Since data allows us to price risk more accurately and, at the same time allows us to offer incentives for appropriate behaviour, it is a very useful tool for insurers looking to achieve optimal risk pooling. However, if we take it too far we risk ending up in a surveillance society.
The introduction of the term Consent Manager in the Digital Personal Data Protection Act gave rise to considerable speculation. No other data protection law had anything like it, and the law itself was unclear as to what role these entities played. Now that the Rules are with us, things are a little clearer.
There is an urgent need to re-design our energy grid to take better advantage of all that digital has to offer. A recent paper describes how we can add a digital layer to existing infrastructure and use this digital energy grid to unlock greater efficiencies. But in order to realise this goal we will need a shift in our regulatory mindset.
Even though the number of users online has steadily increased over the years, conversations have grown increasingly stilted and subdued. This is the Fermi’s Paradox of the online world - even though there are so many of us are online we chose to keep our heads down, knowing that if we don’t, we run the risk of becoming a target for trolls.
Last week the UIDAI initiated a process by which private-sector access to the authentication infrastructure would be restored. I have every hope that this will create a new ecosystem of identity service providers that will enable a range of different services - in particular in relation to obligations under the Digital Personal Data Protection Act.
Narrowly targeting laws to specific countries or companies can have unintended consequences. They can push customers in different directions or serve as an unanticipated impetus for entrepreneurs to think of new and innovative approaches. In both instances, the outcomes are unexpected.
It has been over a year since we started to deploy DPI across the globe and it has not been easy. Despite global endorsements and multilateral commitments, actual deployment is hard. But looking back it is quite remarkable how much we have actually managed to achieve.
The Report on the Regulatory Framework for AI in India strikes the right mix of agile governance and light-touch supervision. However, its reliance on regulatory principles from the Global North could end up stifling innovation. We need to develop a framework that aligns more closely with our interests.
The much awaited Digital Personal Data Protection Rules are finally with us and, with that the final piece of the puzzle is in place. While there is a lot to unpack, overall, the Rules follow the Act in terms of simplicity - adding just enough to make it complete without complicating things unduly. That said, there are a few issues that still need to be sorted out.
My last column of the year has traditionally been a review of technology policy developments of the year gone by. Even though I had hoped to see the data protection law come into force, at the time of writing it still has not. And so, instead of privacy, the year was dominated by developments in DPI and AI.
