Introduction;
We are surrounded by Artificial Intelligence, or ‘AI’ as widely known, in almost every juncture of our lives. Right from voice assistants or facial recognition features on our phones to the many enthralling concepts like the self-driving cars, AI is uniquitous. But do we know enough about AI and its implications? One of the biggest factors that help AI function is data. The more data it gets, the better it processes and performs. And when collection and processing of data comes into picture, privacy becomes a real concern. Even the apex court corroborated the importance of privacy by including it under the ambit of fundamental rights in 2017.So with a right in place for privacy, where does the line exist that limits data gathering for AI processing, and the remedy if this right is violated? The threats of data collection and processing are multitudinous which makes it extremely important to make people aware of their available rights and remedies.
The threats;
· Facial Recognition Technologies (FRT).
While people adore how quickly and conveniently facial recognition unlocks their phones, privacy issues might occur when people are identified using facial recognition technologies. Concerns occur mainly when this technology is employed without the users’ knowledge or agreement, especially when using biometrics because they are personal to each person. Many people are concerned about the widespread use of technology-based surveillance. In order to conduct comprehensive citizen surveillance, the Chinese government, for instance, has been accused of adopting face recognition as one of its instruments. As Face recognition data is still frequently hosted by businesses on local servers, Face ID credentials are exposed to potential security risks due to inappropriate data storage
· Profiling.
Data profiling is the process of identifying correlations between data in databases. Individualized services are the purported benefits of it. But is it really a benefit? Digital footprints can be used to infer personal information about a person. Profiling also has the capacity to use data from many sources in order to predict an individuals’ behavior. This results in the accumulation of personal information. Predictive algorithms are yet another concept that raises concern in this regard. It is increasingly being utilized by the financial sector to rate people in a variety of spheres of their lives, including whether they have credit risk capacity, desired workers, dependable tenants, or valuable clients. As new information generated by predictive algorithms is outside of the control of the person, predictive analytics creates new privacy issues for people. Similarly, users of location-based services are subject to a number of privacy issues as well. The concept of Automated decision making also ignites some privacy concerns as it involves making of a decision relevant to an individual without any human involvement.
· Lack of algorithmic transparency.
Peoples’ lives are largely dependent on the inference made by the algorithms, this includes loan approvals, hiring processes, shopping decisions, likes and dislikes etc. A lack of transparency in employing these algorithms raises a big concern on the trustworthiness of the decisions thus taken. Furthermore, there have been a lot of debates about algorithms being unbiased. The engineers or software developers in charge of building an algorithm may make choices that influence results in certain ways. The implicit and unconscious biases that algorithm developers may have can also be reflected in the design of the algorithms.
· Other Threats:
The data collected by AI can be used to analyze social networks and find influential people who can then be contacted with offers or misinformed materials.
On media platforms algorithms are employed to draw users towards or away from specific material. Information collected through AI can be processed and used to influence voters' voting decisions.
AI has various privacy risks, but there are also measures in place to address these concerns.
What does the Law say?
General Data Protection Regulations:
International data protection rules cannot be discussed without bringing up the General Data Protection Regulations (GDPR), which is applicable on all the EU nations. The GDPR includes provisions for profiling and automated decision-making when it comes to AI. It provides these provisions on the grounds of fairness, transparency and the right of human intervention to challenge the outcomes.
India's bill to address these challenges takes a lot of cues from GDPR and includes a slew of similar features.
The Indian perspective:
In India, the Information Technology Act of 2000 contains specific sections that deal with internet privacy and data protection. ‘Aadhar’, the first biometric identity card for residents of India, raised concerns about data privacy. The establishment of a sizable resident database and the use of it by outside service providers gave rise to concerns about data privacy. Now, a new bill addressing these issues is in the making. Along with the other issues, the Personal Data Protection bill also addresses the threats of AI. The proposed bill is not against the usage of AI but restricts its employment for legitimate purposes (chapter 2, clause 4). The following are some privacy concerns that the bill addresses:
Under chapter 2 of the proposed bill,
Clause 5 mandates data processing in a fair and reasonable manner and binds it to the fulfillment of a specific consented purpose.
Clause 6 bars the collection of data that is irrelevant to the purpose of such collection and sets a limit on the extent of data that can be collected.
Clause 7 puts in place the concept of giving notice before collection of data and mentions provisions for various situations.
Clause 9 sets a limit on the period of usage of data collected and directs its deletion later and thus restricts the retention of personal data.
By way of such similar provisions, once enacted, the bill would, to a lot of extent, help in the mitigation of the major privacy concerns. This includes the privacy threats induced by AI.
Suggestions and Conclusion.
At present, laws in India do not completely tackle the issues of data protection when it comes to AI processing, and hence,the enactment of the proposed bill is of priority. It has to be understood that the core idea of framing and enacting law in this regard is not to restrict but to regulate. A significant amount of human workload has been lifted thanks to AI, and this is a positive development that cannot be overlooked. While, the development should be completely utilized for the gains it claims, ensuring no sacrifice has to be made in return is also important. Since, there are no physical bounds when it comes to the functioning of AI, setting up a treaty based international regulation for collection, processing, retention and usage of personal data via AI might prove helpful. This will help in holding those using AI tools accountable and ensure confidentiality throughout, and not just in a domestic state where a legislation has been put in place for their protection.
Written By,
Anjali Nair.
Intern , Chanchlani Law World.
Comments