Image: Ajay Mohanty
The Information Technology Industry Council (ITIC), a global technology industry body, has urged the Indian government to strike a balance between individual privacy and innovation in the country’s upcoming Digital Personal Data Protection Act (DPDPA).
ITIC, which represents 80 technology firms including giants such as Apple, Amazon, Google, Dell, and Microsoft, also advocates the use of aggregated sensitive personal data to promote artificial intelligence (AI)-driven innovation in India.
Jason Oxman, chief executive officer and president, ITIC, who met with officials from the Ministry of Electricity and IT, and the Prime Minister’s Office during his visit to India last week, said that the Indian government, in adopting the regulations, should keep in mind. the impact they can have on the success of AI in the country.
“The best AI made available in India is the best data-driven AI. And the use of data in AI has incredible potential to change lives for the better in India in areas like medical diagnostics,” Oxman said in an interview.
Taking an example of the use of AI in the medical domain, he explained, “AI can help doctors in determining whether a growth is cancerous or not based on an image, or it can provide the best course of treatment based on symptoms. The way AI can help doctors do that is because it is structured by the most comprehensive data possible. “
“The data protection law mandates the protection of personal medical information when individuals are not identified. However, aggregated anonymous data, which is important for AI in medical diagnosis, for example, can be used, even if it involves sensitive information, and this is how it should be in the upcoming regulations,” he added.
ITIC members are also concerned about the timelines that will be set for compliance with the DPDPA once the rules are out.
The technology body has asked the Ministry of Electronics and IT for 18-24 months to comply with the law, citing international practices.
“What we suggested to the government is that there are best practices around the world in terms of compliance timetables, which are usually 18-24 months to make sure that companies have enough time to adapt to the new rules,” said Jason.
“It has been talked about in terms of immediate effect in a few weeks, but it takes a long time for products to be brought into compliance with regulatory requirements. So, yes, we have proposed to comply with international standards set for those kinds of things,” he added.
Jason argued that compliance, in India’s case, would require addressing multiple languages, information transfer mechanisms, and reuse of existing resources.
“Therefore, the important thing is to allow enough time for the industry to do this properly, as the government would like it to be done properly,” he added.
It has been over a year since the Digital Data Protection Act (DPDPA) was passed in August last year.
However, the pending notification of the rules made the law ineffective. Once the rules are announced, there will be a period of public consultation, followed by the establishment of a Data Protection Board (DPB).
First published: Sep 22 2024 | 6:29 PM IST