An Analysis On Artificial Intelligence And Data Privacy In India

Akshaya R, Assistant Professor & Research Scholar, VISTAS

Devadharshini V.V, BBA LLB, VISTAS

Introduction

Artificial Intelligence (AI) is transforming industries and governance in India, enabling automation, predictive analytics, and real-time decision-making. However, AI relies on vast amounts of personal data, raising serious concerns about data privacy, security, and individual rights. The Indian legal framework, including the Digital Personal Data Protection Act, 2023 (DPDP Act), aims to regulate data privacy, but it lacks AI-specific provisions addressing issues such as automated decision-making, consent mechanisms, algorithmic bias, and surveillance risks. AI-powered technologies, such as facial recognition, predictive policing, and biometric authentication, challenge traditional legal notions of privacy and accountability. The Justice K.S. Puttaswamy v. Union of India (2017) judgment recognized the Right to Privacy as a fundamental right, but India’s current data protection laws do not fully regulate AI’s impact on privacy. Who owns AI-generated data? Who is liable for AI-driven privacy breaches? How can India ensure transparency in AI decision-making? These are crucial legal questions that remain unresolved. To create a balanced AI governance framework, India must ensure that AI innovation aligns with privacy rights, ethical considerations, and accountability mechanisms. This requires a strong regulatory foundation, drawing insights from international legal frameworks such as the EU’s General

Data Protection Regulation (GDPR) and the proposed AI Act.

Regulatory Framework for AI and Data Privacy in India Artificial Intelligence (AI) is revolutionizing various industries, including healthcare, finance, and governance. However, its rapid development raises significant concerns regarding data privacy and protection. In India, the primary legal framework governing data privacy is the Digital Personal Data Protection Act, 2023 (DPDP Act), which aims to regulate the processing of personal data by entities using AI. The DPDP Act introduces principles such as data minimization, purpose limitation, and user consent. However, it does not specifically address AI-related concerns such as automated decision-making, profiling, and algorithmic bias. This raises questions about whether existing laws are sufficient to regulate AI-powered data processing. Additionally, India's Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 offer some data protection measures, but they do not explicitly govern AI technologies. A major issue is the lack of AI- specific legislation. In contrast, global frameworks like the EU’s General Data Protection Regulation (GDPR) and the AI Act proposed by the European Union explicitly address AI- driven data privacy concerns. India must consider whether additional regulations are needed to govern AI ethics, transparency, and accountability. Furthermore, regulatory agencies such as the Data Protection Board of India (DPB) and sectoral regulators like the Reserve Bank of India (RBI) and Securities and Exchange Board of India (SEBI) play crucial roles in ensuring compliance. The challenge remains in balancing innovation and privacy protection while preventing misuse of AI-driven data processing.