Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.
As this column publishes, it is peak summer in India and the mercury levels have been surging. A recent study by the Council on Energy, Environment and Water finds 57% of Indian districts covering 76% of the country's population are currently in the "high to very high" heat risk bracket. Yet, the world of digital governance marches on.
May began with news of a 30 April landmark ruling by the Supreme Court of India, in which the court declared digital access is a fundamental right, an integral part of the right to life and liberty — under Article 21 of the Constitution of India. The court's ruling articulates and recognizes these rights are not just in the physical realm, but the digital realm, too.
The ruling came in response to a petition by two acid attack victims who, as a result, experienced facial disfigurement and 100% blindness. Due to this, the victims have faced difficulties completing the digital Know Your Customer process that requires a "live photograph" by blinking. This has further prevented them from opening a bank account and purchasing a SIM card from mobile service providers.
Meanwhile, as we have seen, use cases continue to emerge where the associated privacy risks are being questioned, along with concerns as to whether they could be addressed by India's Digital Personal Data Protection Act.
For example, Meta recently launched its artificial intelligence-enabled sunglasses in India that enable video recordings. Questions have emerged around how the target individuals of such video recordings will know and have a say if they are being recorded, thus leading to potential privacy violations.
Also, the government of India recently started rolling out e-passports with embedded Radio-Frequency Identification chips. The chips contain personal and biometric data including facial images, fingerprints and iris scans, all in an encrypted format. The concern is a lack of associated rules around who else, aside from border control systems, can access this data and how users would know if their data was being accessed.
Interestingly, the unanswered questions in the vast domain of digital governance are slowly but surely bubbling up to the surface in government and policy circles.
On 28 April, the Department for Promotion of Industry and Internal Trade announced the formation of a committee to examine copyright issues in the context of AI. The committee will look at whether the existing Copyright Act of 1957 is equipped to handle the proliferation of AI-generated content, given how AI tools are increasingly being used to produce images, music and other creative work often using existing copyrighted material.
Meanwhile, the Department of Telecommunications under the Ministry of Communications and Information Technology published security guidelines for satellite-based communication networks 5 May. One of the key themes is localization.
For example, under these guidelines, network control centers, gateways and lawful interception and monitoring systems need to be located within India. Services are required to be geofenced within India with real-time location tracking of all user terminals. User registration and authentication needs to occur domestically. Further, copying or decryption of Indian telecommunication data outside the country is prohibited. These have been as expected, given the heightened focus on national security after the recent geopolitical conflict in the Indian subcontinent.
While policymakers and governments do their bit to set new regulations, the courts march ahead within the existing legal framework.
Recently, the Allahabad High Court in the state of Uttar Pradesh held that someone liking a social media post does not amount to the person publishing or transmitting the same. This came about as part of a case in which the state accused an individual of a series of crimes owing to his post published on social media. The defendant claimed he had merely liked the post.
Further south, the Karnataka High Court dismissed a petition by a leading fintech payments company that refused to provide police with requested information related to a 2022 online sports betting case. In the 29 April decision, the court said, "confidentiality must coexist with accountability" and the "submissions of the petitioner's counsel that information that is to be kept confidential need not be divulged, cannot be accepted. The protection of consumer privacy cannot eclipse the lawful imperative of investigating officers to secure evidence and take the investigation to its logical conclusion."
Meanwhile, some interesting reports were published, including one on the AI front. The government of India has been investing and encouraging AI initiatives and capacity building. The IndiaAI mission was made a budget allocation last year of 100 billion rupees, nearly half of which was allocated towards building computing capacity in the country. A recent "State of AI Governance" report by the Takshashila institution cautions that bureaucratic processes may leave the computing infrastructure underutilized.
Another report by Thales security said that 73% of respondents from India are investing in AI-specific security tools while 60% of respondents identify future encryption compromise as one of the major concerns around quantum computing security threats.
A third report titled "How AI is Reshaping the Financial Planning Profession" was from FPSB India, the Indian subsidiary of the Financial Planning Standards Board, that captured financial planners' responses on the use of AI. The report said that despite the benefits, the planners had reservations regarding the use of AI, with 47% citing data privacy and cybersecurity concerns. Further, "about 42% of financial companies' top executives are still concerned about the accuracy and reliability of AI outputs."
All in all, the further we march forward with AI and data, the more new problems we encounter that need to be resolved.
Shivangi Nadkarni is senior vice president and general manager, digital governance at Persistent Systems Ltd.
This article originally appeared in the Asia-Pacific Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.
