital Personal Data Protection Bill,2023. Here are some key takeaways related to the document published on PRS Legislative written by Saket Surya
The #DIGITAL_PERSONAL_DATA_PROTECTION_BILL, 2023 applies to the processing of digital personal data within India, whether collected online or offline and digitized.
HIGHLIGHTS:
🔗Personal data can be processed only for a lawful purpose with the consent of the individual, except for specified legitimate uses.
🔗Data fiduciaries are required to maintain data accuracy, security, and delete data once its purpose is fulfilled.
🔗The Bill grants rights to individuals, including the right to obtain information, seek correction and erasure, and grievance redressal.
🔗Government agencies can be exempted from certain provisions of the Bill in the interest of national security, public order, and prevention of offenses.
🔗The Data Protection Board of India will be established to adjudicate non-compliance with the Bill's provisions.
Key Issues:-
❓Exemptions for data processing by the State on grounds such as national security may lead to excessive data collection, processing, and retention, potentially violating the right to privacy.
❓The Bill does not regulate risks of harm arising from personal data processing.
❓The right to data portability and the right to be forgotten are not granted to data principals.
❓The transfer of personal data outside India is allowed, except to countries notified by the central government, raising concerns about data protection standards.
❓The short appointment term of members of the Data Protection Board may impact its independence.
🌻EXEMPTIONS TO THE STATE AND PRIVACY IMPLICATIONS:
The Bill provides exemptions for data processing by the State, which may result in unchecked data processing and potential violations of the right to privacy.These exemptions allow government agencies to collect and retain personal data beyond what is necessary, raising concerns about proportionality and privacy rights.
🌻ADEQUACY OF PROTECTION FOR CROSS-BORDER DATA TRANSFER:
The Bill allows the transfer of personal data to countries not restricted by the central government, without explicit protections.This mechanism may not ensure adequate protection for personal data stored in countries without robust data protection laws, potentially leading to breaches and unauthorized sharing.
🌻IMPACT OF SHORT APPOINTMENT TERM ON BOARD INDEPENDENCE:
Members of the Data Protection Board will serve for two years and can be re-appointed. The short appointment term with the possibility of re-appointment may affect the independent functioning of the Board.LinkedIn
#dataprotectionbill #dataprotectionlaw #dataprotectionsolutions #india
#legislation #parliament #monsoonsession #policyanalysis
Comments
Post a Comment