In the age of AI, corporates will not share their sensitive business data with technology providers. The proof of this is the fact that hybrid clouds are growing the fastest. This fact is also clearly indicated by IBM’s bet on the hybrid cloud which is paying off for the company.
The issue of ‘protection of personal data’ is not impacting technology direction today due to lack of influential capability. Individuals are too small to have any significant personal say on the choice of design direction of large AI technology systems which process their sensitive personal data. Yet they own their personal data. Exploiting this weakness, technology companies and venture capital have prioritised growth and returns of AI systems over doing what is right where personal data is concerned. Their intention being to gather the maximum personal data (raw material) possible to train AI systems which will ensure commercial growth and profitability for themselves.
In such an environment, Governments and Regulators have the responsibility to protect private citizens and their data.
The right to data ownership and data privacy are guaranteed by the constitution. Governments must also support the ‘right to education’ of citizens regarding AI, its benefits and drawbacks. Due to lack of this knowledge, individuals are unable to make informed decisions on issues affecting their lives in major ways caused by the progress of AI driven by commercial interests. Government needs to urgently step in to protect the private citizen.
The argument that we should give maximum freedom for AI innovation in our AI laws and thereby permit personal data ownership rights to be violated is a flawed one. Innovation in AI is not advisable at the cost of loss/dilution of ownership rights and control of personal data of individuals.
Fortunately, data can be processed on the personal device without any technical limitation. Since the individual owns the data, the appropriate location where personal data should be processed is on the individual’s own device, so that sensitivity, confidentiality, individual’s identity and rights are not compromised in any manner whatsoever. Processing the data on the individual’s own device constitutes the safest and most secure way of processing sensitive personal data fully protecting the individual’s rights.
There are three major directives that need to be enforced through the DPDP Act:
- Individual personal data must be processed on the individual’s device.
- Individual personal data must not leave the personal device for any purpose whatsoever.
- The choice and use of AI functionalities must be with the individual as opt-in features.
Personal data ownership rights have been guaranteed in our Constitution and they must be upheld by our laws in the rapidly changing technology environment. More importantly, upholding these rights in our laws sets the rules for our peaceful co-existence in daily life. Ignoring or postponing this important issue in our laws just because there is no backlash from individuals will cause irreparable harm at a later stage of AI’s progress.
Just like businesses will not permit their sensitive data to be processed on public clouds and they insist on processing their data on their own private clouds, individuals must have their most sensitive data processed on their own devices. Technology companies should modify their system architectures to support the three principles stated above. The enclosed paper1 explains technical details of the issues involved in protecting individual personal data.
Reference:
Follow link