Authored by Samridhi Talwar, a 3rd year student at School of Law and Legal Studies, GGSIPU, New Delhi.
Introduction
Artificial Intelligence is an umbrella term for the diverse computational techniques and related processes and procedures that are devoted to enhancing the proficiency and abilities of machines to simulate and execute tasks that require intelligence and prudent human behavior. It results in the improved implementation of critical and complex functions efficiently and effectively with narrower room for error.
AI has already begun engulfing the Indian market, which is on the brink of technological upheaval and will eventually revolutionize the manner of our existence. It is rapidly paving its way to the public and private sectors alike. The government of India began incorporating AI in the public sector since 2017 by making endeavors including setting up a task force for AI and developing a national strategy - #AIFORALL to harness AI in India. NITI Aayog also recommended AIRAWAT, an AI-explicit computer framework for meeting the processing needs of students, researchers, start-ups, and innovation hubs. The private sector tech giants including Google, Amazon, Apple, Facebook, etc. possess a head-start in making the most of AI in multifarious fields such as hospitality, healthcare, gadgets, law, automobiles, etc.
While there has been a massive development on the account of Artificial Intelligence, the concerns have been raised on its breach on people’s privacy. Privacy has become an imperative part of our society. It has been a mammoth concern for the civil society, business units, academia, and government alike. The right to privacy is a first-generation human right and has been recognized as a fundamental right in various international conventions including Article 17 of the International Convention on Civil and Political Rights (ICCPR) and Article 12 of the Universal Declaration of Human Rights (UDHR). The UDHR defines the right to privacy as – “no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence …. Everyone has the right to the protection of the law against such interference or attacks.”
Most nations across the world recognize and grant the right to privacy to their citizens. In India, the right to privacy is intrinsically rooted in the Right to Life and Personal Liberty under Article 21 of the Constitution. The Supreme Court explicitly recognized the Right to privacy in the case of Justice K.S. Puttaswamy v Union of India. Privacy has kaleidoscopic facets including bodily privacy, territorial privacy, data and information privacy, etc.
Legal lacunae on data privacy in India
The European Union (EU) enacted the General Data Protection Regulation (GDPR) as holistic legislation concerned with the processing of personal data. It expressly states the rights and obligations of the involved parties and entails the ground norms for the protection of data privacy across Europe.
The Indian legal system is bereft of a comprehensive and condign legal framework to protect the consumers’ privacy and data from Artificial Intelligence. India is yet in the speculation phase for enacting a data privacy regime. Presently, the only recourse available for the protection of personal data is Section 43A of the Information and Technology Act, 2000 (IT Act). However, this provision is inadequate and limited to scarcely sensitive, personal data.
Abrogating for the lack of data protection, the B.N Srikrishna Committee presented the draft Personal Data Protection Bill, 2019 (The Bill). The Bill is inspired by the GDPR and emphasized on the cardinality of individual consent while sharing data. The Bill states that personal data ought to be processed justly, fairly and reasonably. It also entails the exercise of the Right to be Forgotten i.e. the right to prohibit and impede the prevailing disclosure of personal information and data.
Artificial Intelligence and its conflict with privacy
Artificial Intelligence is attaining its zenith in India, as our dependence on AI mushrooms drastically. With the rampant advancements of artificial intelligence, the right to privacy needs to garner greater paramount. In this era of AI and information, privacy swivels on an individual’s ability to oversee how his/her data is stored, adjusted, and disseminated to various parties.
Any decision concerning the application of AI needs to be in concord with the right to privacy as it has a profound impact on this fundamental right. Despite AI being a revolutionary weapon on the verge of being harnessed, it cannot obviate privacy. Thus, this technological gizmo raises various crucial questions on its rapport with the right to privacy.
The first issue that AI raises against privacy is regarding the facial and voice recognition software. Facial and voice recognition has become a norm in identification due to AI. However, the ease that these identification methods bring is accompanied by the prospects of acutely jeopardizing an individual’s anonymity in the public domain. If not handled properly, facial and voice recognition could prove to be an extremely invasive pseudonym for non-consented surveillance.
For instance, FaceTagr and Smart Policing are facial recognition software used by Chennai and Punjab police respectively to create a criminal database including anybody who merely looks suspicious. This application has inherent issues that compromise the privacy of a person and result in false arrests based on the systematic bias of the police. Moreover, this software's are devoid of any safeguards that would hinder their misuse. The Chinese authorities are putting the facial recognition AI software to use and are making actual arrests for petty crimes. Similarly, the FBI has one-click access to around 412 million images for search, which goes hand in glove with the increasing reports of bias by police such as the racial-bias. Moreover, the face detection feature on our phones and applications such as FindFace also raises questions on privacy due to the possibility of undue surveillance through them and the mammoth database that the service providers possess.
AI has the wherewithal to hoard and exploit data from multifarious consumer products ranging from computer and phone applications to smart home appliances. With an upsurge in our dependence on AI, our digital footprint is bound to maximize and the degree of malicious exploitation of data is bound to skyrocket. More often than not, people are oblivious to the violations of their right to privacy through the quantum of data generated, hoarded, processed, and disseminated by their devices. The internet has various watchdogs in the name of data intermediaries such as Facebook, Google, Amazon, WhatsApp, etc. and incidents of blatant violation of privacy by data intermediaries have been on a constant spur in the news. For instance, data of several users of Facebook was stored and wrongfully disseminated. DeepFake also created pornographic and politically misleading videos with innocent faces melded into bodies of different people.
Another issue around AI is regarding its capacity to use the data, that it hoarded or was fed as input, and extensively sort, classify, score, rank, and evaluate individuals based on this data. Such profiling is prima facie a blotch on the right to privacy and is also performed through AI usually sans the consent of the people being profiled. Moreover, the individuals are handicapped in the process of profiling as they cannot safeguard their privacy by challenging, altering, or affecting the aftermath of such profiling. Instances of AI-driven profiling include racial profiling while granting visas; segregating other migrants from genuine refugees; the profiling by Cambridge Analytica of Facebook users for the US elections; the unfathomable exercise of AI induced social scoring system in China that can limit a persons’ access to necessities like jobs, housing, loan, social services, etc.
Our devices not only hoard vulnerable data, but they can also be tools to localize, monitor, and track people through AI. For instance, internet traffic, GPS, and cell phone location have raised grave privacy infringements such as GPS stalking. Consequentially, your data, despite being anonymized can be de-anonymized by AI when it becomes a part of a larger data set. Thus, AI can blur the thin line between personal and public data, thereby infringing on the right to privacy of every person who owns and operates devices.
Equipped with intricate machine learning algorithms, AI can easily predict and infer sensitive personal data from data that is non-sensitive. Consequently, an individual’s ethnic identity, health, political notions, sexual orientation, etc. can conveniently be ascertained from merely their location data, activity log, and other such matrices. Such predictions are being heavily relied on in predictive policing software that often jeopardizes innocent people with false arrests. The AI predictions are blatant infringements of an individual’s privacy as the personal and sensitive information of most people is predicted without their consent for the benefit of a deep-pocketed third party.
Conclusion
The primary solution to balance privacy with AI is the implementation of the pending Personal Data Protection Bill including the right to be forgotten and erasure. The privacy policies and regulations in India must be lucid and understandable. A shift towards a rights-based approach could ameliorate the privacy policies rather than the present consent-based approach. A right-based approach pertains to the extent and manner of use of consensually obtained data of consumers.
In conclusion, Artificial Intelligence has metamorphosed from being science fiction to a ubiquitous part of our lives. However, AI cannot be appraised as an isolated algorithm or an effective and efficient tool or as a nonchalant technology. Instead, it is a paradoxical social system that should be balanced with constitutional provisions including the right to privacy.