ABSTRACT: Artificial Intelligence’s (AI) rapid ascent presents hope for a better future, but it negatively influences one of the most essential rights: Privacy. With the advancement in generality, the ability of AI systems to store and process large quantities of personal data poses genuine ethical and legal challenges. Understanding such a vital facet of current legal systems, this work explores the boundaries of legal frameworks and how the complicated relationship between AI and privacy rights can be managed in an Indian context. The everyday interactions on social media platforms and through social media applications, as well as all purchases made online and using a cell phone, contribute to the continuous production of personal data about Indian residents. Over 850 million Indians use the Internet, according to a 2022 poll by the Internet and Mobile Association of India (IAMAI), reflecting that the world is generating vast amounts of data. These data, often collected without the user’s explicit consent, are the fuel that makes AI engines run. “It does not occur to me to contemplate what happens with all the information I enter when signing up for a social networking site,” one of the focus group participants stated. The thought of it being used to my disadvantage in ways I might not yet know is rather worrying. “
KEYWORDS: · Artificial Intelligence (AI)
· Privacy Legislation
· Surveillance
· Ethical AI
· Data Security
RESEARCH METHODOLOGY: In an effort to inform readers about how AI uses personal data, this study explores how privacy rights are affected by AI. It will examine moral and legal issues in the contemporary corporate setting and offer recommendations for protecting privacy in the face of developing AI technology. The study will compare awareness among legal professionals and the general public using qualitative and quantitative methodologies such as surveys, interviews, and literature analysis. In order to ensure participant permission and confidentiality, data gathering techniques include surveys and interviews. The goal is to raise awareness of how AI affects privacy and to push for more stringent legal and moral guidelines to safeguard personal information.
INTRODUCTION: Artificial intelligence (AI) has transformed a number of industries in recent decades, increasing productivity but also posing serious moral and legal privacy issues. AI’s incorporation into industries like healthcare, banking, education, and law enforcement emphasizes both its advantages and disadvantages in India, a nation known for its IT innovation and varied populace. In order to determine if current laws and regulations are sufficient to protect people’ right to privacy, this research paper examines how AI both supports and undermines such rights. It discusses the socioeconomic and cultural effects, arguing for strong safeguards against AI invading privacy and making sure laws are strict enough to control new technology.
CURRENT LANDSCAPE OF AI IN INDIA: AI is finding favour with the Indian government as a tool to bring forth change in multiple sectors, streamline processes and enhance services. One of the significant causes of this shift is the government-backed Digital India campaign that planned to transform India into a digitally reinforced society relying on artificial intelligence technologies. AI is another topic commonly trending in the IT sector, and one of the significant areas in the application of AI services in India is public services. For example, it can automate different functions like administration to ensure government services are easily accessible and efficient to the citizens. This implies managing records throughout, from running records to delivering timely information/assistance to the citizens. In different areas of our lives, AI is at the forefront, but it radically changes diagnostics and treatment in healthcare. By implementing artificial intelligence, patients’ medical complexity can be identified, diseases can be detected in their early stages, effective treatment options can be suggested, and outcomes can be predicted. It not only positively impacts healthcare, but it also allows them to manage the available resources better. The agricultural sector is also among the industries that can leverage AI. Farmers apply AI techniques to keep track of the health of crops and climate conditions that prevail in the region and properly regulate the usage of water and fertilizers. This has the added advantage of promoting higher crop yields and ensuring less wastage, thus meeting the food security challenge better.
Nevertheless, adopting AI in these domains involves gathering and analyzing data, and personal information about people may be included in the analysis. Moreover, intimate data can include medical history, identification details, behavioural patterns, and consumptive preferences. While this data helps train the AI systems used in decision-making, privacy is also a big issue. This may result in exposing the client’s intimate information to third parties or mishandling the same, thereby threatening the client’s privacy.
LEGAL FRAMEWORK FOR PRIVACY IN INDIA: In the twenty-first-century civilization, the right to privacy is entrenched as a fundamental right in India. The Supreme Court well defined this in Justice K. S. Puttaswamy (Retd.) & Anr v. Union of India & Ors in 2017. Here, the court decided that privacy is one of the elements of the right to life and personal liberty provided under Article 21 of the Indian Constitution. This was one of the premises that took us closer to embracing privacy in our modern world. After this judgment, the Indian government developed the Personal Data Protection Bill (PDPB) in January 2019 in the Parliament. This bill’s principal objective is to provide a framework of regulatory measures concerning the collection, processing, storage and usage of personal data. In this case, the PDPB seeks to empower people and safeguard the personal information of various firms. These are important provisions of the PDPB. For example, it insists that firms get direct permission from the persons interested in collecting their data. It also lays down data localization, which means that a particular kind of data has to be stored in India.
Further, the bill also introduces the Data Protection Authority (DPA), which ensures adherence to the regulations or handles complaints. However, the PDPB has come under much criticism on several grounds. Another issue is that the bill grants ample privileges to government departments to limit many of the privacy requirements in some cases. Opponents have opined that these provisions may result in the rights of the government to misuse personal data and weaken the overall efficiency of the bill. There is still an issue with the interpretation of some provisions, which is a cause of confusion and divergence regarding how the PDPB will be enforced. Opponents also believe the bill needs to have more vital consequences for organizations that do not sufficiently protect personal data.
CHALLENGES TO PRIVACY POSED BY AI: AI helps solve numerous problems but has numerous privacy issues. India’s fast-paced emergent markets have brought to the forefront the following problems relating to data protection: I will explain these challenges in more detail and more clearly and simply as follows.
1. Data Collection and Surveillance
AI systems primarily depend on data, which are pre-programmed inputs. It assists in training these systems and enables them to make the correct predictions or decisions in future. However, in India, regarding data collection of data, it is often not adequately mentioned and lacks sufficient and proper protection. For instance, people do not seem to object to security cameras installed in various public facilities. Moreover, these cameras often come with facial recognition technology, which means they can tag people as they do their usual activities. This could go a long way in increasing security and arresting criminals, but at the same time, the key privacy issues are compromised. Many people are unaware of the amount and the kind of information being gathered about them, to whom this information belongs and for what purpose it is utilized. Thirdly, and most seriously, solid legislation is insufficient to impose proper precautions regarding these technologies’ application. Thus, this lack of regulation raises the bar on privacy invasion more often because there are few safeguards on using surveillance data. Thus, without controlled supervision, there is a risk that the collected data may become inappropriately utilized or will end up with the wrong individuals or organizations.
2. Data Security and Breaches
It also has a severe loophole, such as data breach exposure and cyber-attacks like any other AI system. Since these systems contain and process personal and often private information, they may include financial, medical, and identification data. To tackle such breaches, the infrastructure is still in its early stages in India, becoming a soft target for cybercriminals. Hackers are unique because the data breaches these people manage to cause are grave to human beings. Inappropriate information can be stolen and misused for personal gain, for instance, in identity theft cases or to carry out fraudulent activities. This threat is coupled with the fact that AI systems are themselves becoming targets. However, as in the case of any other system, if the standard hackers get access to an AI system, they can manipulate the outcomes and access other essential data. For instance, lately, the seemingly constant reports of data breaches in India have exposed information of at least millions of people. These incidents have highlighted the necessity for upping the cyber-security standards to prevent such risks.
3. Algorithmic Bias and Discrimination
AI, being an analytical algorithm, is trained on specific data to come up with results. However, if this data has some bias, these AI systems tend to reproduce and even enhance this bias. This becomes a susceptible issue since, in India, social discrimination based on caste, religion, and gender is a prevalent vice. For example, an AI system used in hiring will learn from past data that was discriminative against certain people and will retain that bias and only accept people from specific backgrounds. This may result in a discriminatory decision and perpetuate unfairness in providing services.
Likewise, when the AI systems applied in police work are taught with biased data, they can negatively influence the interaction with some population segments. There is unequal treatment, and, as a result, the privacy rights of the individuals are violated as they are subjected to unfair examination.
4. Lack of Transparency and Accountability: One of the main reasons corrupt practices can gain traction is the low level of transparency and accountability. Existing AI systems are ‘black box’ so that any decision-making that the system makes is not easy to explain. Such a limitation hinders the general accountability of the AI systems when their influence infringes on people’s privacy rights. For instance, if an AI system rejects a loan request or a candidate for a particular job, it can be challenging to explain why the decision was made. The decision may be imposed on the person affected, and he or she has no means of figuring out if the decision made was just or of accurate facts. This lack of transparency erodes people’s confidence in the AI systems used and acts as a barrier in preventing manufacturers and deployers of the systems from facing justice. Lack of transparency is a big issue in India, but it could be better. Mechanisms are required to explain and increase openness to the processes to address the necessity of AI decision-making. This might mean that the developers of the AI systems have to explain why specific decisions have been made and guarantee that people have an opportunity to protest against unfair decisions made by the AI systems.
ANALYSIS OF EXISTING LEGAL AND REGULATORY FRAMEWORKS: India has several rules and regulations that control data usage and safeguard privacy, particularly in light of the rapidly expanding field of artificial intelligence (AI). To better comprehend the advantages and disadvantages of these laws, let us examine them in more detail using plain language.
- Personal Data Protection Bill (PDPB): The objective of the released Personal Data Protection Bill (PDPB) was to protect and give individuals privacy on their data. Here are the critical aspects of the bill: Here are the critical aspects of the bill:
- Regulating Data Processing: The PDPB governs regulations that control how entities in companies and organizations can obtain, stock, and process personal data. It is to let the people have more say in what is being done with their data.
- Explicit Consent: Among them, there is the rule that before collecting personal data, one must receive prior and express consent of such person. This means people should have perfect knowledge of what data is being collected and for what purpose.
- Data Localization: Specific kinds of data must be stored – within the territorial India – as provided in the bill’s provisions. This is to ensure data is stored in India and the legal jurisdiction governing it is the Indian laws.
- Data Protection Authority (DPA): The bill seeks to establish an independent body known as the Data Protection Authority, which will be in charge of data protection, regulating adherence to the rules, and receiving complaints from the public. Despite these positive aspects, the PDPB has been criticized for several reasons:
- Government Exemptions: One major issue is the knowledge that the bill permits the government to ignore numerous privacy provisions in some situations. This means that government agencies could gather and process personal data, breaking the rules applicable to businesses. Opponents fear that this might result in data abuse and are against the idea sought to be achieved by the particular bill.
- Ambiguities and Enforcement: Some sections of the bill could be more precise, meaning people will doubt how best to implement the rules. The effectiveness of the regulations is also in question due to uncertainty of the DPA’s ability to enforce them critically and provide necessary power and resources.
2. Information Technology Act, 2000
The Information Technology Act, commonly called the IT Act, was passed to facilitate the legal structure of electronic governance and, more specifically, to deal with Cyber crimes. Here are the main points of the act:
- Electronic Transactions: The IT Act legitimates electronic records and signatures, making businesses and the government run efficiently online.
- Cybercrimes: Cybercrime is described, and a list of the crimes and sanctions for each are provided in the act. This comprises hacking, acts of identity theft, and even spreading viruses.
- Data Protection: The act contains some elements related to data protection, namely the prohibition of unauthorized access to the data and rules regarding secure data processing practices.
However, the IT Act has some limitations:
- Outdated Provisions: The act was established in 2000, and the current state of affairs needs to be better endowed to handle many new technologies, such as Artificial Intelligence. While useful, they do not provide detailed guidelines for some of today’s pressing concerns, such as algorithmic responsibility and explanation or anti-bias strategies, in which AI systems should make decisions without discriminating against specific populations.
- General Nature: The protection of data by the provisions of the IT Act lacks specifics and clear regulations on the peculiarities of protecting the privacy concerns characteristic of modern AI technologies.
3. Surveillance Laws: Surveillance in India is regulated under several laws, with the Indian Telegraph Act of 1885 and Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules 2009 being the major. Here is what these laws entail: Here is what these laws entail:
- Government Powers: Some of these laws allow the government extensive rights of interception, monitoring, and decrypting of communication to secure the nation, maintain law and order, and prevent crime, among several others.
- Limited Oversight: Some authorities authorize and monitor surveillance activities, though these processes must be considered sufficient. In most cases, it is internal within government departments with little external or independent scrutiny.
- Privacy Concerns: This assignment has led to concerns since the power entrusted to the government is very broad. It is feared that Surveillance could be initiated for want of a proper reason, and therefore, there would be a constant violation of an individual’s privacy.
RECOMMENDATIONS FOR ENHANCING PRIVACY PROTECTIONS: I provide the following suggestions for enhancing privacy protection:
1. Comprehensive AI Regulation: To handle the unique problems arising from the expanding AI technologies in India, there has to be stronger legal protection available. Regulations pertaining to the accountability, transparency, and bias control of these algorithms should also be included in this framework. It is necessary to establish an impartial regulatory body to supervise AI applications and uphold privacy standards.
2. Sturdying Data Protection Laws: The PDPB has to be strengthened immediately because it currently has some issues. These policies and procedures include tightening the penalties for violating data protection laws, reducing the exemption for government employees, and focusing particularly on creating cross-border information sharing policies. Equally important are giving individuals more control over their data and guaranteeing their ability to participate in the data collection process.
3. Sturdy Surveillance Oversight: It is recommended that much-needed revisions to the laws pertaining to surveillance be made, since they would essentially need adequate monitoring. The establishment of independent intuitions to authorize and oversee monitoring, the identification of covert surveillance activities, and the provision of routes for those with illegal surveillance to file complaints are the first three best practices.
4. Promoting Ethical AI Practices: It is essential to promote the growth of good practices in the use of artificial intelligence. This entails ensuring that there are diverse representations of people in development teams of AI systems, using checklists in auditing AI systems for biases, and strictly observing the ethical best practices of AI systems. Regarding enforcement of ethical AI practices, it is advocated that formal and informal partnerships between the government, industry and civil society can effectively develop benchmarks to guard the ethical application of Artificial Intelligence.
CONCLUSION: India has enormous potential in utilizing the association of the AI mentioned above technologies, but at the same time, these innovations challenge privacy rights on a distinctive level. India’s current PDPB and the Information Technology Act of 2000 still need to improve in handling the challenges posed by AI and hence need significant reinforcement. Some of these areas cover transparency in AI’s decision-making processes, strengthening data protection measures, and strengthening measures against cyberattacks. The decisions made by AI systems may be anchored on intricate algorithms that might be hard for individuals to comprehend; this means there are laws which require the AI systems to explain their decisions. Also, the ability of AI systems to collect and process personal data brings concerns about privacy infringements primarily due to existing legal vagaries and exceptions. It is imperative to increase controls to the maximum and achieve compliance with all organizations’ data protection requirements, including those of the government. Another essential direction is to fight algorithmic bias, according to which AI systems themselves reproduce prejudice in society and become a source of discrimination. The laws on Surveillance must be changed to establish tough checks and balances and conditions of openness to ensure that surveillance powers are not misused and that individual privacy rights are upheld. Incorporating extensive and moral legislation, India has the opportunity for AI to make constructive changes in the country while also defending the constitutional right to privacy in the age of technology and big data.
REFERENCES:
Binns, R. (2018). “Fairness in Machine Learning: Lessons from Political Philosophy.” Proceedings of the 2018 Conference on Fairness, Accountability, and Transparency.
Chander, A., & Le, U. P. (2014). “Breaking the Web: Data Localization vs. the Global Internet.” Emory Law Journal, 64, 677-739.
Kharbanda, V. (2019). “Data Protection Law in India: The Journey Ahead.” Journal of Data Protection & Privacy, 3(3), 223-232.
Mishra, A. R. (2020). “AI and Privacy in India: An Urgent Need for Legal Framework.” Journal of Law, Policy and Globalization, pp. 95, 33–45.
Narayan, A., & Sharma, M. (2021). “AI in Public Surveillance: A Critical Analysis.” Indian Journal of Public Administration, 67(2), 206-219.
Singh, P. J., & Gurumurthy, A. (2019). “Data Protection, Privacy, and AI: Challenges for India.” Economic & Political Weekly, 54(51), 42-48.
Varghese, S. (2018). “The Ethics of AI: Considerations for Policymakers.” Journal of Ethics and Information Technology, pp. 20, 1–13.
SUBMITTED BY: Dhriti Gupta
OP Jindal Global Law School