The much awaited Digital Personal Data Protection Rules are finally with us and, with that the final piece of the puzzle is in place. While there is a lot to unpack, overall, the Rules follow the Act in terms of simplicity - adding just enough to make it complete without complicating things unduly. That said, there are a few issues that still need to be sorted out.
My last column of the year has traditionally been a review of technology policy developments of the year gone by. Even though I had hoped to see the data protection law come into force, at the time of writing it still has not. And so, instead of privacy, the year was dominated by developments in DPI and AI.
While it is generally advisable to anonymise health data, doing so at population scale would allow us benefit from secondary usese of data. The ABDM envisages this but by additionally deploying Secure Data Environments it should be possible to augment the level of data protection.
There are many who claim that the harms AI can cause can only be addressed by a new legislation specifically designed to address them. That said existing laws have, more often than not, been framed in terms that are broad enough to deal with these harms regardless of the technology that caused them.
AI is a probalistic, non-deterministic technology. This is the reason why it is capable of doing much of what we appreciate it for. However, this does not align with our legal system that is binary in application. We need to rethink our approach to liability if we are to avail the benefits of AI.
AI is a probalistic, non-deterministic technology. This is the reason why it is capable of doing much of what we appreciate it for. However, this does not align with our legal system that is binary in application. We need to rethink our approach to liability if we are to avail the benefits of AI.
The Account Aggregator system has implemented most data protection principles directly into code. With one exception - use limitation. A recent paper offers a technical solution to this problem through sharding and confidential multiparty compute.
In the rush to embed AI into their practice, most law firms have not realised how disruptive this could be to the way in which the business of law has traditionally operated. If we replace junior lawyers with AI that can do their work, how will we train the senior lawyers we need?
The individual agency that privacy laws offer were designed for a time before networked privacy. As a result we cannot just rely on laws and regulations to protect our data but need to do considerable additional work to secure it.
As we rely more and more on AI for information it is almost inevitable that companies will try to game the answer these AI chatbots provide to ensure that information favourable to them bubbles to the top. This has already begun to happen and it is only a matter of time before AI optimisation replaces SEO.
