Where do Industries stand today on DPDPA?

Yesterday, I attended a ETCIO conference on Data Analytics and AI in Bengaluru. One of the takeaways from the conference is that while many exciting developments seem to be happening on the use of Data Analytics with the use of AI in consumer facing industries, there seems to be little appreciation of the impact of DPDPA on the current practices of Personal Data usage in the industry.

Most of the companies which included the likes of Myntra, PayU and many others discussed how they are leveraging Data Analytics and AI for better user experience as well as productivity.

In the discussions it was clear that most of the companies donot seem to have factored in the advent of the DPDPA 2023 in their implementation strategies.

It seems that it is a long long journey before the concept of Privacy by design is considered by these companies since the commercial benefits of current practices of “Free for all PII processing” are overwhelming. Most of them are sitting on a pile of legacy data without consent which is being processed and converted into business intelligence. Though many may claim that the usage is anonymous, it is difficult to believe.

The DPOs in these companies will have an uphill task in bringing in brining discipline in the PII processing of these companies. The difficulty of building a Privacy Compliance culture in the euphoria of the Data Analytics with AI is evident.

The Conference noted that the combination of Data Analytics and AI leads to Intelligence2 . But Naavi did remind the assembly that the Square root of Intelligence2  could be postive or negative value of (intelligence), as per the principles of Complex numbers, hinting the DPDPA risk that needs to be confronted.

Not sure if the message has been assimilated by the assembly. But it is clear that if the Government wants, they can fill up some of the budgetary deficit by strictly implementing DPDPA in the first few years when almost all companies will be found short of compliance. I wish the industry wakes up before it is too late.

The DPB also has the uphill task of making companies realize their responsibilities in ensuring Compliance by Design through some strict action as soon as they become operative.

At the same time it appears that the time for DGPSI has come and it is time for us to declare that DGPSI is the corporate mantra for the AI era.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.