ITIC urges India to balance privacy and AI innovation in DPDP rules | News
The Information Technology Industry Council (ITIC), a global technology industry body, has urged the Indian government to strike a balance between individual privacy and innovation in the country’s upcoming rules for the Digital Personal Data Protection Act (DPDPA).
ITIC, which represents 80 technology firms including giants like Apple, Amazon, Google, Dell, and Microsoft, also recommends the use of aggregated sensitive personal data to foster artificial intelligence (AI)-driven innovation in India.
Jason Oxman, chief executive officer and president, ITIC, who met officials from the Ministry of Electronics and IT, and the Prime Minister’s Office during his visit to India last week, said that the government of India, in adopting regulations, should be mindful of the impact they can have on the success of AI in the country.
“The best AI made available in India is AI that has been programmed with the best data. And uses of data in AI have the remarkable ability to change lives for the better in India in areas like medical diagnosis,” said Oxman in an interaction.
Taking the example of AI’s use in the medical domain, he explained, “AI can assist doctors in determining whether a growth is cancerous or not based on the image, or can prescribe the best course of treatment based on symptoms. The way AI can help doctors do that is because it is programmed by the broadest possible data set.”
“The data protection law mandates safeguarding personal medical information when individuals can be identified. However, anonymised aggregate data, crucial for AI in medical diagnosis, for example, can be used, even if it involves sensitive information, and that is how the approach should be in the upcoming rules,” he added.
Members of the ITIC are also concerned about the timelines that would be prescribed for compliance with the DPDPA once the rules are out.
The tech body has asked the Ministry of Electronics and IT for an 18-24 month period for complying with the legislation, citing global practices.
“What we’ve suggested to the government is that there are global best practices around compliance timetables, which is generally 18-24 months to make sure that companies have enough time to adapt to the new rules,” said Jason.
“Timelines have been talked about as soon as effective immediately to a few weeks, but it does take a very long time for products to be brought into compliance with the regulatory requirements. So, yes, we have proposed alignment with global standards that have been set for those kinds of things,” he added.
Jason argued that compliance, in the case of India, could require dealing with multiple languages, information transmission methods, and retroactive application to existing services.
“Thus, the key is allowing enough time for the industry to implement these correctly, as the government would also want it to get done the right way,” he added.
It has been more than a year since the Digital Personal Data Protection Act (DPDPA) was passed in August last year.
However, the pending notification of rules has made the regulation virtually ineffective. Once the rules are notified, there will be a public consultation period, followed by the establishment of the Data Protection Board (DPB).
First Published: Sep 22 2024 | 6:29 PM IST